Logo Hardware.com.br
TmfeijoMMonroe
TmfeijoMMonr... Cyber Highlander Registrado
13.7K Mensagens 4.2K Curtidas

Atualização de Drivers pode ter causado infecção?

#1 Por TmfeijoMMonr... 31/01/2012 - 18:23
Bom final de tarde !


Em uma atualização de drivers; possível ser infectado?
Pois meu sistema após este feito; se fico mais ou menos 30 minutos sem utilizar o mesmo ;ora apaga a tela ora reinicia .


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:23:02, on 31/01/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
D:\Windows\system32\Dwm.exe
D:\Windows\Explorer.EXE
D:\Windows\system32\taskhost.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Mozilla Firefox\plugin-container.exe
D:\Users\Edson Luis\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - D:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\Windows\system32\Ati2evxx.exe
O23 - Service: Panda Cloud Antivirus Service (NanoServiceMain) - Panda Security, S.L. - D:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe

--
End of file - 2423 bytes


Abraços
atualizacao sistema drivers bom causado infeccao apos tarde ora
Responder
TmfeijoMMonroe
TmfeijoMMonr... Cyber Highlander Registrado
13.7K Mensagens 4.2K Curtidas
#3 Por TmfeijoMMonr...
31/01/2012 - 22:35
Boa noite ! Meyer!


Foi daqui :

http://www.superdownloads.com.br/drivers/ati-radeon-9250.html


Estes logs acima e o abaixo já são/foram executados como administrador .

Seguem logs atualizados :


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:30:39, on 31/01/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
D:\Windows\system32\taskhost.exe
D:\Windows\system32\Dwm.exe
D:\Windows\Explorer.EXE
D:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\Program Files\Windows Live\Contacts\wlcomm.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Mozilla Firefox\plugin-container.exe
D:\Users\Edson Luis\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - D:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\Windows\system32\Ati2evxx.exe
O23 - Service: Panda Cloud Antivirus Service (NanoServiceMain) - Panda Security, S.L. - D:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe

--
End of file - 2622 bytes

Log com Generate StartupList log :



StartupList report, 31/01/2012, 22:33:06
StartupList version: 1.52.2
Started from : D:\Users\Edson Luis\Downloads\HijackThis.EXE
Detected: Windows 7 SP1 (WinNT 6.00.3505)
Detected: Internet Explorer v9.00 (9.00.8112.16421)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

D:\Windows\system32\taskhost.exe
D:\Windows\system32\Dwm.exe
D:\Windows\Explorer.EXE
D:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\Program Files\Windows Live\Contacts\wlcomm.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Mozilla Firefox\plugin-container.exe
D:\Users\Edson Luis\Downloads\HijackThis.exe
D:\Windows\system32\NOTEPAD.EXE
D:\Windows\system32\SearchFilterHost.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[D:\Users\Edson Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup]
*No files*

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup]
*No files*

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = D:\Windows\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ATIModeChange = Ati2mdxx.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

msnmsgr = "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
=

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\ComFile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = D:\Windows\System32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = %SystemRoot%\system32\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = D:\Windows\System32\ie4uinit.exe -UserIconConfig

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] *
StubPath = "D:\Windows\System32\rundll32.exe" "D:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = D:\Windows\System32\ie4uinit.exe -BaseSettings

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = D:\Windows\system32\Rundll32.exe D:\Windows\system32\mscories.dll,Install

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from D:\Windows\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=*Registry value not found*

--------------------------------------------------

Shell & screensaver key from D:\Windows\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=D:\Windows\system32\scrnsave.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

D:\Windows\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
D:\Windows\Explorer\Explorer.exe: not present
D:\Windows\System\Explorer.exe: not present
D:\Windows\System32\Explorer.exe: not present
D:\Windows\Command\Explorer.exe: not present
D:\Windows\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: NO!)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: *Registry key not found*
.shb: *Registry key not found*
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in D:\Windows
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename NOT OK: 'REGEDIT.EXE.MUI'
- File description: 'Registry Editor'

Registry check failed!

--------------------------------------------------

Enumerating Browser Helper Objects:

AcroIEHelperStub - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll - {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
(no name) - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6}

--------------------------------------------------

Enumerating Task Scheduler jobs:

GoogleUpdateTaskUserS-1-5-21-1153770135-315212651-112156911-1002Core.job
GoogleUpdateTaskUserS-1-5-21-1153770135-315212651-112156911-1002UA.job
SlimDrivers Startup.job

--------------------------------------------------

Enumerating Download Program Files:

[UnoCtrl Class]
InProcServer32 = D:\Windows\Downloaded Program Files\GAME_UNO1.dll
CODEBASE = http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab

[{8AD9C840-044E-11D1-B3E9-00805F499D93}]
CODEBASE = http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab

[MessengerStatsClient Class]
InProcServer32 = D:\Windows\Downloaded Program Files\MessengerStatsPAClient.dll
CODEBASE = http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

[{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}]
CODEBASE = http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab

[{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
CODEBASE = http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab

[Shockwave Flash Object]
InProcServer32 = D:\Windows\system32\Macromed\Flash\Flash11c.ocx
CODEBASE = http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: D:\Windows\system32\NLAapi.dll
NameSpace #2: D:\Windows\system32\napinsp.dll
NameSpace #3: D:\Windows\system32\pnrpnsp.dll
NameSpace #4: D:\Windows\system32\pnrpnsp.dll
NameSpace #5: D:\Windows\System32\mswsock.dll
NameSpace #6: D:\Windows\System32\winrnr.dll
NameSpace #7: D:\Windows\system32\wshbth.dll
Protocol #1: D:\Windows\system32\mswsock.dll
Protocol #2: D:\Windows\system32\mswsock.dll
Protocol #3: D:\Windows\system32\mswsock.dll
Protocol #4: D:\Windows\system32\mswsock.dll
Protocol #5: D:\Windows\system32\mswsock.dll
Protocol #6: D:\Windows\system32\mswsock.dll
Protocol #7: D:\Windows\system32\mswsock.dll
Protocol #8: D:\Windows\system32\mswsock.dll
Protocol #9: D:\Windows\system32\mswsock.dll
Protocol #10: D:\Windows\system32\mswsock.dll
Protocol #11: D:\Windows\system32\mswsock.dll
Protocol #12: D:\Windows\system32\mswsock.dll
Protocol #13: D:\Windows\system32\mswsock.dll
Protocol #14: D:\Windows\system32\mswsock.dll
Protocol #15: D:\Windows\system32\mswsock.dll
Protocol #16: D:\Windows\system32\mswsock.dll
Protocol #17: D:\Windows\system32\mswsock.dll
Protocol #18: D:\Windows\system32\mswsock.dll
Protocol #19: D:\Windows\system32\mswsock.dll
Protocol #20: D:\Windows\system32\mswsock.dll
Protocol #21: D:\Windows\system32\mswsock.dll
Protocol #22: D:\Windows\system32\mswsock.dll
Protocol #23: D:\Windows\system32\mswsock.dll
Protocol #24: D:\Windows\system32\mswsock.dll
Protocol #25: D:\Windows\system32\mswsock.dll
Protocol #26: D:\Windows\system32\mswsock.dll
Protocol #27: D:\Windows\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

