Hi, Katana.
Thank you for the support and patience.
Back to proxy... Today I was, again, unable to reach MalwareRemoval.com directly. Thoroughly checked the hosts file, but didn't find MalwareRemoval over there.
Combo Fix stalled again. At least a nice, creative dotted blue screen instead of the hideous NT blue screen...
Here goes DSS and HJThis reports.
Deckard's System Scanner v20071014.68
Run by Guilherme on 2008-07-23 22:15:12
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- HijackThis (run as Guilherme.exe) -------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:15, on 2008-07-23
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Alwil Software\Avast4\ashDisp.exe
C:\Arquivos de programas\OO Software\CleverCache\OOCCCTRL.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Arquivos de programas\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Arquivos de programas\TweakRAM\TweakRAM.exe
C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
C:\Arquivos de programas\SpywareGuard\sgmain.exe
C:\Arquivos de programas\SpamPal\spampal.exe
C:\Arquivos de programas\OO Software\CleverCache\ooccag.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\SpywareGuard\sgbhp.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamtrayctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\ProcessExplorer_11.11\procexp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Guilherme\Desktop\Dackard'sSystemScanner_dss.exe
C:\ARQUIV~1\Trend Micro\HijackThis\Guilherme.exe
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL =
http://google.com.brR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.transconsult.com.brR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://google.com.brR1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
http://google.com.brR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://google.com.brR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://google.com.brR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.transconsult.com.brR1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL =
http://google.com.brR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://google.com.brR0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://google.com.brO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Arquivos de programas\FlashGet\jccatch.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Arquivos de programas\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\ARQUIV~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\ARQUIV~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [avast!] "C:\Arquivos de programas\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [OOCCCTRL.EXE] "C:\Arquivos de programas\OO Software\CleverCache\OOCCCTRL.EXE" /tasktray
O4 - HKCU\..\Run: [TweakRAM] C:\Arquivos de programas\TweakRAM\TweakRAM.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: SpamPal.lnk = C:\Arquivos de programas\SpamPal\spampal.exe
O4 - Global Startup: EyeLoveU.lnk.disabled
O4 - Global Startup: SpywareGuard.lnk = C:\Arquivos de programas\SpywareGuard\sgmain.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Arquivos de programas\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Arquivos de programas\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel -
res://C:\ARQUIV~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon -
res://C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) -
http://catalog.update.microsoft.com/v7/ ... 0274552997O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.microsoft.com/microso ... 8130972218O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/s ... wflash.cabO16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) -
https://wwws.realsecureweb.com.br/mpr/p ... ginABN.cabO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Arquivos de programas\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe
O23 - Service: Network Time Protocol Daemon (NTP) - Unknown owner - C:\Arquivos de programas\NTP\bin\ntpd.exe
O23 - Service: O&O CleverCache Agent (OOCleverCacheAgent) - O&O Software GmbH - C:\Arquivos de programas\OO Software\CleverCache\ooccag.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 9235 bytes
-- Files created between 2008-06-23 and 2008-07-23 -----------------------------
2008-07-22 23:23:30 0 d-------- C:\Arquivos de programas\SpamPal
2008-07-22 13:43:37 0 d-------- C:\WINDOWS\ERUNT
2008-07-22 09:06:37 0 d-------- C:\Documents and Settings\Guilherme\Start Menu
2008-07-22 09:03:32 68096 --a------ C:\WINDOWS\zip.exe
2008-07-22 09:03:32 49152 --a------ C:\WINDOWS\VFind.exe
2008-07-22 09:03:32 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-22 09:03:32 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-22 09:03:32 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-22 09:03:32 98816 --a------ C:\WINDOWS\sed.exe
2008-07-22 09:03:32 80412 --a------ C:\WINDOWS\grep.exe
2008-07-22 09:03:32 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-22 08:57:33 0 dr-hs---- C:\cmdcons
2008-07-22 08:56:55 0 d-------- C:\WINDOWS\setupupd
2008-07-20 09:56:25 0 d-------- C:\Arquivos de programas\Malwarebytes' Anti-Malware
2008-07-20 09:44:55 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-07-19 08:59:42 0 d-------- C:\Arquivos de programas\Trend Micro
2008-07-18 16:43:40 0 d-------- C:\Arquivos de programas\Panda Security
