Flux 
Social bookmarking
Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking
Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking
Estatísticas
Temos 14810 usuários registradosO último membro registrado é Josevinil
Os nossos membros postaram um total de 36047 mensagens em 3685 assuntos
Quem está conectado?
Há 11 usuários online :: 0 registrados, 0 invisíveis e 11 visitantes Nenhum
O recorde de usuários online foi de 301 em Ter 26 Out 2021, 15:28
Procurar
Top dos mais postadores
| Power Max |
| |||
| joram |
| |||
| Wings [In Memoriam] |
| |||
| caedurodrigues |
| |||
| Amigo Brasileiro |
| |||
| luizvilarinho |
| |||
| Danii |
| |||
| Admin |
| |||
| Danilo Marsaro |
| |||
| Andreata |
|
Log do combofix como saber se tenho virus ?
3 participantes
Página 1 de 1
Log do combofix como saber se tenho virus ?
por Carlinhos Dom 22 Ago 2010, 16:52
Esse é meu log : ComboFix 10-08-20.01 - Alison 21/08/2010 15:57:21.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.893.566 [GMT -3]
Executando de: c:\documents and settings\Alison\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
(((((((((((((((( Arquivos/Ficheiros criados de 2010-07-21 to 2010-08-21 ))))))))))))))))))))))))))))
.
2010-08-21 18:03 . 2010-08-21 18:03 -------- d-sh--w- c:\documents and settings\Alison_2\IECompatCache
2010-08-21 18:03 . 2010-08-21 18:03 -------- d-sh--w- c:\documents and settings\Alison_2\PrivacIE
2010-08-21 14:45 . 2010-08-21 14:45 3584 ----a-r- c:\documents and settings\Alison\Dados de aplicativos\Microsoft\Installer\{121634B0-2F4A-11D3-ADA3-00C04F52DD53}\Icon386ED4E3.exe
2010-08-21 14:45 . 2010-08-21 14:45 -------- d-----w- c:\arquivos de programas\Windows Installer Clean Up
2010-08-17 17:45 . 2010-08-17 17:45 -------- d-----w- c:\arquivos de programas\ongame
2010-08-12 19:07 . 2001-09-06 02:20 12288 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2010-08-12 19:07 . 2001-09-06 02:20 12288 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-08-07 21:31 . 2010-08-17 20:42 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\TEMP
2010-08-07 21:31 . 2010-08-17 21:31 -------- d-----w- c:\arquivos de programas\Fraps 2.9.4
2010-08-06 20:54 . 2008-04-13 18:45 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2010-08-06 20:54 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-08-06 20:43 . 2010-08-06 20:43 65536 ----a-w- c:\windows\UnInstallX.exe
2010-08-04 19:20 . 2010-08-04 19:20 6144 ----a-w- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\Spyware Terminator\sp_rsdel.exe
2010-08-04 19:20 . 2010-08-04 19:20 5632 ----a-w- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\Spyware Terminator\fileobjinfo.sys
2010-08-04 19:20 . 2010-08-04 19:20 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-08-04 19:20 . 2010-08-20 23:30 -------- d-----w- c:\documents and settings\Alison\Dados de aplicativos\Spyware Terminator
2010-08-04 19:19 . 2010-08-20 21:34 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\Spyware Terminator
2010-08-04 19:19 . 2010-08-21 14:48 -------- d-----w- c:\arquivos de programas\Spyware Terminator
2010-08-04 18:42 . 2010-08-04 18:42 -------- d-----w- c:\arquivos de programas\Ergonomics
2010-08-04 18:42 . 2010-08-04 18:52 -------- d--h--w- c:\arquivos de programas\Zero G Registry
2010-08-03 22:50 . 2010-08-03 22:50 503808 ----a-w- c:\documents and settings\Alison\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-708c4d92-n\msvcp71.dll
2010-08-03 22:50 . 2010-08-03 22:50 61440 ----a-w- c:\documents and settings\Alison\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-39a0ea87-n\decora-sse.dll
2010-08-03 22:50 . 2010-08-03 22:50 499712 ----a-w- c:\documents and settings\Alison\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-708c4d92-n\jmc.dll
2010-08-03 22:50 . 2010-08-03 22:50 348160 ----a-w- c:\documents and settings\Alison\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-708c4d92-n\msvcr71.dll
2010-08-03 22:50 . 2010-08-03 22:50 12800 ----a-w- c:\documents and settings\Alison\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-39a0ea87-n\decora-d3d.dll
2010-08-01 19:36 . 2010-08-01 19:36 72136 ----a-w- c:\windows\system32\XDva352.sys
2010-07-30 18:58 . 2010-07-30 18:58 -------- d-sh--w- c:\documents and settings\NetworkService.AUTORIDADE NT\IETldCache
2010-07-25 15:37 . 2010-08-08 00:23 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\Spybot - Search & Destroy
2010-07-24 23:05 . 2010-08-14 15:11 -------- d-----w- c:\arquivos de programas\Google
2010-07-23 20:35 . 2010-07-27 16:46 440832 ----a-w- c:\windows\system32\P.Cheat$Injector.exe
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-11 22:04 . 2010-06-11 21:50 -------- d-----w- c:\arquivos de programas\Puxa Rápido
2010-08-08 00:33 . 2010-06-20 20:19 -------- d-----w- c:\documents and settings\Alison\Dados de aplicativos\Media Player Classic
2010-08-07 23:47 . 2010-06-12 01:32 -------- d-----w- c:\arquivos de programas\Softnyx
2010-08-02 23:39 . 2008-08-01 23:31 49044 ----a-w- c:\windows\system32\perfc016.dat
2010-08-02 23:39 . 2008-08-01 23:31 344972 ----a-w- c:\windows\system32\perfh016.dat
2010-07-18 19:49 . 2010-07-18 19:48 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe
2010-07-17 19:50 . 2010-07-17 19:50 11008 ----a-w- c:\windows\system32\drivers\ActUsb.sys
2010-07-15 19:22 . 2010-06-11 22:02 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-15 19:22 . 2010-07-15 19:22 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-15 19:22 . 2010-06-11 22:02 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-10 19:07 . 2010-07-10 19:07 503808 ----a-w- c:\documents and settings\Alison\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1a494a89-n\msvcp71.dll
2010-07-10 19:07 . 2010-07-10 19:07 499712 ----a-w- c:\documents and settings\Alison\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1a494a89-n\jmc.dll
2010-07-10 19:07 . 2010-07-10 19:07 348160 ----a-w- c:\documents and settings\Alison\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1a494a89-n\msvcr71.dll
2010-07-10 19:07 . 2010-07-10 19:07 61440 ----a-w- c:\documents and settings\Alison\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2bf856fe-n\decora-sse.dll
2010-07-10 19:07 . 2010-07-10 19:07 12800 ----a-w- c:\documents and settings\Alison\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2bf856fe-n\decora-d3d.dll
2010-07-10 19:07 . 2010-07-10 19:07 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Java
2010-07-10 19:06 . 2010-07-10 19:06 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-10 19:06 . 2010-07-10 19:06 -------- d-----w- c:\arquivos de programas\Java
2010-07-09 16:08 . 2010-07-01 01:56 -------- d-----w- c:\documents and settings\Alison\Dados de aplicativos\gtk-2.0