1394 OHCI Compliant Host Controller: \SystemRoot\system32\drivers\1394ohci.sys (manual start)
360HookOem: system32\drivers\360HookOem.sys (system)
SAA713x TV Card Service: system32\DRIVERS\3xHybrid.sys (manual start)
Microsoft ACPI Driver: system32\drivers\ACPI.sys (system)
ACPI Power Meter Driver: \SystemRoot\system32\drivers\acpipmi.sys (manual start)
Adobe Acrobat Update Service: "D:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe" (autostart)
adp94xx: \SystemRoot\system32\DRIVERS\adp94xx.sys (manual start)
adpahci: \SystemRoot\system32\DRIVERS\adpahci.sys (manual start)
adpu320: \SystemRoot\system32\DRIVERS\adpu320.sys (manual start)
@%SystemRoot%\system32\aelupsvc.dll,-1: %systemroot%\system32\svchost.exe -k netsvcs (manual start)
@%systemroot%\system32\drivers\afd.sys,-1000: \SystemRoot\system32\drivers\afd.sys (system)
Intel AGP Bus Filter: \SystemRoot\system32\drivers\agp440.sys (manual start)
aic78xx: \SystemRoot\system32\DRIVERS\djsvs.sys (manual start)
@%SystemRoot%\system32\Alg.exe,-112: %SystemRoot%\System32\alg.exe (manual start)
aliide: \SystemRoot\system32\drivers\aliide.sys (manual start)
AMD AGP Bus Filter Driver: \SystemRoot\system32\drivers\amdagp.sys (manual start)
amdide: \SystemRoot\system32\drivers\amdide.sys (manual start)
AMD IO Driver: system32\DRIVERS\amdiox86.sys (manual start)
AMD K8 Processor Driver: \SystemRoot\system32\DRIVERS\amdk8.sys (manual start)
AMD Processor Driver: system32\DRIVERS\amdppm.sys (manual start)
amdsata: \SystemRoot\system32\drivers\amdsata.sys (manual start)
amdsbs: \SystemRoot\system32\DRIVERS\amdsbs.sys (manual start)
amdxata: system32\drivers\amdxata.sys (system)
@%systemroot%\system32\appidsvc.dll,-102: \SystemRoot\system32\drivers\appid.sys (manual start)
@%systemroot%\system32\appidsvc.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation (manual start)
@%systemroot%\system32\appinfo.dll,-100: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
@appmgmts.dll,-3250: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
arc: \SystemRoot\system32\DRIVERS\arc.sys (manual start)
arcsas: \SystemRoot\system32\DRIVERS\arcsas.sys (manual start)
ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (manual start)
@%systemroot%\system32\rascfg.dll,-32000: system32\DRIVERS\asyncmac.sys (manual start)
IDE Channel: system32\drivers\atapi.sys (system)
Ati HotKey Poller: %SystemRoot%\system32\Ati2evxx.exe (autostart)
ati2mtag: system32\DRIVERS\ati2mtag.sys (manual start)
@%SystemRoot%\system32\audiosrv.dll,-204: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@%SystemRoot%\system32\audiosrv.dll,-200: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (autostart)
@%SystemRoot%\system32\AxInstSV.dll,-103: %SystemRoot%\system32\svchost.exe -k AxInstSVGroup (manual start)
Broadcom NetXtreme II VBD: \SystemRoot\system32\DRIVERS\bxvbdx.sys (manual start)
Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0: system32\DRIVERS\b57nd60x.sys (manual start)
@%SystemRoot%\system32\bdesvc.dll,-100: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
@%SystemRoot%\system32\bfe.dll,-1001: %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork (autostart)
Background Intelligent Transfer Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
blbdrive: system32\DRIVERS\blbdrive.sys (system)
@%systemroot%\system32\browser.dll,-102: system32\DRIVERS\bowser.sys (manual start)
Brother USB Mass-Storage Lower Filter Driver: \SystemRoot\system32\DRIVERS\BrFiltLo.sys (manual start)
Brother USB Mass-Storage Upper Filter Driver: \SystemRoot\system32\DRIVERS\BrFiltUp.sys (manual start)
@%systemroot%\system32\browser.dll,-100: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Brother MFC Serial Port Interface Driver (WDM): \SystemRoot\System32\Drivers\Brserid.sys (manual start)
Brother WDM Serial driver: \SystemRoot\System32\Drivers\BrSerWdm.sys (manual start)
Brother MFC USB Fax Only Modem: \SystemRoot\System32\Drivers\BrUsbMdm.sys (manual start)
Brother MFC USB Serial WDM Driver: \SystemRoot\System32\Drivers\BrUsbSer.sys (manual start)
Bluetooth Enumerator Service: system32\DRIVERS\BthEnum.sys (manual start)
Bluetooth Modem Communications Driver: system32\DRIVERS\bthmodem.sys (manual start)
Bluetooth Device (Personal Area Network): system32\DRIVERS\bthpan.sys (manual start)
Bluetooth Port Driver: System32\Drivers\BTHport.sys (manual start)
Bluetooth Support Service: %SystemRoot%\system32\svchost.exe -k bthsvcs (autostart)
Bluetooth Radio USB Driver: System32\Drivers\BTHUSB.sys (manual start)
catchme: \??\D:\Users\EDSONL~1\AppData\Local\Temp\catchme.sys (manual start)
CD/DVD File System Reader: system32\DRIVERS\cdfs.sys (disabled)
CD-ROM Driver: system32\DRIVERS\cdrom.sys (system)
@%SystemRoot%\System32\certprop.dll,-11: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
Consumer IR Devices: \SystemRoot\system32\DRIVERS\circlass.sys (manual start)
@%SystemRoot%\system32\clfs.sys,-100: System32\CLFS.sys (system)
Microsoft .NET Framework NGEN v2.0.50727_X86: %systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (disabled)
Microsoft .NET Framework NGEN v4.0.30319_X86: D:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (autostart)
Microsoft ACPI Control Method Battery Driver: \SystemRoot\system32\DRIVERS\CmBatt.sys (manual start)
cmdide: \SystemRoot\system32\drivers\cmdide.sys (manual start)
: System32\Drivers\cng.sys (system)
Compbatt: \SystemRoot\system32\DRIVERS\compbatt.sys (manual start)
Composite Bus Enumerator Driver: \SystemRoot\system32\drivers\CompositeBus.sys (manual start)
@comres.dll,-947: %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Crcdisk Filter Driver: \SystemRoot\system32\DRIVERS\crcdisk.sys (disabled)
@%SystemRoot%\system32\cryptsvc.dll,-1001: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
@%systemroot%\system32\cscsvc.dll,-202: system32\drivers\csc.sys (system)
@%systemroot%\system32\cscsvc.dll,-200: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (disabled)
@oleres.dll,-5012: %SystemRoot%\system32\svchost.exe -k DcomLaunch (autostart)
@%SystemRoot%\system32\defragsvc.dll,-101: %SystemRoot%\system32\svchost.exe -k defragsvc (manual start)
@%systemroot%\system32\drivers\dfsc.sys,-101: System32\Drivers\dfsc.sys (system)
@%SystemRoot%\system32\dhcpcore.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted (autostart)
@%systemroot%\system32\drivers\discache.sys,-102: System32\drivers\discache.sys (system)
Disk Driver: system32\DRIVERS\disk.sys (system)
@%SystemRoot%\System32\dnsapi.dll,-101: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
@%systemroot%\system32\dot3svc.dll,-1102: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%systemroot%\system32\dps.dll,-500: %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork (autostart)
Microsoft Trusted Audio Drivers: system32\drivers\drmkaud.sys (manual start)
LDDM Graphics Subsystem: \SystemRoot\System32\drivers\dxgkrnl.sys (manual start)
@%systemroot%\system32\eapsvc.dll,-1: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Broadcom NetXtreme II 10 GigE VBD: \SystemRoot\system32\DRIVERS\evbdx.sys (manual start)
@%SystemRoot%\system32\efssvc.dll,-100: %SystemRoot%\System32\lsass.exe (autostart)
@%SystemRoot%\ehome\ehrecvr.exe,-101: %systemroot%\ehome\ehRecvr.exe (manual start)
@%SystemRoot%\ehome\ehsched.exe,-101: %systemroot%\ehome\ehsched.exe (manual start)
elxstor: \SystemRoot\system32\DRIVERS\elxstor.sys (manual start)
Microsoft Hardware Error Device Driver: \SystemRoot\system32\drivers\errdev.sys (manual start)
@%SystemRoot%\system32\wevtsvc.dll,-200: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (autostart)
@comres.dll,-2450: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Fax: %systemroot%\system32\fxssvc.exe (autostart)
Floppy Disk Controller Driver: system32\DRIVERS\fdc.sys (manual start)
@%systemroot%\system32\fdPHost.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
@%systemroot%\system32\fdrespub.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation (autostart)
VIA Rhine Family Fast Ethernet Adapter Driver: system32\DRIVERS\fetn62.sys (manual start)
@%SystemRoot%\system32\drivers\fileinfo.sys,-100: system32\drivers\fileinfo.sys (system)
@%SystemRoot%\system32\drivers\filetrace.sys,-10001: system32\drivers\filetrace.sys (manual start)
Floppy Disk Driver: system32\DRIVERS\flpydisk.sys (manual start)
@%SystemRoot%\system32\drivers\fltmgr.sys,-10001: system32\drivers\fltmgr.sys (system)
@%systemroot%\system32\FntCache.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation (autostart)
@%SystemRoot%\system32\PresentationHost.exe,-3309: %systemroot%\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (manual start)
@%SystemRoot%\system32\drivers\fsdepends.sys,-10001: System32\drivers\FsDepends.sys (manual start)
@%SystemRoot%\system32\drivers\fvevol.sys,-100: System32\DRIVERS\fvevol.sys (system)
Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms: \SystemRoot\system32\DRIVERS\gagp30kx.sys (manual start)
@gpapi.dll,-112: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Hauppauge Consumer Infrared Receiver: \SystemRoot\system32\drivers\hcw85cir.sys (manual start)
Microsoft UAA Bus Driver for High Definition Audio: \SystemRoot\system32\drivers\HDAudBus.sys (manual start)
HID UPS Battery Driver: \SystemRoot\system32\DRIVERS\HidBatt.sys (manual start)
Microsoft Bluetooth HID Miniport: \SystemRoot\system32\DRIVERS\hidbth.sys (manual start)
Microsoft Infrared HID Driver: \SystemRoot\system32\DRIVERS\hidir.sys (manual start)
@%SystemRoot%\System32\hidserv.dll,-101: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
Microsoft HID Class Driver: \SystemRoot\system32\drivers\hidusb.sys (manual start)
@%SystemRoot%\system32\kmsvc.dll,-6: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
@%SystemRoot%\System32\ListSvc.dll,-100: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%SystemRoot%\System32\provsvc.dll,-100: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (manual start)
HpSAMD: \SystemRoot\system32\drivers\HpSAMD.sys (manual start)
@%SystemRoot%\system32\drivers\http.sys,-1: system32\drivers\HTTP.sys (manual start)
@%systemroot%\system32\drivers\hwpolicy.sys,-101: System32\drivers\hwpolicy.sys (system)
i8042 Keyboard and PS/2 Mouse Port Driver: \SystemRoot\system32\drivers\i8042prt.sys (manual start)
Intel RAID Controller Windows 7: \SystemRoot\system32\drivers\iaStorV.sys (manual start)
@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8193: "%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" (manual start)
iirsp: \SystemRoot\system32\DRIVERS\iirsp.sys (manual start)
@%SystemRoot%\system32\ikeext.dll,-501: %systemroot%\system32\svchost.exe -k netsvcs (manual start)
intelide: \SystemRoot\system32\drivers\intelide.sys (manual start)
Intel Processor Driver: \SystemRoot\system32\DRIVERS\intelppm.sys (manual start)
@%systemroot%\system32\IPBusEnum.dll,-102: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%systemroot%\system32\rascfg.dll,-32013: system32\DRIVERS\ipfltdrv.sys (manual start)
@%SystemRoot%\system32\iphlpsvc.dll,-500: %SystemRoot%\System32\svchost.exe -k NetSvcs (disabled)
IPMIDRV: \SystemRoot\system32\drivers\IPMIDrv.sys (manual start)
IP Network Address Translator: System32\drivers\ipnat.sys (manual start)
@%SystemRoot%\system32\drivers\irenum.sys,-100: system32\drivers\irenum.sys (manual start)
isapnp: \SystemRoot\system32\drivers\isapnp.sys (manual start)
iScsiPort Driver: \SystemRoot\system32\drivers\msiscsi.sys (manual start)
Keyboard Class Driver: \SystemRoot\system32\drivers\kbdclass.sys (manual start)
Keyboard HID Driver: \SystemRoot\system32\drivers\kbdhid.sys (manual start)
@keyiso.dll,-100: %SystemRoot%\system32\lsass.exe (manual start)
: System32\Drivers\ksecdd.sys (system)
: System32\Drivers\ksecpkg.sys (system)
@comres.dll,-2946: %SystemRoot%\System32\svchost.exe -k NetworkServiceAndNoImpersonation (manual start)
@%systemroot%\system32\srvsvc.dll,-100: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
@%systemroot%\system32\wkssvc.dll,-100: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
Lbd: system32\DRIVERS\Lbd.sys (system)
Link-Layer Topology Discovery Mapper I/O Driver: system32\DRIVERS\lltdio.sys (autostart)
@%SystemRoot%\system32\lltdres.dll,-1: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
@%SystemRoot%\system32\lmhsvc.dll,-101: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted (autostart)
LSI_FC: \SystemRoot\system32\DRIVERS\lsi_fc.sys (manual start)
LSI_SAS: \SystemRoot\system32\DRIVERS\lsi_sas.sys (manual start)
LSI_SAS2: \SystemRoot\system32\DRIVERS\lsi_sas2.sys (manual start)
LSI_SCSI: \SystemRoot\system32\DRIVERS\lsi_scsi.sys (manual start)
@%systemroot%\system32\drivers\luafv.sys,-100: \SystemRoot\system32\drivers\luafv.sys (autostart)
@%SystemRoot%\ehome\ehres.dll,-15501: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation (disabled)
megasas: \SystemRoot\system32\DRIVERS\megasas.sys (manual start)
MegaSR: \SystemRoot\system32\DRIVERS\MegaSR.sys (manual start)
@%systemroot%\system32\mmcss.dll,-100: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
: system32\drivers\modem.sys (manual start)
Microsoft Monitor Class Function Driver Service: system32\DRIVERS\monitor.sys (manual start)
Mouse Class Driver: \SystemRoot\system32\drivers\mouclass.sys (manual start)
Mouse HID Driver: system32\DRIVERS\mouhid.sys (manual start)
@%SystemRoot%\system32\drivers\mountmgr.sys,-100: System32\drivers\mountmgr.sys (system)
Microsoft Malware Protection Driver: system32\DRIVERS\MpFilter.sys (system)
Microsoft Multi-Path Bus Driver: \SystemRoot\system32\drivers\mpio.sys (manual start)
Microsoft Malware Protection Network Driver: system32\DRIVERS\MpNWMon.sys (manual start)
@%SystemRoot%\system32\FirewallAPI.dll,-23092: System32\drivers\mpsdrv.sys (manual start)
@%SystemRoot%\system32\FirewallAPI.dll,-23090: %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork (autostart)
@%systemroot%\system32\webclnt.dll,-104: \SystemRoot\system32\drivers\mrxdav.sys (manual start)
@%systemroot%\system32\wkssvc.dll,-1002: system32\DRIVERS\mrxsmb.sys (manual start)
@%systemroot%\system32\wkssvc.dll,-1004: system32\DRIVERS\mrxsmb10.sys (manual start)
@%systemroot%\system32\wkssvc.dll,-1006: system32\DRIVERS\mrxsmb20.sys (manual start)
msahci: \SystemRoot\system32\drivers\msahci.sys (manual start)
Microsoft Multi-Path Device Specific Module: \SystemRoot\system32\drivers\msdsm.sys (manual start)
@comres.dll,-2797: %SystemRoot%\System32\msdtc.exe (manual start)
@%SystemRoot%\system32\drivers\mshidkmdf.sys,-100: \SystemRoot\System32\drivers\mshidkmdf.sys (manual start)
msisadrv: system32\drivers\msisadrv.sys (system)
@%SystemRoot%\system32\iscsidsc.dll,-5000: %systemroot%\system32\svchost.exe -k netsvcs (disabled)
@%SystemRoot%\system32\msimsg.dll,-27: %systemroot%\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: \SystemRoot\system32\drivers\mssmbios.sys (system)
Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)
Microsoft Input Configuration Driver: \SystemRoot\system32\DRIVERS\MTConfig.sys (manual start)
@%systemroot%\system32\drivers\mup.sys,-101: System32\Drivers\mup.sys (system)
Panda Cloud Antivirus Service: "D:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe" (autostart)
@%SystemRoot%\system32\qagentrt.dll,-6: %SystemRoot%\System32\svchost.exe -k NetworkService (disabled)
NativeWiFi Filter: system32\DRIVERS\nwifi.sys (manual start)
@%SystemRoot%\system32\drivers\ndis.sys,-200: system32\drivers\ndis.sys (system)
NDIS Capture LightWeight Filter: system32\DRIVERS\ndiscap.sys (manual start)
@%systemroot%\system32\rascfg.dll,-32001: system32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: system32\DRIVERS\ndisuio.sys (manual start)
@%systemroot%\system32\rascfg.dll,-32002: system32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: system32\DRIVERS\netbios.sys (system)
@%SystemRoot%\system32\drivers\netbt.sys,-2: System32\DRIVERS\netbt.sys (system)
@%SystemRoot%\System32\netlogon.dll,-102: %SystemRoot%\system32\lsass.exe (disabled)
@%SystemRoot%\system32\netman.dll,-109: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@D:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195: "D:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator (disabled)
@D:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197: D:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (disabled)
@%SystemRoot%\system32\netprofm.dll,-202: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
@D:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199: D:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (disabled)
@D:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8201: D:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (disabled)
nfrd960: \SystemRoot\system32\DRIVERS\nfrd960.sys (manual start)
Microsoft Network Inspection System: system32\DRIVERS\NisDrvWFP.sys (manual start)
@%SystemRoot%\System32\nlasvc.dll,-1: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
@%SystemRoot%\system32\nsisvc.dll,-200: %systemroot%\system32\svchost.exe -k LocalService (autostart)
@%SystemRoot%\system32\drivers\nsiproxy.sys,-2: system32\drivers\nsiproxy.sys (system)