2008-07-14 15:12:55 0 d-------- C:\Documents and Settings\Guilherme\Application Data\ZTEEVDO
2008-07-11 16:19:26 22528 --a------ C:\WINDOWS\system32\RHMMPLAY.DLL <Not Verified; Blue Sky Software Corp.; WinHelp Video Player 32Bit>
2008-07-11 16:19:06 430080 --a------ C:\WINDOWS\system32\MSREPL35.DLL <Not Verified; Microsoft Corporation; Microsoft® Access>
2008-07-11 16:19:06 0 d-------- C:\Arquivos de programas\SDL International
2008-07-11 16:19:05 40960 --a------ C:\WINDOWS\system32\SSubTmr6.dll <Not Verified; vbAccelerator; SSubTmr6>
2008-07-11 16:19:05 24848 --a------ C:\WINDOWS\system32\MSJTER35.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-07-11 16:19:05 123664 --a------ C:\WINDOWS\system32\MSJINT35.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-07-11 16:19:04 252176 --a------ C:\WINDOWS\system32\MSRD2X35.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-07-11 16:19:04 1233680 --a------ C:\WINDOWS\system32\MSJT4JLT.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-07-11 16:19:03 1046288 --a------ C:\WINDOWS\system32\MSJET35.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-07-11 16:19:02 36352 --a------ C:\WINDOWS\system32\SX32W.DLL
2008-07-11 16:19:02 92672 --a------ C:\WINDOWS\system32\haspvb32.dll <Not Verified; Aladdin Knowledge Systems.; Win32 DLL for Microsoft Visual Basic>
2008-07-11 16:19:02 159744 --a------ C:\WINDOWS\system32\cNewMenu6.dll <Not Verified; vbAccelerator; vbAccelerator PopupMenu Active X DLL>
2008-07-11 16:19:02 110592 --a------ C:\WINDOWS\system32\ccrpbds6.dll <Not Verified; Common Controls Replacement Project (CCRP); CCRPBrowseDlgSvr6.BrowseDialog>
2008-07-06 07:30:53 0 d-------- C:\Documents and Settings\Guilherme\Application Data
2008-07-06 07:30:53 0 d-------- C:\Documents and Settings\Guilherme\Application Data\Microsoft
2008-07-02 10:23:46 0 d-------- C:\WINDOWS\system32\DRM
2008-06-30 09:17:06 0 d-------- C:\Arquivos de programas\Google
2008-06-24 22:40:04 0 d-------- C:\Arquivos de programas\EyeLoveU 3.5
-- Find3M Report ---------------------------------------------------------------
2008-07-23 10:58:45 0 d-------- C:\Documents and Settings\Guilherme\Dados de aplicativos\Skype
2008-07-23 08:42:13 0 d-------- C:\Arquivos de programas\Trillian
2008-07-23 08:12:34 0 d-------- C:\Documents and Settings\Guilherme\Dados de aplicativos\SpamPal
2008-07-23 00:57:08 0 d-------- C:\Arquivos de programas\FlashGet
2008-07-20 09:56:31 0 d-------- C:\Documents and Settings\Guilherme\Dados de aplicativos\Malwarebytes
2008-07-19 14:00:47 0 d-------- C:\Arquivos de programas\Fresh RAM
2008-07-17 14:57:31 0 d-------- C:\Arquivos de programas\CrossLoop
2008-07-11 16:19:02 0 d--h----- C:\Arquivos de programas\InstallShield Installation Information
2008-07-05 18:29:09 0 d-------- C:\Arquivos de programas\SpywareBlaster
2008-07-05 17:30:28 0 d-------- C:\Documents and Settings\Guilherme\Dados de aplicativos\Babylon
2008-07-05 10:21:33 0 d-------- C:\Documents and Settings\Guilherme\Dados de aplicativos\Trados
2008-07-05 08:11:37 0 d-------- C:\Arquivos de programas\Skype
2008-07-05 08:10:46 0 d-------- C:\Documents and Settings\Guilherme\Dados de aplicativos\skypePM
2008-06-30 09:19:03 0 d-------- C:\Documents and Settings\Guilherme\Dados de aplicativos\Google
2008-06-23 20:41:22 105 --a------ C:\WINDOWS\Selu305.dll
2008-06-22 13:07:23 0 d-------- C:\Arquivos de programas\Power Translator 11
2008-06-20 10:33:12 0 d-------- C:\Arquivos de programas\MagicISO
2008-06-18 13:52:09 0 d-------- C:\Arquivos de programas\TweakRAM
2008-06-16 19:14:49 0 d-------- C:\Arquivos de programas\Leitor Digital
2008-06-15 17:53:08 25992 --a------ C:\WINDOWS\system32\pgdfgsvc.exe <Not Verified; Sysinternals -
http://www.sysinternals.com; Page File Defragmenter>
2008-06-15 16:00:43 0 d-------- C:\Arquivos de programas\LogMeIn
2008-06-15 13:53:11 0 d-------- C:\Arquivos de programas\SpywareGuard
2008-06-15 12:39:01 23 --ahs---- C:\WINDOWS\system32\abaddadbef7_z.dll
2008-06-15 12:38:53 0 d-------- C:\Arquivos de programas\jv16 PowerTools 2008
2008-06-13 17:49:06 0 d-------- C:\Arquivos de programas\TRADOS
2008-06-11 21:15:59 0 d-------- C:\Arquivos de programas\Arquivos comuns
2008-06-11 21:15:59 0 d-------- C:\Arquivos de programas\Arquivos comuns\Data Dynamics
2008-06-11 21:15:51 0 d-------- C:\Arquivos de programas\Arquivos comuns\ATRIL
2008-06-05 06:28:17 0 d-------- C:\Documents and Settings\Guilherme\Dados de aplicativos\Real
2008-06-05 06:23:32 0 d-------- C:\Arquivos de programas\Arquivos comuns\xing shared
2008-06-05 06:23:26 0 d-------- C:\Arquivos de programas\Arquivos comuns\Real
2008-06-05 06:22:54 0 d-------- C:\Arquivos de programas\Real
2008-06-05 05:54:21 0 d-------- C:\Arquivos de programas\GbPlugin
2008-05-31 20:49:22 0 d-------- C:\Arquivos de programas\palmOne
2008-05-31 20:21:59 0 d-------- C:\Documents and Settings\Guilherme\Dados de aplicativos\Leadertech
2008-05-31 20:16:55 0 d-------- C:\Documents and Settings\Guilherme\Dados de aplicativos\HotSync
2008-05-28 20:46:40 0 d-------- C:\Arquivos de programas\CoolSMS
2008-05-28 09:01:35 0 d-------- C:\Arquivos de programas\GridMove
2008-05-25 09:18:01 0 d-------- C:\Arquivos de programas\Microsoft Silverlight
2008-05-25 08:55:32 0 d-------- C:\Arquivos de programas\Alwil Software