2010-07-04 19:20 . 2010-07-04 19:20 0 ----a-w- c:\windows\nsreg.dat
2010-07-01 23:36 . 2010-07-01 22:58 -------- d-----w- c:\documents and settings\Alison\Dados de aplicativos\Corel
2010-07-01 23:35 . 2010-07-01 22:56 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\Corel
2010-07-01 23:27 . 2010-07-01 22:59 2516 --sha-w- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\KGyGaAvL.sys
2010-07-01 23:27 . 2010-07-01 22:59 2516 --sha-w- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\KGyGaAvL.sys
2010-07-01 23:26 . 2010-07-01 22:59 88 --sh--r- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\DE525090CA.sys
2010-07-01 23:26 . 2010-07-01 22:59 88 --sh--r- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\DE525090CA.sys
2010-06-30 15:36 . 2010-06-13 01:24 -------- d-----w- c:\arquivos de programas\MSECache
2010-06-30 12:32 . 2008-08-01 23:31 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-29 21:50 . 2010-06-20 19:31 -------- d-----w- c:\arquivos de programas\Windows Media Connect 2
2010-06-29 21:45 . 2010-06-29 21:45 -------- d-----w- c:\documents and settings\Alison\Dados de aplicativos\Uniblue
2010-06-29 21:36 . 2010-06-29 21:36 -------- d-----w- c:\documents and settings\Alison\Dados de aplicativos\IObit
2010-06-29 21:36 . 2010-06-29 21:36 -------- d-----w- c:\arquivos de programas\IObit
2010-06-27 02:00 . 2010-06-27 02:00 -------- d-----w- c:\arquivos de programas\Lavalys
2010-06-25 00:26 . 2010-06-25 00:25 -------- d-----w- c:\arquivos de programas\Essentials Codec Pack
2010-06-24 12:24 . 2008-08-01 23:32 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:02 . 2008-08-01 23:32 1852032 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2008-08-01 23:32 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2008-08-01 23:30 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2010-06-11 21:04 744448 --sha-r- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:42 . 2008-08-01 23:31 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-13 22:27 . 2010-06-11 21:06 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-06-12 16:46 . 2010-06-11 22:02 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-12 11:17 . 2010-06-12 11:17 315392 ----a-w- c:\windows\HideWin.exe
2010-06-11 21:35 . 2010-06-11 21:35 2232 ----a-w- c:\windows\java\Packages\Data\JBJB9FBF.DAT
2010-06-11 21:35 . 2010-06-11 21:35 155995 ----a-w- c:\windows\java\Packages\5Z5FTBTZ.ZIP
2010-06-11 21:35 . 2010-06-11 21:35 2678 ----a-w- c:\windows\java\Packages\Data\2CI7J175.DAT
2010-06-11 21:35 . 2010-06-11 21:35 2678 ----a-w- c:\windows\java\Packages\Data\KG3HJN3Z.DAT
2010-06-11 21:35 . 2010-06-11 21:35 2678 ----a-w- c:\windows\java\Packages\Data\JRVV39ZL.DAT
2010-06-11 21:35 . 2010-06-11 21:35 2678 ----a-w- c:\windows\java\Packages\Data\EZZDBV5Z.DAT
2010-06-11 21:35 . 2010-06-11 21:35 2678 ----a-w- c:\windows\java\Packages\Data\DBPRDRHB.DAT
2010-06-11 21:03 . 2010-06-11 21:03 21844 ----a-w- c:\windows\system32\emptyregdb.dat
2010-06-01 17:37 . 2010-06-27 17:43 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-02-10 07:18 . 2010-06-22 23:37 2131336 ----a-w- c:\arquivos de programas\Arquivos comuns\AskToolbarInstaller.exe
2008-08-01 23:30 . 2010-06-11 21:04 21504 --sha-r- c:\windows\pchealth\helpctr\binaries\brpinfo.dll
2008-08-01 23:30 . 2010-06-11 21:04 7168 --sha-r- c:\windows\pchealth\helpctr\binaries\HCAppRes.dll
2008-04-14 02:21 . 2010-06-11 21:04 769024 --sha-r- c:\windows\pchealth\helpctr\binaries\helpctr.exe
2008-08-01 23:30 . 2010-06-11 21:04 99840 --sha-r- c:\windows\pchealth\helpctr\binaries\HelpHost.exe
2008-04-14 02:21 . 2010-06-11 21:04 18432 --sha-r- c:\windows\pchealth\helpctr\binaries\hscupd.exe
2008-04-14 02:21 . 2010-06-11 21:04 171520 --sha-r- c:\windows\pchealth\helpctr\binaries\msconfig.exe
2008-04-14 02:20 . 2010-06-11 21:04 381440 --sha-r- c:\windows\pchealth\helpctr\binaries\msinfo.dll
2008-08-01 23:31 . 2010-06-11 21:04 35328 --sha-r- c:\windows\pchealth\helpctr\binaries\notiflag.exe
2008-04-14 02:20 . 2010-06-11 21:04 102912 --sha-r- c:\windows\pchealth\helpctr\binaries\pchshell.dll
2008-04-14 02:20 . 2010-06-11 21:04 38400 --sha-r- c:\windows\pchealth\helpctr\binaries\pchsvc.dll
2008-04-14 02:21 . 2008-08-01 23:31 1415168 --sha-r- c:\windows\system32\mmc.exe
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
c:\documents and settings\All Users.WINDOWS\Menu Iniciar\Programas\Inicializar\
Utility Tray.lnk - c:\windows\system32\sistray.exe [2010-6-11 262144]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-15 19:22 12536 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Iniciar^Programas^Inicializar^Assistente Tecnico Speedy.lnk]
path=c:\documents and settings\All Users.WINDOWS\Menu Iniciar\Programas\Inicializar\Assistente Tecnico Speedy.lnk
backup=c:\windows\pss\Assistente Tecnico Speedy.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\3telefonica.BlockedAlerts]
2006-03-15 00:45 139264 ----a-w- c:\arquivos de programas\Assistente Tecnico Speedy\bin\AboutBrowser\MotiveBrowser.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\Puxa Rápido\\PuxaRapido.exe"=
"c:\\Arquivos de programas\\AVG\\AVG9\\avgemc.exe"=
"c:\\Arquivos de programas\\AVG\\AVG9\\avgupd.exe"=
"c:\\Arquivos de programas\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\Softnyx\\GunBoundS2\\GunBound.gme"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Arquivos de programas\\NyxTeam\\NyxGame\\NyxGame.gme"=
"c:\\Arquivos de programas\\Softnyx 2\\GunBound.exe"=
"c:\\Arquivos de programas\\Softnyx 2\\GunBound.gme"=
"c:\\Arquivos de programas\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\ongame\\Pointblank\\PointBlank.exe"=
"c:\\Arquivos de programas\\ongame\\Pointblank\\PointBlank.exe"=
"c:\\Arquivos de programas\\Ares\\Ares.exe"=
"c:\\Arquivos de programas\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
R0 ActUsb;ActUsb;c:\windows\system32\drivers\ActUsb.sys [17/7/2010 16:50 11008]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/6/2010 19:02 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/6/2010 19:02 243024]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [4/8/2010 16:20 142592]
R2 avg9emc;AVG Free E-mail Scanner;c:\arquivos de programas\AVG\AVG9\avgemc.exe [15/7/2010 16:22 921952]
R2 avg9wd;AVG Free WatchDog;c:\arquivos de programas\AVG\AVG9\avgwdsvc.exe [15/7/2010 16:22 308136]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 XDva352;XDva352;c:\windows\system32\XDva352.sys [1/8/2010 16:36 72136]
S3 XDva356;XDva356;\??\c:\windows\system32\XDva356.sys --> c:\windows\system32\XDva356.sys [?]
S3 XDva359;XDva359;\??\c:\windows\system32\XDva359.sys --> c:\windows\system32\XDva359.sys [?]