nvraid: \SystemRoot\system32\drivers\nvraid.sys (manual start)
nvstor: \SystemRoot\system32\drivers\nvstor.sys (manual start)
NVIDIA nForce AGP Bus Filter: \SystemRoot\system32\drivers\nv_agp.sys (manual start)
1394 OHCI Compliant Host Controller (Legacy): \SystemRoot\system32\drivers\ohci1394.sys (manual start)
ONDA Proprietary USB Driver: system32\DRIVERS\ONDAusbmdm6k.sys (manual start)
ONDA NMEA Port: system32\DRIVERS\ONDAusbnmea.sys (manual start)
ONDA Diagnostic Port: system32\DRIVERS\ONDAusbser6k.sys (manual start)
ONDA VoUSB Port: system32\DRIVERS\ONDAusbvoice.sys (manual start)
@%SystemRoot%\system32\pnrpsvc.dll,-8004: %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet (manual start)
@%SystemRoot%\system32\p2psvc.dll,-8006: %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet (manual start)
Parallel port driver: system32\DRIVERS\parport.sys (manual start)
@%SystemRoot%\system32\drivers\partmgr.sys,-100: System32\drivers\partmgr.sys (system)
Parvdm: system32\DRIVERS\parvdm.sys (autostart)
@%SystemRoot%\system32\pcasvc.dll,-1: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
PCI Bus Driver: system32\drivers\pci.sys (system)
pciide: \SystemRoot\system32\drivers\pciide.sys (manual start)
pcmcia: \SystemRoot\system32\DRIVERS\pcmcia.sys (manual start)
Performance Counters for Windows Driver: System32\drivers\pcw.sys (system)
PEAUTH: system32\drivers\peauth.sys (autostart)
@%SystemRoot%\system32\peerdistsvc.dll,-9000: %SystemRoot%\System32\svchost.exe -k PeerDist (disabled)
@%systemroot%\system32\pla.dll,-500: %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork (manual start)
@%SystemRoot%\system32\umpnpmgr.dll,-100: %SystemRoot%\system32\svchost.exe -k DcomLaunch (autostart)
@%SystemRoot%\system32\pnrpauto.dll,-8002: %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet (manual start)
@%SystemRoot%\system32\pnrpsvc.dll,-8000: %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet (manual start)
@%SystemRoot%\System32\polstore.dll,-5010: %SystemRoot%\system32\svchost.exe -k NetworkServiceNetworkRestricted (manual start)
@%SystemRoot%\system32\umpo.dll,-100: %SystemRoot%\system32\svchost.exe -k DcomLaunch (autostart)
@%systemroot%\system32\rascfg.dll,-32006: system32\DRIVERS\raspptp.sys (manual start)
Processor Driver: \SystemRoot\system32\DRIVERS\processr.sys (manual start)
@%systemroot%\system32\profsvc.dll,-300: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
@%systemroot%\system32\psbase.dll,-300: %SystemRoot%\system32\lsass.exe (manual start)
@%SystemRoot%\System32\drivers\pacer.sys,-101: system32\DRIVERS\pacer.sys (system)
PSINAflt: system32\DRIVERS\PSINAflt.sys (autostart)
PSINFile: system32\DRIVERS\PSINFile.sys (autostart)
PSINKNC: system32\DRIVERS\psinknc.sys (system)
PSINProc: system32\DRIVERS\PSINProc.sys (autostart)
PSINProt: system32\DRIVERS\PSINProt.sys (autostart)
ql2300: \SystemRoot\system32\DRIVERS\ql2300.sys (manual start)
ql40xx: \SystemRoot\system32\DRIVERS\ql40xx.sys (manual start)
@%SystemRoot%\system32\qwave.dll,-1: %windir%\system32\svchost.exe -k LocalServiceAndNoImpersonation (manual start)
@%SystemRoot%\system32\drivers\qwavedrv.sys,-1: \SystemRoot\system32\drivers\qwavedrv.sys (manual start)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (manual start)
WAN Miniport (IKEv2): system32\DRIVERS\AgileVpn.sys (manual start)
@%Systemroot%\system32\rasauto.dll,-200: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
@%systemroot%\system32\rascfg.dll,-32005: system32\DRIVERS\rasl2tp.sys (manual start)
@%Systemroot%\system32\rasmans.dll,-200: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
@%systemroot%\system32\rascfg.dll,-32007: system32\DRIVERS\raspppoe.sys (manual start)
@%systemroot%\system32\sstpsvc.dll,-202: system32\DRIVERS\rassstp.sys (manual start)
@%systemroot%\system32\wkssvc.dll,-1000: system32\DRIVERS\rdbss.sys (system)
Remote Desktop Device Redirector Bus Driver: system32\DRIVERS\rdpbus.sys (manual start)
@%systemroot%\system32\DRIVERS\RDPCDD.sys,-100: System32\DRIVERS\RDPCDD.sys (system)
Terminal Server Device Redirector Driver: System32\drivers\rdpdr.sys (manual start)
@%systemroot%\system32\drivers\RDPENCDD.sys,-101: system32\drivers\rdpencdd.sys (system)
@%systemroot%\system32\drivers\RdpRefMp.sys,-101: system32\drivers\rdprefmp.sys (system)
Remote Desktop Video Miniport Driver: System32\drivers\rdpvideominiport.sys (manual start)
ReadyBoost: System32\drivers\rdyboost.sys (system)
@%Systemroot%\system32\mprdim.dll,-200: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
@regsvc.dll,-1: %SystemRoot%\system32\svchost.exe -k regsvc (manual start)
Bluetooth Device (RFCOMM Protocol TDI): system32\DRIVERS\rfcomm.sys (manual start)
RkPavproc1: \??\D:\Windows\system32\drivers\RkPavproc1.sys (manual start)
@%windir%\system32\RpcEpMap.dll,-1001: %SystemRoot%\system32\svchost.exe -k RPCSS (autostart)
@%systemroot%\system32\Locator.exe,-2: %SystemRoot%\system32\locator.exe (manual start)
@oleres.dll,-5010: %SystemRoot%\system32\svchost.exe -k rpcss (autostart)
Link-Layer Topology Discovery Responder: system32\DRIVERS\rspndr.sys (autostart)
s3cap: \SystemRoot\system32\drivers\vms3cap.sys (manual start)
@%SystemRoot%\system32\samsrv.dll,-1: %SystemRoot%\system32\lsass.exe (autostart)
SBP-2 Transport/Protocol Bus Driver: \SystemRoot\system32\drivers\sbp2port.sys (manual start)
@%SystemRoot%\System32\SCardSvr.dll,-1: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation (manual start)
@%SystemRoot%\System32\drivers\scfilter.sys,-11: System32\DRIVERS\scfilter.sys (manual start)
@%SystemRoot%\system32\schedsvc.dll,-100: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
@%SystemRoot%\System32\certprop.dll,-13: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
@%SystemRoot%\system32\sdrsvc.dll,-107: %SystemRoot%\system32\svchost.exe -k SDRSVC (manual start)
@%SystemRoot%\system32\seclogon.dll,-7001: %windir%\system32\svchost.exe -k netsvcs (autostart)
@%SystemRoot%\system32\Sens.dll,-200: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
@%SystemRoot%\System32\sensrsvc.dll,-1000: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation (manual start)
Serenum Filter Driver: system32\DRIVERS\serenum.sys (manual start)
Serial port driver: system32\DRIVERS\serial.sys (system)
Serial Mouse Driver: \SystemRoot\system32\DRIVERS\sermouse.sys (manual start)
@%SystemRoot%\System32\SessEnv.dll,-1026: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
SFF Storage Class Driver: \SystemRoot\system32\drivers\sffdisk.sys (manual start)
SFF Storage Protocol Driver for MMC: \SystemRoot\system32\drivers\sffp_mmc.sys (manual start)
SFF Storage Protocol Driver for SDBus: \SystemRoot\system32\drivers\sffp_sd.sys (manual start)
High-Capacity Floppy Disk Drive: \SystemRoot\system32\DRIVERS\sfloppy.sys (manual start)
@%SystemRoot%\system32\ipnathlp.dll,-106: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
@%SystemRoot%\System32\shsvcs.dll,-12288: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
SIS AGP Bus Filter: \SystemRoot\system32\drivers\sisagp.sys (manual start)
SiSRaid2: \SystemRoot\system32\DRIVERS\SiSRaid2.sys (manual start)
SiSRaid4: \SystemRoot\system32\DRIVERS\sisraid4.sys (manual start)
@%SystemRoot%\system32\tcpipcfg.dll,-50005: system32\DRIVERS\smb.sys (manual start)
@%SystemRoot%\system32\snmptrap.exe,-3: %SystemRoot%\System32\snmptrap.exe (disabled)
@%systemroot%\system32\spoolsv.exe,-1: %SystemRoot%\System32\spoolsv.exe (autostart)
@%SystemRoot%\system32\sppsvc.exe,-101: %SystemRoot%\system32\sppsvc.exe (autostart)
@%SystemRoot%\system32\sppuinotify.dll,-103: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
@%systemroot%\system32\srvsvc.dll,-102: System32\DRIVERS\srv.sys (manual start)
@%systemroot%\system32\srvsvc.dll,-104: System32\DRIVERS\srv2.sys (manual start)
: System32\DRIVERS\srvnet.sys (manual start)
@%systemroot%\system32\ssdpsrv.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation (manual start)
@%SystemRoot%\system32\sstpsvc.dll,-200: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
stexstor: \SystemRoot\system32\DRIVERS\stexstor.sys (manual start)
@%SystemRoot%\system32\wiaservc.dll,-9: %SystemRoot%\system32\svchost.exe -k imgsvc (manual start)
@%SystemRoot%\system32\vmstorfltres.dll,-1000: system32\drivers\vmstorfl.sys (system)
@%SystemRoot%\System32\StorSvc.dll,-100: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
storvsc: \SystemRoot\system32\drivers\storvsc.sys (manual start)
SWDUMon: system32\DRIVERS\SWDUMon.sys (manual start)
Software Bus Driver: \SystemRoot\system32\drivers\swenum.sys (manual start)
@%SystemRoot%\System32\swprv.dll,-103: %SystemRoot%\System32\svchost.exe -k swprv (manual start)
: System32\drivers\synth3dvsc.sys (manual start)
@%SystemRoot%\system32\sysmain.dll,-1000: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@%SystemRoot%\system32\TabSvc.dll,-100: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%SystemRoot%\system32\tapisrv.dll,-10100: %SystemRoot%\System32\svchost.exe -k NetworkService (manual start)
@%SystemRoot%\system32\tbssvc.dll,-100: %SystemRoot%\System32\svchost.exe -k LocalServiceAndNoImpersonation (manual start)
@%SystemRoot%\system32\tcpipcfg.dll,-50003: System32\drivers\tcpip.sys (system)
Microsoft IPv6 Protocol Driver: system32\DRIVERS\tcpip.sys (manual start)
TCP/IP Registry Compatibility: System32\drivers\tcpipreg.sys (autostart)
TDPIPE: system32\drivers\tdpipe.sys (manual start)
TDTCP: system32\drivers\tdtcp.sys (manual start)
@%SystemRoot%\system32\tcpipcfg.dll,-50004: system32\DRIVERS\tdx.sys (system)
Terminal Device Driver: \SystemRoot\system32\drivers\termdd.sys (system)
@%SystemRoot%\System32\termsrv.dll,-268: %SystemRoot%\System32\svchost.exe -k NetworkService (manual start)
@%SystemRoot%\System32\themeservice.dll,-8192: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
@%systemroot%\system32\mmcss.dll,-102: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
@%SystemRoot%\system32\trkwks.dll,-1: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@%SystemRoot%\servicing\TrustedInstaller.exe,-100: %SystemRoot%\servicing\TrustedInstaller.exe (manual start)
@%SystemRoot%\System32\DRIVERS\tssecsrv.sys,-101: System32\DRIVERS\tssecsrv.sys (manual start)
@%SystemRoot%\system32\drivers\tsusbflt.sys,-1: System32\drivers\tsusbflt.sys (manual start)
@%SystemRoot%\system32\drivers\tsusbhub.sys,-1: system32\drivers\tsusbhub.sys (manual start)
Microsoft Tunnel Miniport Adapter Driver: system32\DRIVERS\tunnel.sys (manual start)
Microsoft AGPv3.5 Filter: system32\DRIVERS\uagp35.sys (system)
udfs: system32\DRIVERS\udfs.sys (disabled)
@%SystemRoot%\system32\ui0detect.exe,-101: %SystemRoot%\system32\UI0Detect.exe (manual start)
Uli AGP Bus Filter: \SystemRoot\system32\drivers\uliagpkx.sys (manual start)
UMBus Enumerator Driver: \SystemRoot\system32\drivers\umbus.sys (manual start)
Microsoft UMPass Driver: \SystemRoot\system32\DRIVERS\umpass.sys (manual start)
@%SystemRoot%\system32\umrdp.dll,-1000: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%systemroot%\system32\upnphost.dll,-213: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation (manual start)
Microsoft USB Generic Parent Driver: system32\DRIVERS\usbccgp.sys (manual start)
eHome Infrared Receiver (USBCIR): \SystemRoot\system32\drivers\usbcir.sys (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32\DRIVERS\usbehci.sys (manual start)
Microsoft USB Standard Hub Driver: system32\DRIVERS\usbhub.sys (manual start)
Microsoft USB Open Host Controller Miniport Driver: \SystemRoot\system32\DRIVERS\usbohci.sys (manual start)
Microsoft USB PRINTER Class: system32\DRIVERS\usbprint.sys (manual start)
USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: system32\DRIVERS\usbuhci.sys (manual start)
@%SystemRoot%\system32\dwm.exe,-2000: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@%SystemRoot%\system32\vaultsvc.dll,-1003: %SystemRoot%\system32\lsass.exe (manual start)
VirtualBox Host-Only Ethernet Adapter: system32\DRIVERS\VBoxNetAdp.sys (manual start)
VirtualBox Bridged Networking Service: system32\DRIVERS\VBoxNetFlt.sys (manual start)
Microsoft Virtual Drive Enumerator Driver: system32\drivers\vdrvroot.sys (system)
@%SystemRoot%\system32\vds.exe,-100: %SystemRoot%\System32\vds.exe (manual start)
vga: system32\DRIVERS\vgapnp.sys (manual start)
: \SystemRoot\System32\drivers\vga.sys (system)
: System32\drivers\rdvgkmd.sys (manual start)
vhdmp: \SystemRoot\system32\drivers\vhdmp.sys (manual start)
VIA AGP Bus Filter: \SystemRoot\system32\drivers\viaagp.sys (manual start)
VIA C7 Processor Driver: \SystemRoot\system32\DRIVERS\viac7.sys (manual start)
viaide: system32\drivers\viaide.sys (system)
VIA AC'97 Audio Controller: system32\drivers\ac97via.sys (manual start)
@%SystemRoot%\system32\vmbusres.dll,-1000: system32\drivers\vmbus.sys (system)
VMBusHID: \SystemRoot\system32\drivers\VMBusHID.sys (manual start)
VMware Virtual Ethernet Adapter Driver: system32\DRIVERS\vmnetadapter.sys (manual start)
Volume Manager Driver: system32\drivers\volmgr.sys (system)
@%SystemRoot%\system32\drivers\volmgrx.sys,-100: System32\drivers\volmgrx.sys (system)
Storage volumes: system32\drivers\volsnap.sys (system)
vsmraid: \SystemRoot\system32\DRIVERS\vsmraid.sys (manual start)
@%systemroot%\system32\vssvc.exe,-102: %systemroot%\system32\vssvc.exe (manual start)
@%SystemRoot%\System32\drivers\vwifibus.sys,-257: \SystemRoot\System32\drivers\vwifibus.sys (manual start)
@%SystemRoot%\system32\w32time.dll,-200: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
Wacom Serial Pen HID Driver: \SystemRoot\system32\DRIVERS\wacompen.sys (manual start)
@%systemroot%\system32\rascfg.dll,-32011: system32\DRIVERS\wanarp.sys (manual start)
@%systemroot%\system32\rascfg.dll,-32012: system32\DRIVERS\wanarp.sys (system)
@%SystemRoot%\system32\Wat\WatUX.exe,-601: %SystemRoot%\system32\Wat\WatAdminSvc.exe (manual start)
@%systemroot%\system32\wbengine.exe,-104: "%systemroot%\system32\wbengine.exe" (manual start)
@%systemroot%\system32\wbiosrvc.dll,-100: %SystemRoot%\system32\svchost.exe -k WbioSvcGroup (manual start)
@%SystemRoot%\system32\wcncsvc.dll,-3: %SystemRoot%\System32\svchost.exe -k LocalServiceAndNoImpersonation (manual start)
@%SystemRoot%\system32\WcsPlugInService.dll,-200: %SystemRoot%\system32\svchost.exe -k wcssvc (manual start)
Wd: \SystemRoot\system32\DRIVERS\wd.sys (manual start)
Kernel Mode Driver Frameworks service: system32\drivers\Wdf01000.sys (system)
@%systemroot%\system32\wdi.dll,-502: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
@%systemroot%\system32\wdi.dll,-500: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%systemroot%\system32\webclnt.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
@%SystemRoot%\system32\wecsvc.dll,-200: %SystemRoot%\system32\svchost.exe -k NetworkService (manual start)
@%SystemRoot%\System32\wercplsupport.dll,-101: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
@%SystemRoot%\System32\wersvc.dll,-100: %SystemRoot%\System32\svchost.exe -k WerSvcGroup (manual start)
WFP Lightweight Filter: system32\DRIVERS\wfplwf.sys (system)
WIMMount: system32\drivers\wimmount.sys (manual start)
Windows Defender: %SystemRoot%\System32\svchost.exe -k secsvcs (manual start)
@%SystemRoot%\system32\winhttp.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
@%Systemroot%\system32\wbem\wmisvc.dll,-205: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
@%Systemroot%\system32\wsmsvc.dll,-101: %SystemRoot%\System32\svchost.exe -k NetworkService (manual start)
@%SystemRoot%\System32\wlansvc.dll,-257: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
Windows Live ID Sign-in Assistant: "D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" (autostart)
Microsoft Windows Management Interface for ACPI: \SystemRoot\system32\drivers\wmiacpi.sys (manual start)
@%Systemroot%\system32\wbem\wmiapsrv.exe,-110: %systemroot%\system32\wbem\WmiApSrv.exe (manual start)
@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101: "%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe" (autostart)
@%SystemRoot%\system32\wpcsvc.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted (manual start)
@%SystemRoot%\system32\wpdbusenum.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
Windows Socket 2.0 Non-IFS Service Provider Support Environment: \SystemRoot\system32\drivers\ws2ifsl.sys (disabled)
Security Center: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (autostart)
@%systemroot%\system32\SearchIndexer.exe,-103: %systemroot%\system32\SearchIndexer.exe /Embedding (autostart)
@%systemroot%\system32\wuaueng.dll,-105: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
User Mode Driver Frameworks Platform Driver: system32\drivers\WudfPf.sys (manual start)
WUDFRd: system32\DRIVERS\WUDFRd.sys (manual start)
@%SystemRoot%\system32\wudfsvc.dll,-1000: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@%SystemRoot%\System32\wwansvc.dll,-257: %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork (manual start)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: D:\Windows\system32\webcheck.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