2008-05-08 19:39:58 474552 --a------ C:\WINDOWS\system32\perfh016.dat
2008-05-08 19:39:58 80302 --a------ C:\WINDOWS\system32\perfc016.dat
2008-05-04 20:18:15 4990 --a------ C:\WINDOWS\system32\ukeyvdd.dll
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\Arquivos de programas\Alwil Software\Avast4\ashDisp.exe" [2008-05-15 20:19]
"OOCCCTRL.EXE"="C:\Arquivos de programas\OO Software\CleverCache\OOCCCTRL.exe" [2007-01-28 15:08]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TweakRAM"="C:\Arquivos de programas\TweakRAM\TweakRAM.exe" [2007-09-15 07:52]
"SpybotSD TeaTimer"="C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43]
C:\Documents and Settings\Guilherme\Menu Iniciar\Programas\Inicializar\
SpamPal.lnk - C:\Arquivos de programas\SpamPal\spampal.exe [2005-10-24 20:08:06]
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\
EyeLoveU.lnk.disabled [2008-06-27 08:58:24]
SpywareGuard.lnk - C:\Arquivos de programas\SpywareGuard\sgmain.exe [2003-08-29 19:05:35]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= C:\Arquivos de programas\Qualcomm\Eudora\EuShlExt.dll [2006-08-17 14:57 86016]
"{E37CB5F0-51F5-4395-A808-5FA49E399007}"= C:\ARQUIV~1\GbPlugin\gbiehabn.dll [2008-06-04 15:52 369064]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginAbn]
C:\ARQUIV~1\GbPlugin\gbiehabn.dll 2008-06-04 15:52 369064 C:\ARQUIV~1\GbPlugin\gbiehabn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2008-05-28 12:32 87352 C:\WINDOWS\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ZTE Wireless Terminal"="C:\Arquivos de programas\AIKO 76E\bin\App.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"VTTimer"=VTTimer.exe
"DXDllRegExe"=dxdllreg.exe
"<NO NAME>"=
"HP Component Manager"="C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc
*Newly Created Service* - MBAMDRVSERVICE
-- End of Deckard's System Scanner: finished at 2008-07-23 22:16:10 ------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:24, on 2008-07-23
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Alwil Software\Avast4\ashDisp.exe
C:\Arquivos de programas\OO Software\CleverCache\OOCCCTRL.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Arquivos de programas\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Arquivos de programas\TweakRAM\TweakRAM.exe
C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
C:\Arquivos de programas\SpywareGuard\sgmain.exe
C:\Arquivos de programas\SpamPal\spampal.exe
C:\Arquivos de programas\OO Software\CleverCache\ooccag.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\SpywareGuard\sgbhp.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamtrayctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\ProcessExplorer_11.11\procexp.exe
C:\WINDOWS\notepad.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL =
http://google.com.brR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.transconsult.com.brR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://google.com.brR1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
http://google.com.brR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://google.com.brR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://google.com.brR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.transconsult.com.brR1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL =
http://google.com.brR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://google.com.brR0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://google.com.brO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Arquivos de programas\FlashGet\jccatch.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Arquivos de programas\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\ARQUIV~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\ARQUIV~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [avast!] "C:\Arquivos de programas\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [OOCCCTRL.EXE] "C:\Arquivos de programas\OO Software\CleverCache\OOCCCTRL.EXE" /tasktray
O4 - HKCU\..\Run: [TweakRAM] C:\Arquivos de programas\TweakRAM\TweakRAM.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: SpamPal.lnk = C:\Arquivos de programas\SpamPal\spampal.exe
O4 - Global Startup: EyeLoveU.lnk.disabled
O4 - Global Startup: SpywareGuard.lnk = C:\Arquivos de programas\SpywareGuard\sgmain.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Arquivos de programas\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Arquivos de programas\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel -
res://C:\ARQUIV~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon -
res://C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) -
http://catalog.update.microsoft.com/v7/ ... 0274552997O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.microsoft.com/microso ... 8130972218O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/s ... wflash.cabO16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) -
https://wwws.realsecureweb.com.br/mpr/p ... ginABN.cabO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Arquivos de programas\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe
O23 - Service: Network Time Protocol Daemon (NTP) - Unknown owner - C:\Arquivos de programas\NTP\bin\ntpd.exe
O23 - Service: O&O CleverCache Agent (OOCleverCacheAgent) - O&O Software GmbH - C:\Arquivos de programas\OO Software\CleverCache\ooccag.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 9252 bytes