S3 XDva361;XDva361;\??\c:\windows\system32\XDva361.sys --> c:\windows\system32\XDva361.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Conteúdo da pasta 'Tarefas Agendadas'
2010-08-16 c:\windows\Tasks\SmartDefrag.job
- c:\arquivos de programas\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-08-15 21:08]
2010-08-21 c:\windows\Tasks\Windows Codec Update Service.job
- c:\arquivos de programas\Essentials Codec Pack\WECPUpdate.exe [2010-05-30 13:17]
.
.
------- Scan Suplementar -------
.
uStart Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
uInternet Settings,ProxyOverride = 127.0.0.1
IE: &Download All using 4shared Desktop - c:\arquivos de programas\4shared Desktop\down_all.htm
TCP: {21226CC8-4969-4FFF-91E7-A7188C0C26A6} = 208.67.220.220,208.67.222.222
TCP: {E8C6DB8D-C5B6-4D34-97F0-B278C278C8FB} = 200.204.0.10 200.204.0.138
DPF: Microsoft XML Parser for Java - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
.
- - - - ORFÃOS REMOVIDOS - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-ares - c:\arquivos de programas\Ares\Ares.exe
MSConfigStartUp-SpeedBitVideoAccelerator - c:\arquivos de programas\SpeedBit Video Accelerator\VideoAccelerator.exe
AddRemove-PointBlank - c:\ongame\Pointblank\PBUnInst.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Rootkit scan 2010-08-21 16:02
Windows 5.1.2600 Service Pack 3 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Abiosdsk]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\abp480n5]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ACPI]
"ImagePath"="system32\DRIVERS\ACPI.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ACPIEC]
"ImagePath"="system32\DRIVERS\ACPIEC.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ActUsb]
"ImagePath"="system32\drivers\ActUsb.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\adpu160m]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aec]
"ImagePath"="system32\drivers\aec.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AFD]
"ImagePath"="\SystemRoot\System32\drivers\afd.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Aha154x]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aic78u2]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aic78xx]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Alerter]
"ServiceDll"="%SystemRoot%\system32\alrsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ALG]
"ImagePath"="%SystemRoot%\System32\alg.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AliIde]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\amsint]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AppMgmt]
"ServiceDll"="%SystemRoot%\System32\appmgmts.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc3350p]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc3550]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AsyncMac]
"ImagePath"="system32\DRIVERS\asyncmac.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\atapi]
"ImagePath"="system32\DRIVERS\atapi.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Atdisk]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Atmarpc]
"ImagePath"="system32\DRIVERS\atmarpc.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AudioSrv]
"ServiceDll"="%SystemRoot%\System32\audiosrv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\audstub]
"ImagePath"="system32\DRIVERS\audstub.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AVG]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\avg9emc]
"ImagePath"=""c:\arquivos de programas\AVG\AVG9\avgemc.exe""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\avg9wd]
"ImagePath"=""c:\arquivos de programas\AVG\AVG9\avgwdsvc.exe""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AvgLdx86]
"ImagePath"="System32\Drivers\avgldx86.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AvgMfx86]
"ImagePath"="System32\Drivers\avgmfx86.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AvgTdiX]
"ImagePath"="System32\Drivers\avgtdix.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BattC]
"MofImagePath"="System32\Drivers\battc.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Beep]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BITS]
"ServiceDll"="c:\windows\system32\qmgr.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Browser]
"ServiceDll"="%SystemRoot%\System32\browser.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme]
"ImagePath"="\??\c:\docume~1\Alison\CONFIG~1\Temp\catchme.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cbidf2k]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cd20xrnt]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdaudio]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdfs]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdrom]
"ImagePath"="system32\DRIVERS\cdrom.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Changer]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CiSvc]
"ImagePath"="%SystemRoot%\system32\cisvc.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ClipSrv]
"ImagePath"="%SystemRoot%\system32\clipsrv.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CmBatt]
"ImagePath"="system32\DRIVERS\CmBatt.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CmdIde]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Compbatt]
"ImagePath"="system32\DRIVERS\compbatt.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\COMSysApp]
"ImagePath"="c:\windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ContentFilter]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ContentIndex]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cpqarray]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CryptSvc]
"ServiceDll"="%SystemRoot%\System32\cryptsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dac2w2k]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dac960nt]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DcomLaunch]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dhcp]
"ServiceDll"="%SystemRoot%\System32\dhcpcsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Disk]
"ImagePath"="system32\DRIVERS\disk.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmadmin]
"ImagePath"="%SystemRoot%\System32\dmadmin.exe /com"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmboot]
"ImagePath"="System32\drivers\dmboot.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmio]
"ImagePath"="System32\drivers\dmio.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmload]
"ImagePath"="System32\drivers\dmload.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmserver]
"ServiceDll"="%SystemRoot%\System32\dmserver.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DMusic]
"ImagePath"="system32\drivers\DMusic.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dnscache]
"ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dot3svc]
"ServiceDll"="%SystemRoot%\System32\dot3svc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dpti2o]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\drmkaud]
"ImagePath"="system32\drivers\drmkaud.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EapHost]
"ServiceDll"="%SystemRoot%\System32\eapsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ERSvc]
"ServiceDll"="%SystemRoot%\System32\ersvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Eventlog]
"ImagePath"="%SystemRoot%\system32\services.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EventSystem]
"ServiceDll"="c:\windows\system32\es.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fastfat]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FastUserSwitchingCompatibility]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fdc]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fips]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Flpydisk]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FltMgr]
"ImagePath"="system32\drivers\fltmgr.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fs_Rec]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ftdisk]
"ImagePath"="system32\DRIVERS\ftdisk.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\getPlusHelper]
"ServiceDll"="c:\arquivos de programas\NOS\bin\getPlus_Helper.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Gpc]
"ImagePath"="system32\DRIVERS\msgpc.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HDAudBus]
"ImagePath"="system32\DRIVERS\HDAudBus.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\helpsvc]
"ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidServ]
"ServiceDll"=" %SystemRoot%\System32\hidserv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidUsb]
"ImagePath"="system32\DRIVERS\hidusb.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hkmsvc]
"ServiceDll"="%SystemRoot%\System32\kmsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hpn]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTP]
"ImagePath"="System32\Drivers\HTTP.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTPFilter]
"ServiceDll"="%SystemRoot%\System32\w3ssl.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omgmt]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omp]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i8042prt]
"ImagePath"="system32\DRIVERS\i8042prt.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Imapi]
"ImagePath"="system32\DRIVERS\imapi.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ImapiService]
"ImagePath"="%systemroot%\system32\imapi.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\inetaccs]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ini910u]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Inport]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntcAzAudAddService]
"ImagePath"="system32\drivers\RtkHDAud.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntelIde]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\intelppm]
"ImagePath"="system32\DRIVERS\intelppm.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ip6Fw]
"ImagePath"="system32\drivers\ip6fw.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpFilterDriver]