End of report, 53.491 bytes
Report generated in 0,704 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


Obrigado
TmfeijoMMonroe
TmfeijoMMonr... Cyber Highlander Registrado
13.7K Mensagens 4.2K Curtidas
#5 Por TmfeijoMMonr...
01/02/2012 - 15:55
Boa tarde !

Combofix?
Sim; mas já faz algum tempo . Uma vez ou outra rodo por conta própria o mesmo e outras ferramentas aqui .

Comentando isto . Olha ! Rodei o ToolbarShooter e o mesmo detectou :


HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4
HKLM\SOFTWARE\Microsoft\RFC1156Agent
HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
HKLM\Software\Classes\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}
HKLM\Software\Classes\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}


Já foi suprimido :


=========== Informations ===========

Mis à jour le : 20/01/2012 à 19h45 par 2011N2
Rapport de suppression de ToolbarShooter par 2011N2
Contact : [EMAIL="lot12@hotmail.fr"]lot12@hotmail.fr[/EMAIL]
Site : http://2011n2.forumgratuit.fr/

Début du scan de suppression : 17:33:27

################################## Toolbars, pups et adwares néfastes supprimés ################################


Clé supprimée avec succès : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4
Clé supprimée avec succès : HKLM\SOFTWARE\Microsoft\RFC1156Agent
Clé supprimée avec succès : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Clé supprimée avec succès : HKLM\Software\Classes\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}
Clé supprimée avec succès : HKLM\Software\Classes\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}







======== Page de démarrage Internet Explorer ========

Page de démarrage d'Internet Explorer restaurée avec succès.

===================================

Fin du nettoyage : 17:40:27


======== EOF ========

Merci d'envoyer le rapport à cette adresse, en précisant la raison d'emploi de cet outil. Cela permettera au développeur d'effectuer d'éventuelles modifications : [EMAIL="lot12@hotmail.fr"]lot12@hotmail.fr[/EMAIL]

Merci de votre contribution !


L'ordinateur a été redémarré par l'utilisateur



Hoje executei a mesma ferramenta e gerou :


=========== Informations ===========

Mis à jour le : 20/01/2012 à 19h45 par 2011N2
Rapport de suppression de ToolbarShooter par 2011N2
Contact : [EMAIL="lot12@hotmail.fr"]lot12@hotmail.fr[/EMAIL]
Site : http://2011n2.forumgratuit.fr/

Début du scan de suppression : 15:54:53

################################## Toolbars, pups et adwares néfastes supprimés ################################


Clé supprimée avec succès : HKLM\Software\Classes\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}
Clé supprimée avec succès : HKLM\Software\Classes\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}







======== Page de démarrage Internet Explorer ========

Page de démarrage d'Internet Explorer restaurée avec succès.

===================================

Fin du nettoyage : 15:57:32


======== EOF ========

Merci d'envoyer le rapport à cette adresse, en précisant la raison d'emploi de cet outil. Cela permettera au développeur d'effectuer d'éventuelles modifications : [EMAIL="lot12@hotmail.fr"]lot12@hotmail.fr[/EMAIL]

Merci de votre contribution !