Hijack This Uninstall List
Adobe Acrobat 8.1.2 Professional
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
AIKO 76E
Arquivo do WinRAR
Atualização de Segurança para o Windows Media Player 11 (KB936782)
Atualização de Segurança para Windows Internet Explorer 7 (KB938127)
Atualização de Segurança para Windows Internet Explorer 7 (KB950759)
Atualização de Segurança para Windows XP (KB923789)
Atualização de Segurança para Windows XP (KB941569)
Atualização de Segurança para Windows XP (KB950760)
Atualização de Segurança para Windows XP (KB950762)
Atualização de Segurança para Windows XP (KB951376)
Atualização de Segurança para Windows XP (KB951376-v2)
Atualização de Segurança para Windows XP (KB951698)
Atualização de Segurança para Windows XP (KB951748)
Atualização para Windows XP (KB951978)
Avanquest update
avast! Antivirus
Babylon
Better File Rename 5.1
Cliente do Windows Rights Management com Service Pack 2
Compatibilidade com Versões Anteriores do Cliente do Windows Rights Management SP2
Conexant HD Audio
CoolSMS 2.06 beta
CrossLoop 2.20
CuteFTP 8 Professional
Deja Vu X
Diskeeper 2008 Pro Premier
Eudora
EyeLoveU 3.5.4
FlashGet(JetCar)
Fresh RAM
Google Earth
GridMove V1.19.53
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix para o Windows Media Player 11 (KB939683)
Hotfix para Windows Internet Explorer 7 (KB947864)
HP Image Zone 3.5
HP PSC & OfficeJet 3.5
HP Software Update
HP USB Disk Storage Format Tool
Java(TM) 6 Update 5
jv16 PowerTools 2008
Leitor Digital 2.1.1
LogMeIn
Magic ISO Maker v5.5 (build 0261)
Malwarebytes' Anti-Malware
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Brazilian Portuguese Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Language Pack - PTB
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Brazilian Portuguese Language Pack
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edição 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Motorola Driver Installation
Motorola Phone Tools
Mozilla Firefox (2.0.0.14)
Mozilla Firefox (3.0.1)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
Nero 8
neroxml
Network Time Protocol
O&O CleverCache
Pacote de Idiomas do Português (Brasil) para Microsoft .NET Framework 3.0
Pacote de Provedor de Serviços de Criptografia para o Microsoft Base Smart Card
palmOne
Panda ActiveScan 2.0
PDF Password Remover v3.0
PhotoScape
Power Manager 2.2.1
RealPlayer
ScanSoft OmniPage 16
ScanSoft PDF Create! 4
SDL TRADOS 7 Freelance
SDLX
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Skype™ 3.8
Soft Data Fax Modem with SmartCP
SpamPal
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
SpywareBlaster 4.1
SpywareGuard v2.2
The Bat! Professional v4.0.20
Total Uninstall 4.8.0
Trillian
TweakRAM
VCRedistSetup
VeryPDF PDF2Word v3.0
VIA Gerenciador de dispositivo de plataforma
VIA Rhine-Family Fast-Ethernet Adapter
VIA/S3G Display Driver 6.14.10.0078
Windows Imaging Component
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Presentation Foundation Language Pack (PTB)
Windows Workflow Foundation BR Language Pack
Windows XP Service Pack 3
XML Paper Specification Shared Components Language Pack 1.0
--
End of file
StartupList report, 2008-07-23, 22:26:42
StartupList version: 1.52.2
Started from : C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.EXE
Detected: Windows XP SP3 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.6000.16674)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Alwil Software\Avast4\ashDisp.exe
C:\Arquivos de programas\OO Software\CleverCache\OOCCCTRL.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Arquivos de programas\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Arquivos de programas\TweakRAM\TweakRAM.exe
C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
C:\Arquivos de programas\SpywareGuard\sgmain.exe
C:\Arquivos de programas\SpamPal\spampal.exe
C:\Arquivos de programas\OO Software\CleverCache\ooccag.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\SpywareGuard\sgbhp.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamtrayctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\ProcessExplorer_11.11\procexp.exe
C:\WINDOWS\notepad.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Startup:
[C:\Documents and Settings\Guilherme\Menu Iniciar\Programas\Inicializar]
SpamPal.lnk = C:\Arquivos de programas\SpamPal\spampal.exe
Shell folders AltStartup:
*Folder not found*
User shell folders Startup:
*Folder not found*
User shell folders AltStartup:
*Folder not found*
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar]
EyeLoveU.lnk.disabled
SpywareGuard.lnk = C:\Arquivos de programas\SpywareGuard\sgmain.exe
Shell folders Common AltStartup:
*Folder not found*
User shell folders Common Startup:
*Folder not found*
User shell folders Alternate Common Startup:
*Folder not found*
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*
[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*
[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
avast! = "C:\Arquivos de programas\Alwil Software\Avast4\ashDisp.exe"
OOCCCTRL.EXE = "C:\Arquivos de programas\OO Software\CleverCache\OOCCCTRL.EXE" /tasktray
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TweakRAM = C:\Arquivos de programas\TweakRAM\TweakRAM.exe