"ImagePath"="system32\DRIVERS\ipfltdrv.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpInIp]
"ImagePath"="system32\DRIVERS\ipinip.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpNat]
"ImagePath"="system32\DRIVERS\ipnat.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IPSec]
"ImagePath"="system32\DRIVERS\ipsec.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IRENUM]
"ImagePath"="system32\DRIVERS\irenum.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ISAPISearch]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\isapnp]
"ImagePath"="system32\DRIVERS\isapnp.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\JavaQuickStarterService]
"ImagePath"=""c:\arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "c:\arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Kbdclass]
"ImagePath"="system32\DRIVERS\kbdclass.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kmixer]
"ImagePath"="system32\drivers\kmixer.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KSecDD]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanserver]
"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanworkstation]
"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lbrtfdc]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ldap]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LicenseService]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LmHosts]
"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Messenger]
"ServiceDll"="%SystemRoot%\System32\msgsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmdd]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmsrvc]
"ImagePath"="c:\windows\system32\mnmsrvc.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Modem]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MODEMCSA]
"ImagePath"="system32\drivers\MODEMCSA.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mouclass]
"ImagePath"="system32\DRIVERS\mouclass.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mouhid]
"ImagePath"="system32\DRIVERS\mouhid.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MountMgr]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MpFilter]
"ImagePath"="system32\DRIVERS\MpFilter.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mraid35x]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRENDIS5]
"ImagePath"="\??\c:\arquiv~1\COMMON~1\Motive\MRENDIS5.SYS"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxDAV]
"ImagePath"="system32\DRIVERS\mrxdav.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxSmb]
"ImagePath"="system32\DRIVERS\mrxsmb.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC]
"ImagePath"="c:\windows\system32\msdtc.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Msfs]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSIServer]
"ImagePath"="c:\windows\system32\msiexec.exe /V"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSKSSRV]
"ImagePath"="system32\drivers\MSKSSRV.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MsMpSvc]
"ImagePath"=""c:\arquivos de programas\Microsoft Security Essentials\MsMpEng.exe""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPCLOCK]
"ImagePath"="system32\drivers\MSPCLOCK.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPQM]
"ImagePath"="system32\drivers\MSPQM.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mssmbios]
"ImagePath"="system32\DRIVERS\mssmbios.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mup]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\napagent]
"ServiceDll"="%SystemRoot%\System32\qagentrt.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDIS]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisTapi]
"ImagePath"="system32\DRIVERS\ndistapi.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ndisuio]
"ImagePath"="system32\DRIVERS\ndisuio.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisWan]
"ImagePath"="system32\DRIVERS\ndiswan.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDProxy]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBIOS]
"ImagePath"="system32\DRIVERS\netbios.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBT]
"ImagePath"="system32\DRIVERS\netbt.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDE]
"ImagePath"="%SystemRoot%\system32\netdde.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDEdsdm]
"ImagePath"="%SystemRoot%\system32\netdde.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netlogon]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netman]
"ServiceDll"="%SystemRoot%\System32\netman.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Nla]
"ServiceDll"="%SystemRoot%\System32\mswsock.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Npfs]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NPPTNT2]
"ImagePath"="\??\c:\windows\system32\npptNT2.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ntfs]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtLmSsp]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc]
"ServiceDll"="%SystemRoot%\system32\ntmssvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Null]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFlt]
"ImagePath"="system32\DRIVERS\nwlnkflt.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFwd]
"ImagePath"="system32\DRIVERS\nwlnkfwd.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Parport]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PartMgr]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ParVdm]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCI]
"ImagePath"="system32\DRIVERS\pci.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIDump]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIIde]
"ImagePath"="system32\DRIVERS\pciide.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Pcmcia]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDCOMP]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDFRAME]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRELI]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRFRAME]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2hib]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfDisk]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfNet]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfOS]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfProc]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PlugPlay]
"ImagePath"="%SystemRoot%\system32\services.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PolicyAgent]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PptpMiniport]
"ImagePath"="system32\DRIVERS\raspptp.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ProtectedStorage]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSched]
"ImagePath"="system32\DRIVERS\psched.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ptilink]
"ImagePath"="system32\DRIVERS\ptilink.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1080]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ql10wnt]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql12160]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1240]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1280]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAcd]
"ImagePath"="system32\DRIVERS\rasacd.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAuto]
"ServiceDll"="%SystemRoot%\System32\rasauto.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rasl2tp]
"ImagePath"="system32\DRIVERS\rasl2tp.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasMan]
"ServiceDll"="%SystemRoot%\System32\rasmans.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasPppoe]
"ImagePath"="system32\DRIVERS\raspppoe.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Raspti]
"ImagePath"="system32\DRIVERS\raspti.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rdbss]
"ImagePath"="system32\DRIVERS\rdbss.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPCDD]
"ImagePath"="System32\DRIVERS\RDPCDD.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPDD]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rdpdr]
"ImagePath"="system32\DRIVERS\rdpdr.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPNP]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPWD]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDSessMgr]
"ImagePath"="c:\windows\system32\sessmgr.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\redbook]
"ImagePath"="system32\DRIVERS\redbook.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteAccess]
"ServiceDll"="%SystemRoot%\System32\mprdim.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteRegistry]
"ServiceDll"="%SystemRoot%\system32\regsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcLocator]
"ImagePath"="%SystemRoot%\system32\locator.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcSs]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RSVP]
"ImagePath"="%SystemRoot%\system32\rsvp.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SamSs]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SCardSvr]
"ImagePath"="%SystemRoot%\System32\SCardSvr.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Schedule]
"ServiceDll"="%SystemRoot%\system32\schedsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ScsiPort]
"ImagePath"="%SystemRoot%\system32\drivers\scsiport.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Secdrv]
"ImagePath"="system32\DRIVERS\secdrv.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\seclogon]
"ServiceDll"="%SystemRoot%\System32\seclogon.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SENS]
"ServiceDll"="%SystemRoot%\system32\sens.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Serial]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sfloppy]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess]
"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ShellHWDetection]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Simbad]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SiS315]