Meyer! . Conforme MP :




DDS (Ver_10-12-12.02) - NTFSx86
Run by Edson Luis at 22:35:11,85 on 02/02/2012
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.1.0
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.55.1033.18.512.91 [GMT -2:00]


============== Running Processes ===============

D:\Windows\system32\wininit.exe
D:\Windows\system32\lsm.exe
D:\Windows\system32\svchost.exe -k DcomLaunch
D:\Windows\system32\svchost.exe -k RPCSS
D:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
D:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
D:\Windows\system32\svchost.exe -k netsvcs
D:\Windows\system32\svchost.exe -k LocalService
D:\Windows\system32\svchost.exe -k NetworkService
D:\Windows\System32\spoolsv.exe
D:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
D:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
D:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
D:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
D:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
D:\Windows\system32\taskhost.exe
D:\Windows\system32\Dwm.exe
D:\Windows\Explorer.EXE
D:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\Windows\system32\SearchIndexer.exe
D:\Windows\system32\svchost.exe -k bthsvcs
D:\Program Files\Windows Media Player\wmpnetwk.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Mozilla Firefox\plugin-container.exe
D:\Program Files\Windows Live\Contacts\wlcomm.exe
D:\Users\Edson Luis\Downloads\dds.scr
D:\Windows\system32\conhost.exe
D:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uWindow Title =
uStart Page = hxxp://google.fr
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - d:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - d:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
uRun: [msnmsgr] "d:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [ATIModeChange] Ati2mdxx.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: AtiExtEvent - Ati2evxx.dll

================= FIREFOX ===================

FF - ProfilePath - d:\users\edsonl~1\appdata\roaming\mozilla\firefox\profiles\4ulg3p0t.default\
FF - prefs.js: browser.startup.homepage - www.google.com.br
FF - plugin: d:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: d:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: d:\users\edson luis\appdata\local\google\update\1.3.21.99\npGoogleUpdate3.dll

============= SERVICES / DRIVERS ===============

R0 360HookOem;360HookOem;d:\windows\system32\drivers\360HookOem.sys [2011-5-20 54912]
R3 3xHybrid;SAA713x TV Card Service;d:\windows\system32\drivers\3xHybrid.sys [2010-12-1 1141888]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;d:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

=============== Created Last 30 ================

2012-02-02 13:49:19 -------- d-----w- d:\users\edsonl~1\appdata\local\{2559CF92-BF1D-4ED9-B35B-A0894213EA77}
2012-02-02 13:48:51 -------- d-----w- d:\users\edsonl~1\appdata\local\{CAFCCDE9-B088-41F2-8249-E179494368BB}
2012-02-02 01:48:10 -------- d-----w- d:\users\edsonl~1\appdata\local\{E7CF4866-4CCE-4E5A-8BAF-CFE6471CB1FA}
2012-02-02 01:47:43 -------- d-----w- d:\users\edsonl~1\appdata\local\{19AD467E-CBEC-4F8B-B1F2-0541B735B19C}
2012-02-01 13:47:00 -------- d-----w- d:\users\edsonl~1\appdata\local\{95BDBFFB-0E44-43C0-9D6C-6F577ED3C338}
2012-02-01 13:46:47 -------- d-----w- d:\users\edsonl~1\appdata\local\{502DA006-73FC-4BE7-893C-213F4B3CC15A}
2012-02-01 00:19:47 -------- d-----w- d:\users\edsonl~1\appdata\local\{FD050AFE-B7A8-4391-9502-11A09F6E0B9A}
2012-02-01 00:19:19 -------- d-----w- d:\users\edsonl~1\appdata\local\{43C81EAD-B550-4D6B-81C8-71A0CA60A051}
2012-01-31 12:18:25 -------- d-----w- d:\users\edsonl~1\appdata\local\{817B539E-DB1D-4002-85A2-791FD12F379D}
2012-01-31 12:18:09 -------- d-----w- d:\users\edsonl~1\appdata\local\{2C68D956-57A2-4462-AB4D-CE9BB383479E}
2012-01-31 00:07:24 -------- d-----w- d:\users\edsonl~1\appdata\local\{98D3595F-0D88-4AB6-B533-086F50B45DFF}
2012-01-31 00:06:57 -------- d-----w- d:\users\edsonl~1\appdata\local\{3223D91F-F956-4E1A-BB8A-238A5CD4BDA0}
2012-01-30 12:06:12 -------- d-----w- d:\users\edsonl~1\appdata\local\{2940A524-BFE2-4ACF-9396-F2BB5C39E017}
2012-01-30 12:05:58 -------- d-----w- d:\users\edsonl~1\appdata\local\{70F2761D-FDED-4EE1-8E3D-75890A86A839}
2012-01-29 15:13:00 -------- d-----w- d:\users\edsonl~1\appdata\local\{3CDFA7E1-D97E-42E8-B94D-D12BF9A770C7}
2012-01-29 15:12:47 -------- d-----w- d:\users\edsonl~1\appdata\local\{69B24D2F-FE5E-4A33-8F36-ADF445524E2C}
2012-01-28 18:49:47 -------- d-----w- d:\users\edsonl~1\appdata\local\{20AFA811-D4C6-4C86-B47D-EA9AA752C588}
2012-01-28 18:49:20 -------- d-----w- d:\users\edsonl~1\appdata\local\{BB658F41-3F7F-45EC-9AA9-C8B6FEB8BC3F}
2012-01-28 04:41:17 -------- d-----w- d:\users\edsonl~1\appdata\local\{B6BB52EF-06B1-40C1-AAEA-3A9E9F47CCF0}
2012-01-28 04:41:03 -------- d-----w- d:\users\edsonl~1\appdata\local\{92A58E2E-2D12-4699-BE3C-9B40FF5518D2}
2012-01-27 14:57:43 -------- d-----w- d:\windows\Options
2012-01-27 14:46:58 12984 ----a-w- d:\windows\system32\drivers\SWDUMon.sys
2012-01-27 14:45:00 -------- d-----w- d:\program files\Downloaded Installers
2012-01-27 14:10:51 -------- d-----w- d:\users\edsonl~1\appdata\local\{7E5A7C2F-1D15-4253-AEED-E48B1C577CEE}
2012-01-27 14:10:38 -------- d-----w- d:\users\edsonl~1\appdata\local\{7933B215-A7E1-49EE-8315-4DF4CB85B594}
2012-01-26 22:59:23 -------- d-----w- d:\users\edsonl~1\appdata\local\{70E95F88-BA92-4B80-9F31-FD9AF17C2EB2}
2012-01-26 22:58:59 -------- d-----w- d:\users\edsonl~1\appdata\local\{F1EFF39F-25FD-4772-AAA3-5EA19BD7E3B6}
2012-01-25 23:34:16 -------- d-----w- d:\users\edsonl~1\appdata\local\{D820ABA2-0336-47B3-8B13-52EA69297BA9}
2012-01-25 23:33:52 -------- d-----w- d:\users\edsonl~1\appdata\local\{410C24E2-5E81-4AAD-B72E-4E475694C7FC}
2012-01-25 11:33:07 -------- d-----w- d:\users\edsonl~1\appdata\local\{1CE13015-38CF-4ED7-AD75-DD85D04131F6}
2012-01-25 11:32:52 -------- d-----w- d:\users\edsonl~1\appdata\local\{0646F0A7-7CBB-43CE-B56C-6E7B31D7FB0F}
2012-01-24 13:24:51 -------- d-----w- d:\users\edsonl~1\appdata\local\{53A8B33F-3C03-43D7-9435-C4A5072F8405}
2012-01-24 13:24:34 -------- d-----w- d:\users\edsonl~1\appdata\local\{A1EBE785-2F51-4BF9-8EEF-F1143AE51888}
2012-01-24 01:04:46 -------- d-----w- d:\users\edsonl~1\appdata\local\{05C7497B-BA4F-465F-A93A-9D878ADC59BE}
2012-01-24 01:04:21 -------- d-----w- d:\users\edsonl~1\appdata\local\{25B5FAC0-31C6-4BAD-BB1C-23DAEC5BC6A0}
2012-01-23 13:03:42 -------- d-----w- d:\users\edsonl~1\appdata\local\{C05BF261-288C-47B3-99BD-F523A8295375}
2012-01-23 13:03:23 -------- d-----w- d:\users\edsonl~1\appdata\local\{4B726A58-4CA3-4831-B97F-BC04A771C51B}
2012-01-22 13:14:17 -------- d-----w- d:\users\edsonl~1\appdata\local\{59AAAC5F-7BB5-4B10-8C53-6206747D2535}
2012-01-22 13:14:05 -------- d-----w- d:\users\edsonl~1\appdata\local\{F2F57837-B315-4274-806B-8ADD3434BE9A}
2012-01-21 23:29:14 -------- d-----w- d:\program files\Panda Security
2012-01-21 23:29:14 -------- d-----w- d:\progra~2\Panda Security
2012-01-21 17:37:03 -------- d-----w- d:\users\edsonl~1\appdata\local\{FA1A2654-093D-4D0D-965F-051B6152314E}
2012-01-21 17:36:34 -------- d-----w- d:\users\edsonl~1\appdata\local\{D2D26D10-84A1-40AF-B714-A2282D7D85D4}
2012-01-21 02:32:31 6557240 ----a-w- d:\progra~2\microsoft\microsoft antimalware\definition updates\{fbdb3ae3-4c48-47af-ad96-1d4fa215c4d1}\mpengine.dll
2012-01-20 14:33:20 -------- d-----w- d:\users\edsonl~1\appdata\local\{7F30A6EA-C9BC-4E61-B3FF-C1308B7D1A66}
2012-01-20 14:33:06 -------- d-----w- d:\users\edsonl~1\appdata\local\{F503E5BE-D4CB-487A-A1A4-F805DECBA79F}
2012-01-19 22:46:11 -------- d-----w- d:\users\edsonl~1\appdata\local\{D9929F69-F21A-4DC1-ACAB-A4886947CDF6}
2012-01-19 22:45:46 -------- d-----w- d:\users\edsonl~1\appdata\local\{C0BAC971-3EDB-448D-8536-08A021B3470F}
2012-01-19 01:12:04 -------- d-----w- d:\users\edsonl~1\appdata\local\{CAD0EDCE-BC66-4766-A9AD-DE511B52C3B4}
2012-01-19 01:11:35 -------- d-----w- d:\users\edsonl~1\appdata\local\{A1B4540B-9407-4256-8C86-8463BD32B4D5}
2012-01-18 13:10:50 -------- d-----w- d:\users\edsonl~1\appdata\local\{CE962673-649F-41CB-82A2-3130F7D75718}
2012-01-18 13:10:24 -------- d-----w- d:\users\edsonl~1\appdata\local\{C2EC88B3-5AEB-4B1B-9196-AE5FF0FB4890}
2012-01-18 01:09:33 -------- d-----w- d:\users\edsonl~1\appdata\local\{DBA127D7-D300-4CC5-96B3-979FDC179790}
2012-01-18 01:09:07 -------- d-----w- d:\users\edsonl~1\appdata\local\{66C0E18A-3503-4C13-AC9A-7C1C03CE42AE}
2012-01-17 13:08:17 -------- d-----w- d:\users\edsonl~1\appdata\local\{739497BA-3FA7-4C67-95C0-4E377EAAB5CA}
2012-01-17 13:07:49 -------- d-----w- d:\users\edsonl~1\appdata\local\{49965A43-AFBB-4311-903F-9E96E02210D4}
2012-01-16 12:26:07 -------- d-----w- d:\users\edsonl~1\appdata\local\{C82549BA-C21F-47AF-99DF-5B017F389651}
2012-01-16 12:25:39 -------- d-----w- d:\users\edsonl~1\appdata\local\{2A495648-B8C6-41B8-90DA-F549277B9034}
2012-01-16 00:07:39 -------- d-----w- d:\users\edsonl~1\appdata\local\{FACC492B-ABDE-4A48-A2C5-6971FE76F8D3}
2012-01-16 00:06:57 -------- d-----w- d:\users\edsonl~1\appdata\local\{9012E138-ABBC-4773-B325-C4A70B9B6215}
2012-01-15 12:06:29 -------- d-----w- d:\users\edsonl~1\appdata\local\{80F9D1E9-7BE7-43F7-99FB-480358BD71A7}
2012-01-15 12:06:01 -------- d-----w- d:\users\edsonl~1\appdata\local\{A14DB6D2-A833-4E15-91DE-78EAF3195588}
2012-01-14 12:58:57 -------- d-----w- d:\users\edsonl~1\appdata\local\{0F62B125-BDEB-4458-9D91-4866423F7A5B}
2012-01-14 12:58:33 -------- d-----w- d:\users\edsonl~1\appdata\local\{854FE8C4-CCDD-4C49-9CC2-E75D9FCA6E19}
2012-01-14 01:28:48 224768 ----a-w- d:\windows\system32\schannel.dll
2012-01-14 01:28:47 67440 ----a-w- d:\windows\system32\drivers\ksecdd.sys
2012-01-14 01:28:47 369352 ----a-w- d:\windows\system32\drivers\cng.sys
2012-01-14 01:28:47 134000 ----a-w- d:\windows\system32\drivers\ksecpkg.sys
2012-01-14 01:28:47 1038848 ----a-w- d:\windows\system32\lsasrv.dll
2012-01-14 01:28:46 314880 ----a-w- d:\windows\system32\webio.dll
2012-01-14 01:28:46 22528 ----a-w- d:\windows\system32\lsass.exe
2012-01-14 01:28:46 100352 ----a-w- d:\windows\system32\sspicli.dll
2012-01-14 01:28:45 22016 ----a-w- d:\windows\system32\secur32.dll
2012-01-14 01:28:45 15872 ----a-w- d:\windows\system32\sspisrv.dll
2012-01-13 23:56:25 -------- d-----w- d:\users\edsonl~1\appdata\local\{A14B7616-E828-4865-BF76-510A9A4D3A40}
2012-01-13 23:55:56 -------- d-----w- d:\users\edsonl~1\appdata\local\{9015FF88-5632-4BA3-8B64-C521BE3CAEF4}
2012-01-13 11:51:46 -------- d-----w- d:\users\edsonl~1\appdata\local\{8831B365-0C42-4355-8BDC-BE7C37007DF3}
2012-01-13 11:50:25 -------- d-----w- d:\users\edsonl~1\appdata\local\{5ABFBEC1-6BCE-4A28-8436-D757FA439B27}
2012-01-12 23:49:33 -------- d-----w- d:\users\edsonl~1\appdata\local\{F043508F-E4B4-47A6-B2DF-0147A91C2EF5}
2012-01-12 23:48:53 -------- d-----w- d:\users\edsonl~1\appdata\local\{EF855C45-9974-4832-97F1-314CC44F58E6}
2012-01-12 11:42:47 -------- d-----w- d:\users\edsonl~1\appdata\local\{B98B8AF2-3283-4621-A0E7-14839A3E222C}
2012-01-12 11:42:20 -------- d-----w- d:\users\edsonl~1\appdata\local\{B0F20516-0C14-434D-AE79-CE5A2586039D}
2012-01-11 13:54:54 1288472 ----a-w- d:\windows\system32\ntdll.dll
2012-01-11 13:54:49 67072 ----a-w- d:\windows\system32\packager.dll
2012-01-11 13:54:42 1328128 ----a-w- d:\windows\system32\quartz.dll
2012-01-11 13:54:40 514560 ----a-w- d:\windows\system32\qdvd.dll
2012-01-11 13:46:02 -------- d-----w- d:\users\edsonl~1\appdata\local\{ED0DBAFF-2770-4D8E-981E-ADE1D35CAC21}
2012-01-11 13:45:49 -------- d-----w- d:\users\edsonl~1\appdata\local\{B0ADB01F-59FA-48E6-8010-972B7A49D30A}
2012-01-11 01:33:39 -------- d-----w- d:\users\edsonl~1\appdata\local\{4EBE1C99-1DCC-4715-A7DA-32FAF590A88E}
2012-01-11 01:33:15 -------- d-----w- d:\users\edsonl~1\appdata\local\{54C52117-13AB-4428-97CC-D0F4988C28C4}
2012-01-10 13:32:26 -------- d-----w- d:\users\edsonl~1\appdata\local\{3043E01F-5355-4EAF-BB09-4A52616B8631}
2012-01-10 13:31:36 -------- d-----w- d:\users\edsonl~1\appdata\local\{6ECF3626-7440-432A-9DC5-7D64685D9BAE}
2012-01-09 10:19:04 -------- d-----w- d:\users\edsonl~1\appdata\local\{19AD5B66-9D2D-4418-BE76-C5D0AEF1CA90}
2012-01-09 10:18:35 -------- d-----w- d:\users\edsonl~1\appdata\local\{8DCA97BB-02C7-4CE5-B2B3-C62862BAB4F5}
2012-01-08 19:12:12 -------- d-----w- d:\program files\Anvisoft
2012-01-08 13:02:13 -------- d-----w- d:\users\edsonl~1\appdata\local\{78F626FA-2F89-4C6F-8F50-0E3F29C40A56}
2012-01-08 13:01:59 -------- d-----w- d:\users\edsonl~1\appdata\local\{84A4E232-3468-4941-AEBE-2D9E3018AD90}
2012-01-08 00:01:33 -------- d-----w- d:\users\edsonl~1\appdata\local\{C1807CCE-5774-4CA9-9D90-9A40655BAC28}
2012-01-08 00:01:05 -------- d-----w- d:\users\edsonl~1\appdata\local\{6E2DDE14-5379-412D-96A2-1E789EA06C27}
2012-01-07 11:59:51 -------- d-----w- d:\users\edsonl~1\appdata\local\{99CD1497-0767-43E3-A2C4-B9530B29DEFE}
2012-01-07 11:59:26 -------- d-----w- d:\users\edsonl~1\appdata\local\{8308AF35-E865-406C-8FD3-B6151E17E2D2}
2012-01-06 12:42:39 -------- d-----w- d:\users\edsonl~1\appdata\local\{2A7E4CC6-9EE3-4E42-8943-7A5BEC5E9FCA}
2012-01-06 12:42:24 -------- d-----w- d:\users\edsonl~1\appdata\local\{59770C3A-557C-4632-A8D2-C7899969FCEC}
2012-01-05 12:46:11 -------- d-----w- d:\users\edsonl~1\appdata\local\{431692D2-76F0-4DE2-AF6B-C090B8797F2E}
2012-01-05 12:45:57 -------- d-----w- d:\users\edsonl~1\appdata\local\{0D444216-90CE-4149-B735-CEC45F33873F}
2012-01-04 21:14:56 -------- d-----w- d:\users\edsonl~1\appdata\local\{EFACEBA0-C1B5-4A09-A1E1-2F59A544A492}
2012-01-04 21:14:42 -------- d-----w- d:\users\edsonl~1\appdata\local\{85874033-826A-4555-94D5-0F83D4FEAF75}
2012-01-04 01:03:47 -------- d-----w- d:\users\edsonl~1\appdata\local\{6C9B2CF5-3D26-4C44-8813-9FA3CA82A6A0}
2012-01-04 01:02:52 -------- d-----w- d:\users\edsonl~1\appdata\local\{B346ABE7-9930-469F-823A-63ADCAE7AC94}