SpybotSD TeaTimer = C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
[OptionalComponents]
*No values found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command
(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*
--------------------------------------------------
File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command
(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1
--------------------------------------------------
Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)
[<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] *
StubPath = C:\WINDOWS\system32\ieudinit.exe
[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP
[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub
[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll
[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
--------------------------------------------------
Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps
*Registry key not found*
--------------------------------------------------
Load/Run keys from C:\WINDOWS\WIN.INI:
load=*INI section not found*
run=*INI section not found*
Load/Run keys from Registry:
HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry key not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry key not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=*Registry key not found*
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Checking for EXPLORER.EXE instances:
C:\WINDOWS\Explorer.exe: PRESENT!
C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present
--------------------------------------------------
Checking for superhidden extensions:
.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden
--------------------------------------------------
Verifying REGEDIT.EXE integrity:
- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1 %*)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Editor do Registro'
Registry check passed
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Arquivos de programas\FlashGet\jccatch.dll - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7}
SpywareGuard Download Protection - C:\Arquivos de programas\SpywareGuard\dlprotect.dll - {4A368E80-174F-4872-96B5-0B27DDD11DB2}
(no name) - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
G-Buster Browser Defense ABN AMRO - C:\ARQUIV~1\GbPlugin\gbiehabn.dll - {C41A1C0E-EA6C-11D4-B1B8-444553540007}
(no name) - C:\ARQUIV~1\FlashGet\getflash.dll - {F156768E-81EF-470C-9057-481BA8380DBA}
--------------------------------------------------
Enumerating Task Scheduler jobs:
*No jobs found*
--------------------------------------------------
Enumerating Download Program Files:
[MUCatalogWebControl Class]
InProcServer32 = C:\WINDOWS\system32\MicrosoftUpdateCatalogWebControl.dll
CODEBASE =
http://catalog.update.microsoft.com/v7/ ... 0274552997[MUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\muweb.dll
CODEBASE =
http://www.update.microsoft.com/microso ... 8130972218[Java Plug-in 1.6.0_05]
InProcServer32 = C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
CODEBASE =
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab[Java Plug-in 1.6.0_05]
InProcServer32 = C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
CODEBASE =
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab[Java Plug-in 1.6.0_05]
InProcServer32 = C:\Arquivos de programas\Java\jre1.6.0_05\bin\npjpi160_05.dll
CODEBASE =
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx
CODEBASE =
http://fpdownload2.macromedia.com/get/s ... wflash.cab[GbPluginObj Class]
InProcServer32 = C:\ARQUIV~1\GbPlugin\gbiehabn.dll
CODEBASE =
https://wwws.realsecureweb.com.br/mpr/p ... ginABN.cab--------------------------------------------------
Enumerating Winsock LSP files:
NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll
Protocol #16: C:\WINDOWS\system32\mswsock.dll
Protocol #17: C:\WINDOWS\system32\mswsock.dll
--------------------------------------------------
Enumerating Windows NT/2000/XP services
Microsoft ACPI Driver: system32\DRIVERS\ACPI.sys (system)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD: \SystemRoot\System32\drivers\afd.sys (system)
Alerta: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)
Serviço 'Gateway de camada de aplicativo': %SystemRoot%\System32\alg.exe (manual start)
Gerenciamento de aplicativo: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Atheros Wireless Network Adapter Service: system32\DRIVERS\ar5211.sys (manual start)
Atheros AR5008 Wireless Network Adapter Service: system32\DRIVERS\athw.sys (manual start)
Serviço de estado do ASP.NET: %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (manual start)
aswFsBlk: system32\DRIVERS\aswFsBlk.sys (autostart)
avast! iAVS4 Control Service: "C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe" (autostart)
Driver de mídia assíncrona RAS: system32\DRIVERS\asyncmac.sys (manual start)
Controlador de disco rígido padrão IDE/ESDI: system32\DRIVERS\atapi.sys (system)
Protocolo de cliente ATM ARP: system32\DRIVERS\atmarpc.sys (manual start)
Áudio do Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Driver de fragmento de código de áudio: system32\DRIVERS\audstub.sys (manual start)
avast! Antivirus: "C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe" (autostart)
avast! Mail Scanner: "C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (manual start)