"ImagePath"="system32\DRIVERS\sisgrp.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SiSGbeXP]
"ImagePath"="system32\DRIVERS\SiSGbeXP.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SiSkp]
"ImagePath"="system32\DRIVERS\srvkp.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\smserial]
"ImagePath"="system32\DRIVERS\smserial.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sparrow]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\splitter]
"ImagePath"="system32\drivers\splitter.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Spooler]
"ImagePath"="%SystemRoot%\system32\spoolsv.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sp_rsdrv2]
"ImagePath"="\??\c:\windows\system32\drivers\sp_rsdrv2.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sp_rssrv]
"ImagePath"=""c:\arquivos de programas\Spyware Terminator\sp_rsser.exe""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sr]
"ImagePath"="system32\DRIVERS\sr.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srservice]
"ServiceDll"="%SystemRoot%\system32\srsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Srv]
"ImagePath"="system32\DRIVERS\srv.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SSDPSRV]
"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvc]
"ServiceDll"="%SystemRoot%\system32\wiaservc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swenum]
"ImagePath"="system32\DRIVERS\swenum.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swmidi]
"ImagePath"="system32\drivers\swmidi.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SwPrv]
"ImagePath"="c:\windows\system32\dllhost.exe /Processid:{EDD09FFE-B860-48E1-8C0F-C8C9CC8687B5}"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swwd]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc810]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc8xx]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_hi]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_u3]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SynTP]
"ImagePath"="system32\DRIVERS\SynTP.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sysaudio]
"ImagePath"="system32\drivers\sysaudio.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SysmonLog]
"ImagePath"="%SystemRoot%\system32\smlogsvc.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TapiSrv]
"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip]
"ImagePath"="system32\DRIVERS\tcpip.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDPIPE]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDTCP]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermDD]
"ImagePath"="system32\DRIVERS\termdd.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermService]
"ServiceDll"="%SystemRoot%\System32\termsrv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Themes]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TlntSvr]
"ImagePath"="c:\windows\system32\tlntsvr.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TosIde]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TrkWks]
"ServiceDll"="%SystemRoot%\system32\trkwks.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TSDDD]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\uagp35]
"ImagePath"="system32\DRIVERS\uagp35.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Udfs]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ultra]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Update]
"ImagePath"="system32\DRIVERS\update.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\upnphost]
"ServiceDll"="%SystemRoot%\System32\upnphost.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UPS]
"ImagePath"="%SystemRoot%\System32\ups.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\USB]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbehci]
"ImagePath"="system32\DRIVERS\usbehci.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbhub]
"ImagePath"="system32\DRIVERS\usbhub.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbohci]
"ImagePath"="system32\DRIVERS\usbohci.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbstor]
"ImagePath"="system32\DRIVERS\USBSTOR.SYS"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VgaSave]
"ImagePath"="\SystemRoot\System32\drivers\vga.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ViaIde]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VolSnap]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VSS]
"ImagePath"="%SystemRoot%\System32\vssvc.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VXD]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W32Time]
"ServiceDll"="%systemroot%\system32\w32time.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W3SVC]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wanarp]
"ImagePath"="system32\DRIVERS\wanarp.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WDICA]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wdmaud]
"ImagePath"="system32\drivers\wdmaud.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WebClient]
"ServiceDll"="%SystemRoot%\System32\webclnt.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\winmgmt]
"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Winsock]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinSock2]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinTrust]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmdmPmSN]
"ServiceDll"="c:\windows\system32\MsPMSNSv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wmi]
"ServiceDll"="%SystemRoot%\System32\advapi32.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApRpl]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApSrv]
"ImagePath"="c:\windows\system32\wbem\wmiapsrv.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WMPNetworkSvc]
"ImagePath"=""c:\arquivos de programas\Windows Media Player\WMPNetwk.exe""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WS2IFSL]
"ImagePath"="\SystemRoot\System32\drivers\ws2ifsl.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wscsvc]
"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wuauserv]
"ServiceDll"="c:\windows\system32\wuauserv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfPf]
"ImagePath"="system32\DRIVERS\WudfPf.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfRd]
"ImagePath"="system32\DRIVERS\wudfrd.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfSvc]
"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WZCSVC]
"ServiceDll"="%SystemRoot%\System32\wzcsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\XDva352]
"ImagePath"="\??\c:\windows\system32\XDva352.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\XDva356]
"ImagePath"="\??\c:\windows\system32\XDva356.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\XDva359]
"ImagePath"="\??\c:\windows\system32\XDva359.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\XDva361]
"ImagePath"="\??\c:\windows\system32\XDva361.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xmlprov]
"ServiceDll"="%SystemRoot%\System32\xmlprov.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{21226CC8-4969-4FFF-91E7-A7188C0C26A6}]
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
- - - - - - - > 'explorer.exe'(3776)
c:\windows\system32\WININET.dll
c:\arquiv~1\ASSIST~1\SMARTB~1\SBHook.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Tempo para conclusão: 2010-08-21 16:04:32
ComboFix-quarantined-files.txt 2010-08-21 19:04
Pré-execução: 6 pasta(s) 55.115.718.656 bytes disponíveis
Pós execução: 8 pasta(s) 55.099.158.528 bytes disponíveis
WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - C5E25653A10C2A643A7A46AFF009F05D
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.893.566 [GMT -3]
Executando de: c:\documents and settings\Alison\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
(((((((((((((((( Arquivos/Ficheiros criados de 2010-07-21 to 2010-08-21 ))))))))))))))))))))))))))))
.
2010-08-21 18:03 . 2010-08-21 18:03 -------- d-sh--w- c:\documents and settings\Alison_2\IECompatCache
2010-08-21 18:03 . 2010-08-21 18:03 -------- d-sh--w- c:\documents and settings\Alison_2\PrivacIE
2010-08-21 14:45 . 2010-08-21 14:45 3584 ----a-r- c:\documents and settings\Alison\Dados de aplicativos\Microsoft\Installer\{121634B0-2F4A-11D3-ADA3-00C04F52DD53}\Icon386ED4E3.exe
2010-08-21 14:45 . 2010-08-21 14:45 -------- d-----w- c:\arquivos de programas\Windows Installer Clean Up
2010-08-17 17:45 . 2010-08-17 17:45 -------- d-----w- c:\arquivos de programas\ongame
2010-08-12 19:07 . 2001-09-06 02:20 12288 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2010-08-12 19:07 . 2001-09-06 02:20 12288 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-08-07 21:31 . 2010-08-17 20:42 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\TEMP
2010-08-07 21:31 . 2010-08-17 21:31 -------- d-----w- c:\arquivos de programas\Fraps 2.9.4
2010-08-06 20:54 . 2008-04-13 18:45 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2010-08-06 20:54 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-08-06 20:43 . 2010-08-06 20:43 65536 ----a-w- c:\windows\UnInstallX.exe
2010-08-04 19:20 . 2010-08-04 19:20 6144 ----a-w- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\Spyware Terminator\sp_rsdel.exe
2010-08-04 19:20 . 2010-08-04 19:20 5632 ----a-w- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\Spyware Terminator\fileobjinfo.sys
2010-08-04 19:20 . 2010-08-04 19:20 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-08-04 19:20 . 2010-08-20 23:30 -------- d-----w- c:\documents and settings\Alison\Dados de aplicativos\Spyware Terminator
2010-08-04 19:19 . 2010-08-20 21:34 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\Spyware Terminator
2010-08-04 19:19 . 2010-08-21 14:48 -------- d-----w- c:\arquivos de programas\Spyware Terminator
2010-08-04 18:42 . 2010-08-04 18:42 -------- d-----w- c:\arquivos de programas\Ergonomics
2010-08-04 18:42 . 2010-08-04 18:52 -------- d--h--w- c:\arquivos de programas\Zero G Registry