==================== Find3M ====================

2011-11-24 04:25:27 2342912 ----a-w- d:\windows\system32\win32k.sys
2011-11-14 19:06:21 414368 ----a-w- d:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-05 04:26:03 2048 ----a-w- d:\windows\system32\tzres.dll

============= FINISH: 22:39:09,18 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows 7 Enterprise
Boot Device: \Device\HarddiskVolume1
Install Date: 29/01/2011 22:13:48
System Uptime: 02/02/2012 18:28:42 (4 hours ago)

Motherboard: ECS | | M825G
Processor: AMD Sempron(tm) 2400+ | Socket-A | 1666/166mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 17 GiB total, 12,895 GiB free.
D: is FIXED (NTFS) - 59 GiB total, 17,594 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID:
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_1106&DEV_3068&SUBSYS_4C211543&REV_80\3&18D45AA6&0&8E
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_1106&DEV_3068&SUBSYS_4C211543&REV_80\3&18D45AA6&0&8E
Service:

==== System Restore Points ===================

RP532: 31/01/2012 00:36:19 - LCCD PS SA CD
RP533: 01/02/2012 17:40:49 - LCCD PS SA CD 2061 CD

==== Installed Programs ======================

Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.0.1) - Português
Adobe Reader X (10.1.2) - Português
Adobe Shockwave Player 11.6
ATI - Software Uninstall Utility
ATI Display Driver
CCleaner
D3DX10
Gadwin PrintScreen
Google Chrome
Java(TM) SE Development Kit 7 Update 1
LibreOffice 3.3
Malwarebytes Anti-Malware versão 1.60.1.1000
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox 10.0 (x86 pt-BR)
MSVCRT
Opera 11.61
Panda Cloud Antivirus
Revo Uninstaller 1.92
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
swMSM
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
VIA Rhine Family Fast Ethernet Adapter
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Windows Internet Explorer Platform Preview
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Player Firefox Plugin

==== End Of File ===========================












Abraços
TmfeijoMMonroe
TmfeijoMMonr... Cyber Highlander Registrado
13.7K Mensagens 4.2K Curtidas
#6 Por TmfeijoMMonr...
29/02/2012 - 13:20
Boa tarde ! Senhores(as)


Algum analista possa dar uma continuidade/aproveitar ( aproveitarmos ) neste/este meu tópico ?

Agora o sistema ao iniciar trava logo no começo; ainda na tela preta inicial - aquela com os dizeres setings windows .


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:11:33, on 29/02/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
D:\Windows\system32\taskhost.exe
D:\Windows\system32\Dwm.exe
D:\Windows\Explorer.EXE
D:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
D:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Mozilla Firefox\plugin-container.exe
D:\Users\Edson Luis\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [PSUNMain] "D:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - D:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\Windows\system32\Ati2evxx.exe
O23 - Service: Panda Cloud Antivirus Service (NanoServiceMain) - Panda Security, S.L. - D:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe

--
End of file - 2387 bytes




DDS (Ver_10-12-12.02) - NTFSx86
Run by Edson Luis at 13:12:19,93 on 29/02/2012
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.1.0
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.55.1033.18.512.90 [GMT -3:00]


============== Running Processes ===============

D:\Windows\system32\wininit.exe
D:\Windows\system32\lsm.exe
D:\Windows\system32\svchost.exe -k DcomLaunch
D:\Windows\system32\svchost.exe -k RPCSS
D:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
D:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
D:\Windows\system32\svchost.exe -k netsvcs
D:\Windows\system32\svchost.exe -k LocalService
D:\Windows\system32\svchost.exe -k NetworkService
D:\Windows\System32\spoolsv.exe
D:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
D:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
D:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
D:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
D:\Windows\System32\svchost.exe -k swprv
D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
D:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
D:\Windows\system32\taskhost.exe
D:\Windows\system32\Dwm.exe
D:\Windows\Explorer.EXE
D:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
D:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\Windows\system32\SearchIndexer.exe
D:\Windows\system32\svchost.exe -k bthsvcs
D:\Program Files\Windows Media Player\wmpnetwk.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Mozilla Firefox\plugin-container.exe
D:\Users\Edson Luis\Downloads\HijackThis.exe
D:\Windows\system32\SearchProtocolHost.exe
D:\Windows\system32\SearchFilterHost.exe
D:\Users\Edson Luis\Downloads\dds.scr
D:\Windows\system32\conhost.exe
D:\Windows\system32\consent.exe
D:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.fr
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - d:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - d:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
uRun: [msnmsgr] "d:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [SunJavaUpdateSched] "d:\program files\common files\java\java update\jusched.exe"
mRun: [PSUNMain] "d:\program files\panda security\panda cloud antivirus\PSUNMain.exe" /Traybar
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
Notify: AtiExtEvent - Ati2evxx.dll

================= FIREFOX ===================

FF - ProfilePath - d:\users\edsonl~1\appdata\roaming\mozilla\firefox\profiles\4ulg3p0t.default\
FF - prefs.js: browser.startup.homepage - www.google.com.br
FF - plugin: d:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: d:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll

============= SERVICES / DRIVERS ===============

R0 360HookOem;360HookOem;d:\windows\system32\drivers\360HookOem.sys [2011-5-20 54912]
R0 Lbd;Lbd;d:\windows\system32\drivers\Lbd.sys [2011-5-2 64512]
R1 MpFilter;Microsoft Malware Protection Driver;d:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 PSINKNC;PSINKNC;d:\windows\system32\drivers\PSINKNC.sys [2011-11-23 126216]
R2 PSINAflt;PSINAflt;d:\windows\system32\drivers\PSINAflt.sys [2012-1-5 144136]
R2 PSINFile;PSINFile;d:\windows\system32\drivers\PSINFile.sys [2011-4-28 99400]
R2 PSINProc;PSINProc;d:\windows\system32\drivers\PSINProc.sys [2011-4-28 111176]
R2 PSINProt;PSINProt;d:\windows\system32\drivers\PSINProt.sys [2011-11-30 112904]
R3 3xHybrid;SAA713x TV Card Service;d:\windows\system32\drivers\3xHybrid.sys [2010-12-1 1141888]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;d:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 MpNWMon;Microsoft Malware Protection Network Driver;d:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
S3 NisDrv;Microsoft Network Inspection System;d:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;d:\windows\system32\drivers\rdpvideominiport.sys [2011-2-23 15872]
S3 SWDUMon;SWDUMon;d:\windows\system32\drivers\SWDUMon.sys [2012-1-27 12984]
S3 TsUsbFlt;TsUsbFlt;d:\windows\system32\drivers\TsUsbFlt.sys [2011-2-23 52224]