avast! Web Scanner: "C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (manual start)
Serviço de transferência inteligente de plano de fundo: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Localizador de computadores: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
catchme: \??\C:\DOCUME~1\GUILHE~1\CONFIG~1\Temp\catchme.sys (manual start)
Driver de CD-ROM: system32\DRIVERS\cdrom.sys (system)
Serviço de indexação: C:\WINDOWS\system32\cisvc.exe (autostart)
Área de armazenamento: %SystemRoot%\system32\clipsrv.exe (disabled)
.NET Runtime Optimization Service v2.0.50727_X86: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (manual start)
Microsoft ACPI Control Method Battery Driver: system32\DRIVERS\CmBatt.sys (manual start)
Microsoft Composite Battery Driver: system32\DRIVERS\compbatt.sys (system)
Aplicativo de sistema COM+: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Serviços de criptografia: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Inicializador de Processo de Servidor DCOM: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
Cliente DHCP: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Driver de disco: system32\DRIVERS\disk.sys (system)
Diskeeper: "C:\Arquivos de programas\Diskeeper Corporation\Diskeeper\DkService.exe" (autostart)
Serviço administrativo do gerenciador de disco lógico: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
Logical Disk Manager Driver: System32\drivers\dmio.sys (system)
dmload: System32\drivers\dmload.sys (system)
Gerenciador de discos lógicos: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
Cliente DNS: %SystemRoot%\system32\svchost.exe -k NetworkService (manual start)
Configuração Automática com Fio: %SystemRoot%\System32\svchost.exe -k dot3svc (manual start)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
Serviço de EAP (Extensible Authentication Protocol): %SystemRoot%\System32\svchost.exe -k eapsvcs (manual start)
Erro ao informar o serviço: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Log de eventos: %SystemRoot%\system32\services.exe (autostart)
Sistema de eventos COM+: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start)
Compatibilidade com 'Troca rápida de usuário': %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
VIA Rhine-Family Fast-Ethernet Adapter Driver Service: system32\DRIVERS\fetnd5bv.sys (manual start)
VIA Rhine-Family Fast Ethernet Adapter Driver Service: system32\DRIVERS\fetnd5bv.sys (manual start)
VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver: system32\DRIVERS\fetnd5.sys (manual start)
FLEXnet Licensing Service: "C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
Windows Presentation Foundation Font Cache 3.0.0.0: C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (manual start)
Volume Manager Driver: system32\DRIVERS\ftdisk.sys (system)
Classificador genérico de pacotes: system32\DRIVERS\msgpc.sys (manual start)
Microsoft UAA Function Driver for High Definition Audio Service: system32\drivers\CHDAud.sys (manual start)
Driver de Barramento Microsoft UAA para High Definition Audio: system32\DRIVERS\HDAudBus.sys (manual start)
Ajuda e suporte: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
HID Input Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Driver de classe HID da Microsoft: system32\DRIVERS\hidusb.sys (manual start)
Serviço de Gerenciamento de Certificados e Chaves de Integridade: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
IEEE-1284.4 Driver HPZid412: system32\DRIVERS\HPZid412.sys (manual start)
Print Class Driver for IEEE-1284.4 HPZipr12: system32\DRIVERS\HPZipr12.sys (manual start)
USB to IEEE-1284.4 Translation Driver HPZius12: system32\DRIVERS\HPZius12.sys (manual start)
HSFHWAZL: system32\DRIVERS\HSFHWAZL.sys (manual start)
HSF_DPV: system32\DRIVERS\HSF_DPV.sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
Teclado i8042 e driver de porta de mouse PS/2: system32\DRIVERS\i8042prt.sys (system)
InstallDriver Table Manager: "C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe" (manual start)
Windows CardSpace: "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" (manual start)
Driver de filtro de criação de CDs: system32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\system32\imapi.exe (manual start)
Driver de Processador Intel: system32\DRIVERS\intelppm.sys (system)
Driver de IPv6 do Firewall do Windows: system32\drivers\ip6fw.sys (manual start)
Driver de filtro de tráfego IP: system32\DRIVERS\ipfltdrv.sys (manual start)
Driver de encapsulamento IP em IP: system32\DRIVERS\ipinip.sys (manual start)
Conversor de endereços de rede IP: system32\DRIVERS\ipnat.sys (manual start)
Driver IPSEC: system32\DRIVERS\ipsec.sys (system)
Serviço enumerador IR: system32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: system32\DRIVERS\isapnp.sys (system)
Keyboard Class Driver: system32\DRIVERS\kbdclass.sys (system)
Keyboard HID Driver: system32\DRIVERS\kbdhid.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Servidor: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Estação de trabalho: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Auxiliar NetBIOS TCP/IP: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
LogMeIn Kernel Information Provider: \??\C:\Arquivos de programas\LogMeIn\x86\RaInfo.sys (autostart)