2010-08-03 22:50 . 2010-08-03 22:50 503808 ----a-w- c:\documents and settings\Alison\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-708c4d92-n\msvcp71.dll
2010-08-03 22:50 . 2010-08-03 22:50 61440 ----a-w- c:\documents and settings\Alison\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-39a0ea87-n\decora-sse.dll
2010-08-03 22:50 . 2010-08-03 22:50 499712 ----a-w- c:\documents and settings\Alison\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-708c4d92-n\jmc.dll
2010-08-03 22:50 . 2010-08-03 22:50 348160 ----a-w- c:\documents and settings\Alison\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-708c4d92-n\msvcr71.dll
2010-08-03 22:50 . 2010-08-03 22:50 12800 ----a-w- c:\documents and settings\Alison\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-39a0ea87-n\decora-d3d.dll
2010-08-01 19:36 . 2010-08-01 19:36 72136 ----a-w- c:\windows\system32\XDva352.sys
2010-07-30 18:58 . 2010-07-30 18:58 -------- d-sh--w- c:\documents and settings\NetworkService.AUTORIDADE NT\IETldCache
2010-07-25 15:37 . 2010-08-08 00:23 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\Spybot - Search & Destroy
2010-07-24 23:05 . 2010-08-14 15:11 -------- d-----w- c:\arquivos de programas\Google
2010-07-23 20:35 . 2010-07-27 16:46 440832 ----a-w- c:\windows\system32\P.Cheat$Injector.exe
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-11 22:04 . 2010-06-11 21:50 -------- d-----w- c:\arquivos de programas\Puxa Rápido
2010-08-08 00:33 . 2010-06-20 20:19 -------- d-----w- c:\documents and settings\Alison\Dados de aplicativos\Media Player Classic
2010-08-07 23:47 . 2010-06-12 01:32 -------- d-----w- c:\arquivos de programas\Softnyx
2010-08-02 23:39 . 2008-08-01 23:31 49044 ----a-w- c:\windows\system32\perfc016.dat
2010-08-02 23:39 . 2008-08-01 23:31 344972 ----a-w- c:\windows\system32\perfh016.dat
2010-07-18 19:49 . 2010-07-18 19:48 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe
2010-07-17 19:50 . 2010-07-17 19:50 11008 ----a-w- c:\windows\system32\drivers\ActUsb.sys
2010-07-15 19:22 . 2010-06-11 22:02 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-15 19:22 . 2010-07-15 19:22 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-15 19:22 . 2010-06-11 22:02 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-10 19:07 . 2010-07-10 19:07 503808 ----a-w- c:\documents and settings\Alison\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1a494a89-n\msvcp71.dll
2010-07-10 19:07 . 2010-07-10 19:07 499712 ----a-w- c:\documents and settings\Alison\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1a494a89-n\jmc.dll
2010-07-10 19:07 . 2010-07-10 19:07 348160 ----a-w- c:\documents and settings\Alison\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1a494a89-n\msvcr71.dll
2010-07-10 19:07 . 2010-07-10 19:07 61440 ----a-w- c:\documents and settings\Alison\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2bf856fe-n\decora-sse.dll
2010-07-10 19:07 . 2010-07-10 19:07 12800 ----a-w- c:\documents and settings\Alison\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2bf856fe-n\decora-d3d.dll
2010-07-10 19:07 . 2010-07-10 19:07 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Java
2010-07-10 19:06 . 2010-07-10 19:06 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-10 19:06 . 2010-07-10 19:06 -------- d-----w- c:\arquivos de programas\Java
2010-07-09 16:08 . 2010-07-01 01:56 -------- d-----w- c:\documents and settings\Alison\Dados de aplicativos\gtk-2.0
2010-07-04 19:20 . 2010-07-04 19:20 0 ----a-w- c:\windows\nsreg.dat
2010-07-01 23:36 . 2010-07-01 22:58 -------- d-----w- c:\documents and settings\Alison\Dados de aplicativos\Corel
2010-07-01 23:35 . 2010-07-01 22:56 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\Corel
2010-07-01 23:27 . 2010-07-01 22:59 2516 --sha-w- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\KGyGaAvL.sys
2010-07-01 23:27 . 2010-07-01 22:59 2516 --sha-w- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\KGyGaAvL.sys
2010-07-01 23:26 . 2010-07-01 22:59 88 --sh--r- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\DE525090CA.sys
2010-07-01 23:26 . 2010-07-01 22:59 88 --sh--r- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\DE525090CA.sys
2010-06-30 15:36 . 2010-06-13 01:24 -------- d-----w- c:\arquivos de programas\MSECache
2010-06-30 12:32 . 2008-08-01 23:31 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-29 21:50 . 2010-06-20 19:31 -------- d-----w- c:\arquivos de programas\Windows Media Connect 2
2010-06-29 21:45 . 2010-06-29 21:45 -------- d-----w- c:\documents and settings\Alison\Dados de aplicativos\Uniblue
2010-06-29 21:36 . 2010-06-29 21:36 -------- d-----w- c:\documents and settings\Alison\Dados de aplicativos\IObit
2010-06-29 21:36 . 2010-06-29 21:36 -------- d-----w- c:\arquivos de programas\IObit
2010-06-27 02:00 . 2010-06-27 02:00 -------- d-----w- c:\arquivos de programas\Lavalys
2010-06-25 00:26 . 2010-06-25 00:25 -------- d-----w- c:\arquivos de programas\Essentials Codec Pack
2010-06-24 12:24 . 2008-08-01 23:32 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:02 . 2008-08-01 23:32 1852032 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2008-08-01 23:32 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2008-08-01 23:30 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2010-06-11 21:04 744448 --sha-r- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:42 . 2008-08-01 23:31 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-13 22:27 . 2010-06-11 21:06 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-06-12 16:46 . 2010-06-11 22:02 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-12 11:17 . 2010-06-12 11:17 315392 ----a-w- c:\windows\HideWin.exe
2010-06-11 21:35 . 2010-06-11 21:35 2232 ----a-w- c:\windows\java\Packages\Data\JBJB9FBF.DAT
2010-06-11 21:35 . 2010-06-11 21:35 155995 ----a-w- c:\windows\java\Packages\5Z5FTBTZ.ZIP
2010-06-11 21:35 . 2010-06-11 21:35 2678 ----a-w- c:\windows\java\Packages\Data\2CI7J175.DAT
2010-06-11 21:35 . 2010-06-11 21:35 2678 ----a-w- c:\windows\java\Packages\Data\KG3HJN3Z.DAT
2010-06-11 21:35 . 2010-06-11 21:35 2678 ----a-w- c:\windows\java\Packages\Data\JRVV39ZL.DAT
2010-06-11 21:35 . 2010-06-11 21:35 2678 ----a-w- c:\windows\java\Packages\Data\EZZDBV5Z.DAT
2010-06-11 21:35 . 2010-06-11 21:35 2678 ----a-w- c:\windows\java\Packages\Data\DBPRDRHB.DAT
2010-06-11 21:03 . 2010-06-11 21:03 21844 ----a-w- c:\windows\system32\emptyregdb.dat
2010-06-01 17:37 . 2010-06-27 17:43 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-02-10 07:18 . 2010-06-22 23:37 2131336 ----a-w- c:\arquivos de programas\Arquivos comuns\AskToolbarInstaller.exe
2008-08-01 23:30 . 2010-06-11 21:04 21504 --sha-r- c:\windows\pchealth\helpctr\binaries\brpinfo.dll
2008-08-01 23:30 . 2010-06-11 21:04 7168 --sha-r- c:\windows\pchealth\helpctr\binaries\HCAppRes.dll
2008-04-14 02:21 . 2010-06-11 21:04 769024 --sha-r- c:\windows\pchealth\helpctr\binaries\helpctr.exe
2008-08-01 23:30 . 2010-06-11 21:04 99840 --sha-r- c:\windows\pchealth\helpctr\binaries\HelpHost.exe
2008-04-14 02:21 . 2010-06-11 21:04 18432 --sha-r- c:\windows\pchealth\helpctr\binaries\hscupd.exe
2008-04-14 02:21 . 2010-06-11 21:04 171520 --sha-r- c:\windows\pchealth\helpctr\binaries\msconfig.exe
2008-04-14 02:20 . 2010-06-11 21:04 381440 --sha-r- c:\windows\pchealth\helpctr\binaries\msinfo.dll
2008-08-01 23:31 . 2010-06-11 21:04 35328 --sha-r- c:\windows\pchealth\helpctr\binaries\notiflag.exe
2008-04-14 02:20 . 2010-06-11 21:04 102912 --sha-r- c:\windows\pchealth\helpctr\binaries\pchshell.dll
2008-04-14 02:20 . 2010-06-11 21:04 38400 --sha-r- c:\windows\pchealth\helpctr\binaries\pchsvc.dll
2008-04-14 02:21 . 2008-08-01 23:31 1415168 --sha-r- c:\windows\system32\mmc.exe
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
c:\documents and settings\All Users.WINDOWS\Menu Iniciar\Programas\Inicializar\
Utility Tray.lnk - c:\windows\system32\sistray.exe [2010-6-11 262144]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-15 19:22 12536 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Iniciar^Programas^Inicializar^Assistente Tecnico Speedy.lnk]
path=c:\documents and settings\All Users.WINDOWS\Menu Iniciar\Programas\Inicializar\Assistente Tecnico Speedy.lnk
backup=c:\windows\pss\Assistente Tecnico Speedy.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\3telefonica.BlockedAlerts]
2006-03-15 00:45 139264 ----a-w- c:\arquivos de programas\Assistente Tecnico Speedy\bin\AboutBrowser\MotiveBrowser.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\Puxa Rápido\\PuxaRapido.exe"=
"c:\\Arquivos de programas\\AVG\\AVG9\\avgemc.exe"=
"c:\\Arquivos de programas\\AVG\\AVG9\\avgupd.exe"=
"c:\\Arquivos de programas\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\Softnyx\\GunBoundS2\\GunBound.gme"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Arquivos de programas\\NyxTeam\\NyxGame\\NyxGame.gme"=
"c:\\Arquivos de programas\\Softnyx 2\\GunBound.exe"=
"c:\\Arquivos de programas\\Softnyx 2\\GunBound.gme"=
"c:\\Arquivos de programas\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\ongame\\Pointblank\\PointBlank.exe"=
"c:\\Arquivos de programas\\ongame\\Pointblank\\PointBlank.exe"=
"c:\\Arquivos de programas\\Ares\\Ares.exe"=
"c:\\Arquivos de programas\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
R0 ActUsb;ActUsb;c:\windows\system32\drivers\ActUsb.sys [17/7/2010 16:50 11008]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/6/2010 19:02 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/6/2010 19:02 243024]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [4/8/2010 16:20 142592]
R2 avg9emc;AVG Free E-mail Scanner;c:\arquivos de programas\AVG\AVG9\avgemc.exe [15/7/2010 16:22 921952]
R2 avg9wd;AVG Free WatchDog;c:\arquivos de programas\AVG\AVG9\avgwdsvc.exe [15/7/2010 16:22 308136]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 XDva352;XDva352;c:\windows\system32\XDva352.sys [1/8/2010 16:36 72136]
S3 XDva356;XDva356;\??\c:\windows\system32\XDva356.sys --> c:\windows\system32\XDva356.sys [?]