=============== Created Last 30 ================

2012-02-29 15:47:05 -------- d-----w- d:\users\edsonl~1\appdata\local\{45B04892-75C6-4F5D-B9C2-9567EA13001F}
2012-02-29 15:46:39 -------- d-----w- d:\users\edsonl~1\appdata\local\{556B3BB1-83BE-4FCA-8D80-35EB598DA10E}
2012-02-29 13:30:03 -------- d-----w- d:\users\edsonl~1\appdata\local\{6C578BE1-60F8-4523-9FD3-B2FFAC6D7114}
2012-02-29 13:29:38 -------- d-----w- d:\users\edsonl~1\appdata\local\{19BC3878-94EA-48F7-B03F-4884CA9D553F}
2012-02-29 00:45:48 -------- d-----w- d:\users\edsonl~1\appdata\local\{24613939-436B-42DD-864C-B7913664125A}
2012-02-29 00:45:23 -------- d-----w- d:\users\edsonl~1\appdata\local\{C5E36556-B92C-4A51-8267-E775D984112C}
2012-02-28 20:05:05 57344 ----a-w- d:\windows\system32\Signet32.dll
2012-02-28 20:05:05 570128 ----a-w- d:\program files\common files\microsoft shared\dao\DAO350.DLL
2012-02-28 20:05:05 24848 ----a-w- d:\windows\system32\Msjter35.dll
2012-02-28 20:05:05 24576 ----a-w- d:\windows\system32\Sorcrc32.dll
2012-02-28 20:05:05 123664 ----a-w- d:\windows\system32\Msjint35.dll
2012-02-28 20:05:05 1046288 ----a-w- d:\windows\system32\Msjet35.dll
2012-02-28 20:05:04 415504 ----a-w- d:\windows\system32\Msrepl35.dll
2012-02-28 20:05:04 379152 ----a-w- d:\windows\system32\temp.00D
2012-02-28 20:05:04 30992 ----a-w- d:\windows\system32\temp.00E
2012-02-28 20:05:04 252176 ----a-w- d:\windows\system32\Msrd2x35.dll
2012-02-28 20:05:03 249856 ----a-w- d:\windows\system32\Todgub7.dll
2012-02-28 20:05:00 527808 ----a-w- d:\windows\system32\temp.00C
2012-02-28 20:04:59 1386496 ----a-w- d:\windows\system32\temp.00B
2012-02-28 20:04:58 598288 ----a-w- d:\windows\system32\temp.00A
2012-02-28 20:04:58 326656 ----a-w- d:\windows\system32\temp.008
2012-02-28 20:04:58 164112 ----a-w- d:\windows\system32\temp.009
2012-02-28 20:04:57 6144 ----a-w- d:\windows\system32\temp.004
2012-02-28 20:04:54 -------- d-----w- D:\Arquivos de Programas RFB
2012-02-28 14:24:31 -------- d-----w- d:\program files\common files\Wise Installation Wizard
2012-02-28 12:44:33 -------- d-----w- d:\users\edsonl~1\appdata\local\{8534367C-1720-4D29-AE09-067256D2D282}
2012-02-28 12:44:06 -------- d-----w- d:\users\edsonl~1\appdata\local\{8AC5F0A0-5328-43BC-8136-4051F1937BD1}
2012-02-27 13:32:46 -------- d-----w- d:\users\edsonl~1\appdata\local\{483FD38C-11DF-44B2-8485-C53D5BFD2546}
2012-02-27 13:32:22 -------- d-----w- d:\users\edsonl~1\appdata\local\{B0F8E45A-6CF3-4EC2-89A8-88D702EADC1C}
2012-02-26 21:37:11 -------- d-----w- d:\windows\system32\wbem\repository
2012-02-26 17:23:06 -------- d-----w- d:\users\edsonl~1\appdata\local\temp
2012-02-26 14:41:47 -------- d-----w- d:\users\edsonl~1\appdata\local\{178D979A-921F-45FB-9BF2-F6F49E2D6013}
2012-02-26 14:41:34 -------- d-----w- d:\users\edsonl~1\appdata\local\{B642E815-506C-45CD-B07F-94A9ABBF8B55}
2012-02-25 14:28:18 -------- d-----w- d:\users\edsonl~1\appdata\local\{45B23627-FC8C-47B3-A4E6-07B79F7C45EC}
2012-02-25 14:28:03 -------- d-----w- d:\users\edsonl~1\appdata\local\{AD4EA220-0997-4D55-A62E-B2F75AB4E473}
2012-02-24 22:48:09 -------- d-----w- d:\program files\Programas RFB
2012-02-24 17:20:27 -------- d-----w- d:\users\edson luis\.receitanet
2012-02-24 17:17:37 -------- d-----w- D:\gravadas
2012-02-24 16:07:26 -------- d-----w- d:\users\edsonl~1\appdata\local\{97D7869D-DCB5-4A38-A9AA-1DC96995EF40}
2012-02-24 16:07:02 -------- d-----w- d:\users\edsonl~1\appdata\local\{E662823B-B5C1-4D38-BBBE-43F8DAA5552C}
2012-02-24 14:45:09 -------- d-----w- D:\aplicacao
2012-02-24 14:42:43 455168 ----a-w- D:\IRPF2012.exe
2012-02-24 14:42:41 -------- d-----w- D:\tutorial
2012-02-24 14:42:38 -------- d-----w- D:\lib
2012-02-24 04:06:16 -------- d-----w- d:\users\edsonl~1\appdata\local\{99EFA81C-4B1A-4ABD-A907-D9500B8D1B08}
2012-02-24 04:05:47 -------- d-----w- d:\users\edsonl~1\appdata\local\{1DAF406E-3691-482B-9E5E-0721537478A4}
2012-02-24 00:58:33 -------- d-----w- d:\users\edsonl~1\appdata\local\{539FBA8F-DB6A-4D37-B0CE-A85299DA13E6}
2012-02-24 00:58:18 -------- d-----w- d:\users\edsonl~1\appdata\local\{7B89AC10-3951-499B-B5CA-55276D07B862}
2012-02-23 12:57:42 -------- d-----w- d:\users\edsonl~1\appdata\local\{01AC9118-E84B-41E4-B361-EE5650628F30}
2012-02-23 12:57:19 -------- d-----w- d:\users\edsonl~1\appdata\local\{D8343DD2-BE2C-4CA0-A528-0D9108BCDD29}
2012-02-23 00:27:27 -------- d-----w- d:\users\edsonl~1\appdata\local\{4A567633-5A65-47CF-A66B-D3EF024B2AF4}
2012-02-23 00:27:00 -------- d-----w- d:\users\edsonl~1\appdata\local\{5E92DFD4-0743-44C5-B14D-06536E575262}
2012-02-22 12:26:31 -------- d-----w- d:\users\edsonl~1\appdata\local\{6705FC58-41FF-41CC-BCA7-1E1A8DF02AD6}
2012-02-22 12:26:17 -------- d-----w- d:\users\edsonl~1\appdata\local\{B9F94D79-7DF2-4B3D-A430-A2B843C74BAA}
2012-02-20 13:12:29 -------- d-----w- d:\users\edsonl~1\appdata\local\{96CDC4A4-2E80-4D0F-B61E-2338A4CF12BA}
2012-02-20 13:12:15 -------- d-----w- d:\users\edsonl~1\appdata\local\{C458B14E-B31C-4976-A49C-F31288E17BC3}
2012-02-19 12:08:28 -------- d-----w- d:\users\edsonl~1\appdata\local\{239B4A26-1A52-44E6-9795-D13D0F7198B2}
2012-02-19 12:07:59 -------- d-----w- d:\users\edsonl~1\appdata\local\{074411E8-A2A9-452D-AE6B-55357541E7E0}
2012-02-18 23:55:58 -------- d-----w- d:\users\edsonl~1\appdata\local\{646EB8F1-9CEE-4140-A8DC-0087417AB1DC}
2012-02-18 23:55:45 -------- d-----w- d:\users\edsonl~1\appdata\local\{C7B5CEDB-97C0-425D-AE2E-458E59FFA3EE}
2012-02-18 11:35:29 -------- d-----w- d:\users\edsonl~1\appdata\local\{720499A6-8203-46E1-AA0D-F52C949DCFE1}
2012-02-18 11:35:14 -------- d-----w- d:\users\edsonl~1\appdata\local\{DA0DA9B7-3E26-4760-BA82-C99C0B629BDD}
2012-02-17 13:02:44 -------- d-----w- d:\users\edsonl~1\appdata\local\{63AC5FCA-6BD8-4C88-BEC3-D14998533DC1}
2012-02-17 13:02:30 -------- d-----w- d:\users\edsonl~1\appdata\local\{7BC79F53-7595-486D-86EA-2AFDE7359E62}
2012-02-16 23:42:13 -------- d-----w- d:\users\edsonl~1\appdata\local\{349C464B-676F-4624-ACF7-7108FF904498}
2012-02-16 23:41:46 -------- d-----w- d:\users\edsonl~1\appdata\local\{4A802FB7-F8AB-4088-ADAB-708EA5A536D8}
2012-02-16 11:36:02 -------- d-----w- d:\users\edsonl~1\appdata\local\{EFFF89C9-BEF1-4B20-AD4A-83D642F985F7}
2012-02-16 11:35:38 -------- d-----w- d:\users\edsonl~1\appdata\local\{2AF6FF89-B79C-4E6C-B153-B2D34F997F4C}
2012-02-15 14:09:09 -------- d-----w- d:\users\edsonl~1\appdata\local\{E7FD2C48-2CDB-4601-BA4E-37ED93A95422}
2012-02-15 14:08:33 -------- d-----w- d:\users\edsonl~1\appdata\local\{6C45D20E-2D18-4EED-8165-96A8972F1048}
2012-02-15 13:19:08 478720 ----a-w- d:\windows\system32\timedate.cpl
2012-02-15 13:18:59 442880 ----a-w- d:\windows\system32\ntshrui.dll
2012-02-15 13:18:55 690688 ----a-w- d:\windows\system32\msvcrt.dll
2012-02-15 13:18:40 2343424 ----a-w- d:\windows\system32\win32k.sys
2012-02-15 02:07:46 -------- d-----w- d:\users\edsonl~1\appdata\local\{0D56B8F8-A075-4FFF-A315-608B9CE6872D}
2012-02-15 02:07:20 -------- d-----w- d:\users\edsonl~1\appdata\local\{D0A04DA5-E39E-49ED-A505-833D7CE1C622}
2012-02-14 14:37:27 -------- d-----w- d:\users\edsonl~1\appdata\roaming\FixBee
2012-02-14 14:06:24 -------- d-----w- d:\users\edsonl~1\appdata\local\{E4FBD034-1300-49CA-8665-24E31069EFDB}
2012-02-14 14:06:09 -------- d-----w- d:\users\edsonl~1\appdata\local\{B45111A5-B4F5-486A-9695-AEC8B39EEF0A}
2012-02-14 00:20:37 -------- d-----w- d:\users\edsonl~1\appdata\local\{2F923967-E165-4C9F-AA17-FF1FB12BE1B8}
2012-02-14 00:20:22 -------- d-----w- d:\users\edsonl~1\appdata\local\{5ACC8B3E-4B97-423E-9D71-720FCB555B58}
2012-02-13 12:12:28 -------- d-----w- d:\users\edsonl~1\appdata\local\{D60882EF-58C3-45D0-A3E5-B6329B774BC0}
2012-02-13 12:12:15 -------- d-----w- d:\users\edsonl~1\appdata\local\{ED867097-438B-462D-962B-101146B42DBB}
2012-02-13 00:00:36 -------- d-----w- d:\users\edsonl~1\appdata\local\{8BECE84C-5B2C-47C1-A0E0-986CEC82322F}
2012-02-13 00:00:12 -------- d-----w- d:\users\edsonl~1\appdata\local\{ADD474C0-A8AF-4764-ABF0-64270A626DE4}
2012-02-12 11:59:38 -------- d-----w- d:\users\edsonl~1\appdata\local\{401DE972-81F1-4ACA-9F3F-0BBA332E4826}
2012-02-12 11:59:21 -------- d-----w- d:\users\edsonl~1\appdata\local\{F08D7396-AA69-450A-8756-ADE1722C3CB2}
2012-02-11 23:39:19 -------- d-----w- d:\users\edsonl~1\appdata\local\{0E8BDEEC-AECB-4EBE-A7DD-6057AF6B52B5}
2012-02-11 23:38:47 -------- d-----w- d:\users\edsonl~1\appdata\local\{A62DEA5A-036D-418A-8E03-D59B42F89282}
2012-02-11 11:38:02 -------- d-----w- d:\users\edsonl~1\appdata\local\{2E671AF3-D0E8-4B56-9CFA-875AE65C5074}
2012-02-11 11:37:46 -------- d-----w- d:\users\edsonl~1\appdata\local\{49B32391-E35D-4D1A-BE97-552041B868BF}
2012-02-10 13:39:29 -------- d-----w- d:\users\edsonl~1\appdata\local\{A3B48908-6F11-49C4-9E18-B45C26A7C0B3}
2012-02-10 13:39:10 -------- d-----w- d:\users\edsonl~1\appdata\local\{C1FE37E5-C51A-4CA6-AD24-C2E48AB6158C}
2012-02-09 16:00:09 -------- d-----w- d:\users\edsonl~1\appdata\local\{498687CA-7B81-4145-BB18-0D93C511D057}
2012-02-09 15:59:47 -------- d-----w- d:\users\edsonl~1\appdata\local\{99385A2B-0D90-4E02-8166-174EBA97D646}
2012-02-09 00:47:39 -------- d-----w- d:\users\edsonl~1\appdata\local\{4285BC65-29F3-46FE-A075-CB68F2ACAE90}
2012-02-09 00:47:12 -------- d-----w- d:\users\edsonl~1\appdata\local\{07229329-0763-430E-9615-99BFC4112A74}
2012-02-08 12:46:39 -------- d-----w- d:\users\edsonl~1\appdata\local\{9D39A0F9-3E30-4070-B9E6-5A4EA36D85CC}
2012-02-08 12:46:15 -------- d-----w- d:\users\edsonl~1\appdata\local\{D05A1431-62EC-458B-97BE-094AFAC8ACF5}
2012-02-08 00:45:28 -------- d-----w- d:\users\edsonl~1\appdata\local\{11CB5449-4BFD-4B32-A522-0069739B5499}
2012-02-08 00:45:16 -------- d-----w- d:\users\edsonl~1\appdata\local\{C492C75C-5155-4E9B-9ACD-FAB4740368C3}
2012-02-08 00:36:55 -------- d-----w- d:\users\edsonl~1\appdata\local\{35836B1D-894D-4965-8355-0CDFCF0581C8}
2012-02-08 00:36:30 -------- d-----w- d:\users\edsonl~1\appdata\local\{79415E5A-F720-40B3-980E-BD5050D1158B}
2012-02-07 12:35:51 -------- d-----w- d:\users\edsonl~1\appdata\local\{71A6BA62-BEE4-4609-9F59-F1E47C6C82CE}
2012-02-07 12:35:19 -------- d-----w- d:\users\edsonl~1\appdata\local\{6F3DEC2B-860C-4393-AADB-26C4A0D1E016}
2012-02-06 20:30:21 -------- d-----w- d:\users\edsonl~1\appdata\local\{D057B634-8E51-46A4-925B-D8ED538DE5BC}
2012-02-06 20:29:55 -------- d-----w- d:\users\edsonl~1\appdata\local\{2670119A-274E-4A00-9938-3F2A7F9E27CC}
2012-02-06 00:35:29 -------- d-----w- d:\users\edsonl~1\appdata\local\{C50B6678-2BCD-4178-8F06-F810F708D9EF}
2012-02-06 00:35:05 -------- d-----w- d:\users\edsonl~1\appdata\local\{0AC73F15-6B52-41D3-A571-2FAF543441BE}
2012-02-05 12:34:31 -------- d-----w- d:\users\edsonl~1\appdata\local\{9B1C2EE2-F8BB-4CA7-A78B-D7D35AC953E0}
2012-02-05 12:34:13 -------- d-----w- d:\users\edsonl~1\appdata\local\{3002CBA9-08C7-47CB-8D02-8BCE7A53C181}
2012-02-05 00:20:16 -------- d-----w- d:\users\edsonl~1\appdata\local\{8DF42F66-CF35-4AE0-ABB8-940EAB3FF5C0}
2012-02-05 00:19:45 -------- d-----w- d:\users\edsonl~1\appdata\local\{2DDA1660-F592-4BED-B1FC-766DCFD143A8}
2012-02-04 12:19:11 -------- d-----w- d:\users\edsonl~1\appdata\local\{FAFF1566-F821-425F-93E7-68B5638929CA}
2012-02-04 12:18:58 -------- d-----w- d:\users\edsonl~1\appdata\local\{A88BCC53-3E28-4D34-9623-C8C9A2C8B9CD}
2012-02-03 13:51:19 -------- d-----w- d:\users\edsonl~1\appdata\local\{7B30DF77-8772-4866-BCB0-39A9EBD738CA}
2012-02-03 13:50:54 -------- d-----w- d:\users\edsonl~1\appdata\local\{94A9F7C9-2E29-4DAB-BD0C-3FBA7C27CA2F}
2012-02-03 01:50:19 -------- d-----w- d:\users\edsonl~1\appdata\local\{40E8BD32-765C-460A-87E1-D6B811F26590}
2012-02-03 01:49:52 -------- d-----w- d:\users\edsonl~1\appdata\local\{08A8B483-1973-409F-AA37-80E3F2E73DDA}
2012-02-02 13:49:19 -------- d-----w- d:\users\edsonl~1\appdata\local\{2559CF92-BF1D-4ED9-B35B-A0894213EA77}
2012-02-02 13:48:51 -------- d-----w- d:\users\edsonl~1\appdata\local\{CAFCCDE9-B088-41F2-8249-E179494368BB}
2012-02-02 01:48:10 -------- d-----w- d:\users\edsonl~1\appdata\local\{E7CF4866-4CCE-4E5A-8BAF-CFE6471CB1FA}
2012-02-02 01:47:43 -------- d-----w- d:\users\edsonl~1\appdata\local\{19AD467E-CBEC-4F8B-B1F2-0541B735B19C}
2012-02-01 13:47:00 -------- d-----w- d:\users\edsonl~1\appdata\local\{95BDBFFB-0E44-43C0-9D6C-6F577ED3C338}
2012-02-01 13:46:47 -------- d-----w- d:\users\edsonl~1\appdata\local\{502DA006-73FC-4BE7-893C-213F4B3CC15A}
2012-02-01 00:19:47 -------- d-----w- d:\users\edsonl~1\appdata\local\{FD050AFE-B7A8-4391-9502-11A09F6E0B9A}
2012-02-01 00:19:19 -------- d-----w- d:\users\edsonl~1\appdata\local\{43C81EAD-B550-4D6B-81C8-71A0CA60A051}
2012-01-31 12:18:25 -------- d-----w- d:\users\edsonl~1\appdata\local\{817B539E-DB1D-4002-85A2-791FD12F379D}
2012-01-31 12:18:09 -------- d-----w- d:\users\edsonl~1\appdata\local\{2C68D956-57A2-4462-AB4D-CE9BB383479E}
2012-01-31 00:07:24 -------- d-----w- d:\users\edsonl~1\appdata\local\{98D3595F-0D88-4AB6-B533-086F50B45DFF}
2012-01-31 00:06:57 -------- d-----w- d:\users\edsonl~1\appdata\local\{3223D91F-F956-4E1A-BB8A-238A5CD4BDA0}