LogMeIn Maintenance Service: "C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe" (disabled)
lmimirr: system32\DRIVERS\lmimirr.sys (manual start)
LogMeIn Remote File System Driver: \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (autostart)
LogMeIn: "C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe" (disabled)
MBAMDrvService: \??\C:\WINDOWS\system32\drivers\mbam.sys (autostart)
MBAMService: "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe" (autostart)
Machine Debug Manager: "C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE" (autostart)
mdmxsdk: system32\DRIVERS\mdmxsdk.sys (autostart)
Mensageiro: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
Compartilhamento remoto da área de trabalho do NetMeeting: C:\WINDOWS\system32\mnmsrvc.exe (manual start)
Motorola USB CDC ACM Driver: system32\DRIVERS\motmodem.sys (manual start)
Mouse Class Driver: system32\DRIVERS\mouclass.sys (system)
Mouse HID Driver: system32\DRIVERS\mouhid.sys (manual start)
Redirecionador do cliente WebDav: system32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: system32\DRIVERS\mrxsmb.sys (system)
Coordenador de transações distribuídas: C:\WINDOWS\system32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
Proxy de serviço de fluxo contínuo Microsoft: system32\drivers\MSKSSRV.sys (manual start)
Proxy do relógio de fluxo contínuo Microsoft: system32\drivers\MSPCLOCK.sys (manual start)
Proxy de gerenciador de qualidade de fluxo contínuo Microsoft: system32\drivers\MSPQM.sys (manual start)
Driver de BIOS de Gerenciamento de Sistema Microsoft: system32\DRIVERS\mssmbios.sys (manual start)
Agente de Proteção de Acesso à Rede: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Driver TAPI NDIS de acesso remoto: system32\DRIVERS\ndistapi.sys (manual start)
Protocolo de modo de usuário E/S em dispositivos NDIS: system32\DRIVERS\ndisuio.sys (manual start)
Driver de rede remota NDIS de acesso remoto: system32\DRIVERS\ndiswan.sys (manual start)
Nero BackItUp Scheduler 3: C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe (manual start)
Interface NetBIOS: system32\DRIVERS\netbios.sys (system)
NetBios em Tcpip: system32\DRIVERS\netbt.sys (system)
DDE de rede: %SystemRoot%\system32\netdde.exe (disabled)
DSDM de DDE de rede: %SystemRoot%\system32\netdde.exe (disabled)
Logon de rede: %SystemRoot%\system32\lsass.exe (manual start)
Conexões de rede: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Net.Tcp Port Sharing Service: "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" (disabled)
Reconhecimento de local da rede (NLA): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
NMIndexingService: "C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe" (manual start)
Fornecedor de suporte de segurança NT LM: %SystemRoot%\system32\lsass.exe (manual start)
Armazenamento removível: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Network Time Protocol Daemon: C:\Arquivos de programas\NTP\bin\ntpd.exe -M -g -c "C:\Arquivos de programas\NTP\etc\ntp.conf" (autostart)
Driver de filtro de tráfego IPX: system32\DRIVERS\nwlnkflt.sys (manual start)
Driver encaminhador de tráfego IPX: system32\DRIVERS\nwlnkfwd.sys (manual start)
O&O CleverCache Agent: "C:\Arquivos de programas\OO Software\CleverCache\ooccag.exe" (autostart)
Office Source Engine: "C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE" (manual start)
PalmUSBD: system32\drivers\PalmUSBD.sys (manual start)
pavboot: system32\drivers\pavboot.sys (system)
PCI Bus Driver: system32\DRIVERS\pci.sys (system)
PCIIde: system32\DRIVERS\pciide.sys (system)
PLFlash DeviceIoControl Service: C:\WINDOWS\system32\IoctlSvc.exe (autostart)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
Pml Driver HPZ12: C:\WINDOWS\system32\HPZipm12.exe (manual start)
Serviços IPSEC: %SystemRoot%\system32\lsass.exe (autostart)
Miniporta de rede remota (PPTP): system32\DRIVERS\raspptp.sys (manual start)
Armazenamento protegido: %SystemRoot%\system32\lsass.exe (autostart)
Agendador de pacotes QoS: system32\DRIVERS\psched.sys (manual start)
Driver de link paralelo direto: system32\DRIVERS\ptilink.sys (manual start)
Driver de conexão automática de acesso remoto: system32\DRIVERS\rasacd.sys (system)
Gerenciador de conexão de acesso remoto automático: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Miniporta de rede remota (L2TP): system32\DRIVERS\rasl2tp.sys (manual start)
Gerenciador de conexão de acesso remoto: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Driver PPPOE de acesso remoto: system32\DRIVERS\raspppoe.sys (manual start)
Paralelo direto: system32\DRIVERS\raspti.sys (manual start)
Rdbss: system32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Driver redirecionador de dispositivos doTerminal Server: system32\DRIVERS\rdpdr.sys (manual start)
Gerenciador de sessão de ajuda de área de trabalho remota: C:\WINDOWS\system32\sessmgr.exe (manual start)
Driver de filtro de reprodução de áudio digital de CD: system32\DRIVERS\redbook.sys (system)
Roteamento e acesso remoto: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
Registro remoto: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
Alocador Remote Procedure Call (RPC): %SystemRoot%\system32\locator.exe (manual start)
Chamada de procedimento remoto (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\system32\rsvp.exe (manual start)