S3 XDva359;XDva359;\??\c:\windows\system32\XDva359.sys --> c:\windows\system32\XDva359.sys [?]
S3 XDva361;XDva361;\??\c:\windows\system32\XDva361.sys --> c:\windows\system32\XDva361.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Conteúdo da pasta 'Tarefas Agendadas'
2010-08-16 c:\windows\Tasks\SmartDefrag.job
- c:\arquivos de programas\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-08-15 21:08]
2010-08-21 c:\windows\Tasks\Windows Codec Update Service.job
- c:\arquivos de programas\Essentials Codec Pack\WECPUpdate.exe [2010-05-30 13:17]
.
.
------- Scan Suplementar -------
.
uStart Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
uInternet Settings,ProxyOverride = 127.0.0.1
IE: &Download All using 4shared Desktop - c:\arquivos de programas\4shared Desktop\down_all.htm
TCP: {21226CC8-4969-4FFF-91E7-A7188C0C26A6} = 208.67.220.220,208.67.222.222
TCP: {E8C6DB8D-C5B6-4D34-97F0-B278C278C8FB} = 200.204.0.10 200.204.0.138
DPF: Microsoft XML Parser for Java - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
.
- - - - ORFÃOS REMOVIDOS - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-ares - c:\arquivos de programas\Ares\Ares.exe
MSConfigStartUp-SpeedBitVideoAccelerator - c:\arquivos de programas\SpeedBit Video Accelerator\VideoAccelerator.exe
AddRemove-PointBlank - c:\ongame\Pointblank\PBUnInst.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Rootkit scan 2010-08-21 16:02
Windows 5.1.2600 Service Pack 3 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Abiosdsk]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\abp480n5]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ACPI]
"ImagePath"="system32\DRIVERS\ACPI.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ACPIEC]
"ImagePath"="system32\DRIVERS\ACPIEC.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ActUsb]
"ImagePath"="system32\drivers\ActUsb.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\adpu160m]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aec]
"ImagePath"="system32\drivers\aec.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AFD]
"ImagePath"="\SystemRoot\System32\drivers\afd.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Aha154x]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aic78u2]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aic78xx]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Alerter]
"ServiceDll"="%SystemRoot%\system32\alrsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ALG]
"ImagePath"="%SystemRoot%\System32\alg.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AliIde]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\amsint]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AppMgmt]
"ServiceDll"="%SystemRoot%\System32\appmgmts.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc3350p]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc3550]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AsyncMac]
"ImagePath"="system32\DRIVERS\asyncmac.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\atapi]
"ImagePath"="system32\DRIVERS\atapi.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Atdisk]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Atmarpc]
"ImagePath"="system32\DRIVERS\atmarpc.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AudioSrv]
"ServiceDll"="%SystemRoot%\System32\audiosrv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\audstub]
"ImagePath"="system32\DRIVERS\audstub.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AVG]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\avg9emc]
"ImagePath"=""c:\arquivos de programas\AVG\AVG9\avgemc.exe""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\avg9wd]
"ImagePath"=""c:\arquivos de programas\AVG\AVG9\avgwdsvc.exe""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AvgLdx86]
"ImagePath"="System32\Drivers\avgldx86.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AvgMfx86]
"ImagePath"="System32\Drivers\avgmfx86.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AvgTdiX]
"ImagePath"="System32\Drivers\avgtdix.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BattC]
"MofImagePath"="System32\Drivers\battc.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Beep]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BITS]
"ServiceDll"="c:\windows\system32\qmgr.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Browser]
"ServiceDll"="%SystemRoot%\System32\browser.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme]
"ImagePath"="\??\c:\docume~1\Alison\CONFIG~1\Temp\catchme.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cbidf2k]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cd20xrnt]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdaudio]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdfs]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdrom]
"ImagePath"="system32\DRIVERS\cdrom.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Changer]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CiSvc]
"ImagePath"="%SystemRoot%\system32\cisvc.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ClipSrv]
"ImagePath"="%SystemRoot%\system32\clipsrv.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CmBatt]
"ImagePath"="system32\DRIVERS\CmBatt.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CmdIde]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Compbatt]
"ImagePath"="system32\DRIVERS\compbatt.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\COMSysApp]
"ImagePath"="c:\windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ContentFilter]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ContentIndex]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cpqarray]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CryptSvc]
"ServiceDll"="%SystemRoot%\System32\cryptsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dac2w2k]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dac960nt]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DcomLaunch]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dhcp]
"ServiceDll"="%SystemRoot%\System32\dhcpcsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Disk]
"ImagePath"="system32\DRIVERS\disk.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmadmin]
"ImagePath"="%SystemRoot%\System32\dmadmin.exe /com"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmboot]
"ImagePath"="System32\drivers\dmboot.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmio]
"ImagePath"="System32\drivers\dmio.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmload]
"ImagePath"="System32\drivers\dmload.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmserver]
"ServiceDll"="%SystemRoot%\System32\dmserver.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DMusic]
"ImagePath"="system32\drivers\DMusic.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dnscache]
"ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dot3svc]
"ServiceDll"="%SystemRoot%\System32\dot3svc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dpti2o]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\drmkaud]
"ImagePath"="system32\drivers\drmkaud.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EapHost]
"ServiceDll"="%SystemRoot%\System32\eapsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ERSvc]
"ServiceDll"="%SystemRoot%\System32\ersvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Eventlog]
"ImagePath"="%SystemRoot%\system32\services.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EventSystem]
"ServiceDll"="c:\windows\system32\es.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fastfat]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FastUserSwitchingCompatibility]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fdc]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fips]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Flpydisk]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FltMgr]
"ImagePath"="system32\drivers\fltmgr.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fs_Rec]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ftdisk]
"ImagePath"="system32\DRIVERS\ftdisk.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\getPlusHelper]
"ServiceDll"="c:\arquivos de programas\NOS\bin\getPlus_Helper.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Gpc]
"ImagePath"="system32\DRIVERS\msgpc.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HDAudBus]
"ImagePath"="system32\DRIVERS\HDAudBus.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\helpsvc]
"ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidServ]
"ServiceDll"=" %SystemRoot%\System32\hidserv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidUsb]
"ImagePath"="system32\DRIVERS\hidusb.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hkmsvc]
"ServiceDll"="%SystemRoot%\System32\kmsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hpn]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTP]
"ImagePath"="System32\Drivers\HTTP.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTPFilter]
"ServiceDll"="%SystemRoot%\System32\w3ssl.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omgmt]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omp]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i8042prt]
"ImagePath"="system32\DRIVERS\i8042prt.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Imapi]
"ImagePath"="system32\DRIVERS\imapi.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ImapiService]
"ImagePath"="%systemroot%\system32\imapi.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\inetaccs]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ini910u]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Inport]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntcAzAudAddService]
"ImagePath"="system32\drivers\RtkHDAud.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntelIde]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\intelppm]
"ImagePath"="system32\DRIVERS\intelppm.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ip6Fw]
"ImagePath"="system32\drivers\ip6fw.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpFilterDriver]
"ImagePath"="system32\DRIVERS\ipfltdrv.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpInIp]
"ImagePath"="system32\DRIVERS\ipinip.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpNat]
"ImagePath"="system32\DRIVERS\ipnat.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IPSec]
"ImagePath"="system32\DRIVERS\ipsec.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IRENUM]
"ImagePath"="system32\DRIVERS\irenum.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ISAPISearch]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\isapnp]
"ImagePath"="system32\DRIVERS\isapnp.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\JavaQuickStarterService]