==================== Find3M ====================

2011-12-14 03:04:54 1798656 ----a-w- d:\windows\system32\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- d:\windows\system32\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- d:\windows\system32\inetcpl.cpl
2011-12-14 02:50:04 2382848 ----a-w- d:\windows\system32\mshtml.tlb

============= FINISH: 13:15:47,36 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows 7 Enterprise
Boot Device: \Device\HarddiskVolume1
Install Date: 29/01/2011 22:13:48
System Uptime: 29/02/2012 12:44:25 (1 hours ago)

Motherboard: ECS | | M825G
Processor: AMD Sempron(tm) 2400+ | Socket-A | 1666/166mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 17 GiB total, 12,895 GiB free.
D: is FIXED (NTFS) - 59 GiB total, 17,151 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID:
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_1106&DEV_3068&SUBSYS_4C211543&REV_80\3&18D45AA6&0&8E
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_1106&DEV_3068&SUBSYS_4C211543&REV_80\3&18D45AA6&0&8E
Service:

==== System Restore Points ===================

RP650: 26/02/2012 18:50:45 - LCCD PS SA AT
RP651: 27/02/2012 10:47:50 - LCCD
RP653: 27/02/2012 21:27:03 - Revo Uninstaller's restore point - NoVirusThanks Uploader 2.4.3.1
RP654: 28/02/2012 23:18:14 - LCCD PS SA AT

==== Installed Programs ======================

Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.0.1) - Português
Adobe Reader X (10.1.2) - Português
Adobe Shockwave Player 11.6
ATI - Software Uninstall Utility
ATI Display Driver
CCleaner
D3DX10
Gadwin PrintScreen
Google Chrome
Java Auto Updater
Java(TM) 6 Update 31
LibreOffice 3.3
Malwarebytes Anti-Malware versão 1.60.1.1000
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox 10.0.2 (x86 pt-BR)
MSVCRT
Opera 11.61
Panda Cloud Antivirus
Receitanet
Revo Uninstaller 1.92
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
swMSM
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
VIA Rhine Family Fast Ethernet Adapter
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Windows Internet Explorer Platform Preview
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Player Firefox Plugin

==== Event Viewer Messages From Past Week ========

29/02/2012 13:15:57, Error: Service Control Manager [7023] - The Security Center service terminated with the following error: Access is denied.

==== End Of File ===========================




Results of screen317's Security Check version 0.99.24
Windows 7 Service Pack 1 x86
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Panda Cloud Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
CCleaner
Java(TM) 6 Update 31
Adobe Flash Player 11.1.102.55
Adobe Reader X (10.1.2)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Panda Security Panda Cloud Antivirus PSANHost.exe
Panda Security Panda Cloud Antivirus PSUNMain.exe
``````````End of Log````````````



Abraços
Wings
Wings Cyber Highlander Registrado
20.3K Mensagens 1.2K Curtidas
#7 Por Wings
01/03/2012 - 09:03
Olá Tmfeijo


*Baixe o GMER e salve-o no desktop

Passo importante:
*Desative temporariamente o antivírus e feche todos os programas ativos

*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

*Se receber um aviso sobre atividade de rootkit e se quer fazer um scan clique [NO]

*Caso não consiga executar o GMER, tente em Modo de Segurança

*Clique [Scan] e aguarde o término
*Clique [Save...] e salve no desktop com o nome de gmer

*Acesse este link
*Clique Properties
*Ao lado de Lifetime escolha 2
*Clique [Selecionar arquivo...]
*Localize o relatório no desktop e clique [Abrir]
*No final da página, clique [Upload File]
*Cole o link criado ao lado de Download link:
Wings
Wings Cyber Highlander Registrado
20.3K Mensagens 1.2K Curtidas
#9 Por Wings
01/03/2012 - 16:26
Não há sinais de rootkit.


1.
*Delete o GMER e seu relatório

2.
*Baixe o OTL e salve-o no desktop

*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

Imagem

*Selecione:

Verificar All Users
Ignorar Arquivos Microsoft
Usar WhiteList para Nomes de Companhias
Verificar Lop
Verificar Purity


*Clique [Verificar] serão criados os relatórios OTL.txt e Extras.txt no desktop

*Acesse este link

*Clique Properties e ao lado de Lifetime escolha 2
*Clique [Selecionar arquivo...], localize o relatório OTL.txt no desktop e clique [Abrir]
*No final da página, clique [Upload File]
*Cole o link criado ao lado de Download link:
*Repita o procedimento para o relatório Extras.txt
Wings
Wings Cyber Highlander Registrado
20.3K Mensagens 1.2K Curtidas
#11 Por Wings
01/03/2012 - 21:42
1.
*Execute o OTL e clique [Limpeza] > [OK]
*O PC será reiniciado

2.
*Baixe o Kaspersky Virus Removal Tool Versão 11 e salve-o no desktop

*Execute-o, aguarde a instalação, aceite o contrato e clique [Start]

Imagem

*Clique Imagem

*Acrescente na pesquisa Meu computador

Imagem


*Clique Imagem

*Clique [Start scanning]

*Durante o scan, janelas surgirão.

*Caso encontre algo, selecione Apply to all objects e clique [Skip]

Imagem

Imagem

*Ao término, clique Imagem

*Clique Detected threats > [Save] e salve no desktop como log.txt

*Cole o relatório log.txt salvo no desktop
TmfeijoMMonroe
TmfeijoMMonr... Cyber Highlander Registrado
13.7K Mensagens 4.2K Curtidas
#12 Por TmfeijoMMonr...
03/03/2012 - 12:03
Bom dia !

Aqui complicou mais; ao ligar o pc ; agora consta uma mensagem assim :

Missing operating system


Isto ocorreu depois que limpei o disco C: com o ccleanner; embora o sistema operacional windows seven enterprise esteja instalado no D: .

Vou ter que comprar ( já encomendei um home basic ; chegará segunda feira ) um CD do seven e reinstalar/reparar o sistema .

Entretanto como localizo o sistema no disco pela BIOS ?

Estou em uma lan house .


Abraços
Responder Tópico
© 1999-2024 Hardware.com.br. Todos os direitos reservados.
Imagem do Modal