S3GIGP: system32\DRIVERS\S3gIGPm.sys (manual start)
Gerenciador de contas de segurança: %SystemRoot%\system32\lsass.exe (autostart)
Cartão inteligente: %SystemRoot%\System32\SCardSvr.exe (manual start)
Agendador de tarefas: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: system32\DRIVERS\secdrv.sys (manual start)
Logon secundário: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Notificação de eventos de sistema: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Firewall do Windows/Compartilhamento de Conexão com a Internet (ICS): %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Detecção do hardware do shell: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Spooler de impressão: %SystemRoot%\system32\spoolsv.exe (autostart)
sptd: System32\Drivers\sptd.sys (system)
Driver de filtro de restauração do sistema: system32\DRIVERS\sr.sys (system)
Serviço de restauração do sistema: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Srv: system32\DRIVERS\srv.sys (manual start)
Serviço de descoberta SSDP: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
StarWind AE Service: C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (autostart)
Assistente de aquisição de imagens do Windows (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (autostart)
Software Bus Driver: system32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{8789480F-1354-48BA-A56B-A40AE7D13594} (manual start)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Logs e alertas de desempenho: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telefonia: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Driver de protocolo TCP/IP: system32\DRIVERS\tcpip.sys (system)
Driver de dispositivo de terminal: system32\DRIVERS\termdd.sys (system)
Serviços de terminal: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Temas: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Telnet: C:\WINDOWS\system32\tlntsvr.exe (disabled)
Cliente de rastreamento de link distribuído: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Filtro Microsoft AGPv3.5: system32\DRIVERS\uagp35.sys (system)
Conexant Setup API: system32\DRIVERS\UIUSYS.SYS (manual start)
Microcode Update Driver: system32\DRIVERS\update.sys (manual start)
Host de dispositivo Plug and Play universal: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
Sistema de alimentação ininterrupta: %SystemRoot%\System32\ups.exe (disabled)
Microsoft USB Generic Parent Driver: system32\DRIVERS\usbccgp.sys (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32\DRIVERS\usbehci.sys (manual start)
Microsoft USB Standard Hub Driver: system32\DRIVERS\usbhub.sys (manual start)
USB Security Key: system32\DRIVERS\usbkey.sys (manual start)
Microsoft USB PRINTER Class: system32\DRIVERS\usbprint.sys (manual start)
USB Scanner Driver: system32\DRIVERS\usbscan.sys (manual start)
USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: system32\DRIVERS\usbuhci.sys (manual start)
Controlador de vídeo VGA.: \SystemRoot\System32\drivers\vga.sys (system)
ViaIde: system32\DRIVERS\viaide.sys (system)
Cópia de volume em memória: %SystemRoot%\System32\vssvc.exe (manual start)
Horário do Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Driver ARP IP de acesso remoto: system32\DRIVERS\wanarp.sys (manual start)
Wdf01000: system32\DRIVERS\Wdf01000.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
Cliente da Web: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
winachsf: system32\DRIVERS\HSF_CNXT.sys (manual start)
WINIO: \??\C:\WINDOWS\system32\WinIo.sys (system)
Testador de instrumentação de gerenciam. do Windows: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Serviço de Número de Série de Mídia Portátil: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Extensões de driver de instrum. gerenc. do Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Adaptador de desempenho WMI: C:\WINDOWS\system32\wbem\wmiapsrv.exe (manual start)
Windows Media Player Network Sharing Service: C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe (manual start)
Central de Segurança: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Atualizações Automáticas: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Windows Driver Foundation - User-mode Driver Framework Platform Driver: system32\DRIVERS\WudfPf.sys (manual start)
Windows Driver Foundation - User-mode Driver Framework Reflector: system32\DRIVERS\wudfrd.sys (manual start)
Windows Driver Foundation - User-mode Driver Framework: %SystemRoot%\system32\svchost.exe -k WudfServiceGroup (manual start)
Configuração zero sem fio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Serviço de Configuração de Rede: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
ZTE USB Device for Legacy Serial Communication: system32\DRIVERS\zteusbser.sys (manual start)
--------------------------------------------------
Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*
Windows NT checkdisk command:
BootExecute = autocheck autochk *
Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
UPnPMonitor: C:\WINDOWS\system32\upnpui.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
*Registry key not found*
--------------------------------------------------
End of report, 38,356 bytes
Report generated in 0.265 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only