"ImagePath"=""c:\arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "c:\arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Kbdclass]
"ImagePath"="system32\DRIVERS\kbdclass.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kmixer]
"ImagePath"="system32\drivers\kmixer.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KSecDD]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanserver]
"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanworkstation]
"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lbrtfdc]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ldap]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LicenseService]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LmHosts]
"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Messenger]
"ServiceDll"="%SystemRoot%\System32\msgsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmdd]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmsrvc]
"ImagePath"="c:\windows\system32\mnmsrvc.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Modem]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MODEMCSA]
"ImagePath"="system32\drivers\MODEMCSA.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mouclass]
"ImagePath"="system32\DRIVERS\mouclass.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mouhid]
"ImagePath"="system32\DRIVERS\mouhid.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MountMgr]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MpFilter]
"ImagePath"="system32\DRIVERS\MpFilter.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mraid35x]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRENDIS5]
"ImagePath"="\??\c:\arquiv~1\COMMON~1\Motive\MRENDIS5.SYS"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxDAV]
"ImagePath"="system32\DRIVERS\mrxdav.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxSmb]
"ImagePath"="system32\DRIVERS\mrxsmb.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC]
"ImagePath"="c:\windows\system32\msdtc.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Msfs]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSIServer]
"ImagePath"="c:\windows\system32\msiexec.exe /V"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSKSSRV]
"ImagePath"="system32\drivers\MSKSSRV.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MsMpSvc]
"ImagePath"=""c:\arquivos de programas\Microsoft Security Essentials\MsMpEng.exe""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPCLOCK]
"ImagePath"="system32\drivers\MSPCLOCK.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPQM]
"ImagePath"="system32\drivers\MSPQM.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mssmbios]
"ImagePath"="system32\DRIVERS\mssmbios.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mup]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\napagent]
"ServiceDll"="%SystemRoot%\System32\qagentrt.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDIS]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisTapi]
"ImagePath"="system32\DRIVERS\ndistapi.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ndisuio]
"ImagePath"="system32\DRIVERS\ndisuio.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisWan]
"ImagePath"="system32\DRIVERS\ndiswan.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDProxy]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBIOS]
"ImagePath"="system32\DRIVERS\netbios.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBT]
"ImagePath"="system32\DRIVERS\netbt.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDE]
"ImagePath"="%SystemRoot%\system32\netdde.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDEdsdm]
"ImagePath"="%SystemRoot%\system32\netdde.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netlogon]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netman]
"ServiceDll"="%SystemRoot%\System32\netman.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Nla]
"ServiceDll"="%SystemRoot%\System32\mswsock.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Npfs]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NPPTNT2]
"ImagePath"="\??\c:\windows\system32\npptNT2.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ntfs]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtLmSsp]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc]
"ServiceDll"="%SystemRoot%\system32\ntmssvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Null]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFlt]
"ImagePath"="system32\DRIVERS\nwlnkflt.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFwd]
"ImagePath"="system32\DRIVERS\nwlnkfwd.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Parport]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PartMgr]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ParVdm]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCI]
"ImagePath"="system32\DRIVERS\pci.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIDump]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIIde]
"ImagePath"="system32\DRIVERS\pciide.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Pcmcia]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDCOMP]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDFRAME]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRELI]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRFRAME]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2hib]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfDisk]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfNet]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfOS]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfProc]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PlugPlay]
"ImagePath"="%SystemRoot%\system32\services.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PolicyAgent]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PptpMiniport]
"ImagePath"="system32\DRIVERS\raspptp.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ProtectedStorage]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSched]
"ImagePath"="system32\DRIVERS\psched.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ptilink]
"ImagePath"="system32\DRIVERS\ptilink.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1080]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ql10wnt]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql12160]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1240]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1280]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAcd]
"ImagePath"="system32\DRIVERS\rasacd.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAuto]
"ServiceDll"="%SystemRoot%\System32\rasauto.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rasl2tp]
"ImagePath"="system32\DRIVERS\rasl2tp.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasMan]
"ServiceDll"="%SystemRoot%\System32\rasmans.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasPppoe]
"ImagePath"="system32\DRIVERS\raspppoe.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Raspti]
"ImagePath"="system32\DRIVERS\raspti.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rdbss]
"ImagePath"="system32\DRIVERS\rdbss.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPCDD]
"ImagePath"="System32\DRIVERS\RDPCDD.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPDD]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rdpdr]
"ImagePath"="system32\DRIVERS\rdpdr.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPNP]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPWD]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDSessMgr]
"ImagePath"="c:\windows\system32\sessmgr.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\redbook]
"ImagePath"="system32\DRIVERS\redbook.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteAccess]
"ServiceDll"="%SystemRoot%\System32\mprdim.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteRegistry]
"ServiceDll"="%SystemRoot%\system32\regsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcLocator]
"ImagePath"="%SystemRoot%\system32\locator.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcSs]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RSVP]
"ImagePath"="%SystemRoot%\system32\rsvp.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SamSs]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SCardSvr]
"ImagePath"="%SystemRoot%\System32\SCardSvr.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Schedule]
"ServiceDll"="%SystemRoot%\system32\schedsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ScsiPort]
"ImagePath"="%SystemRoot%\system32\drivers\scsiport.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Secdrv]
"ImagePath"="system32\DRIVERS\secdrv.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\seclogon]
"ServiceDll"="%SystemRoot%\System32\seclogon.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SENS]
"ServiceDll"="%SystemRoot%\system32\sens.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Serial]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sfloppy]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess]
"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ShellHWDetection]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Simbad]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SiS315]
"ImagePath"="system32\DRIVERS\sisgrp.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SiSGbeXP]
"ImagePath"="system32\DRIVERS\SiSGbeXP.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SiSkp]
"ImagePath"="system32\DRIVERS\srvkp.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\smserial]
"ImagePath"="system32\DRIVERS\smserial.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sparrow]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\splitter]
"ImagePath"="system32\drivers\splitter.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Spooler]
"ImagePath"="%SystemRoot%\system32\spoolsv.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sp_rsdrv2]
"ImagePath"="\??\c:\windows\system32\drivers\sp_rsdrv2.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sp_rssrv]
"ImagePath"=""c:\arquivos de programas\Spyware Terminator\sp_rsser.exe""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sr]
"ImagePath"="system32\DRIVERS\sr.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srservice]
"ServiceDll"="%SystemRoot%\system32\srsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Srv]
"ImagePath"="system32\DRIVERS\srv.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SSDPSRV]
"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvc]
"ServiceDll"="%SystemRoot%\system32\wiaservc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swenum]
"ImagePath"="system32\DRIVERS\swenum.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swmidi]
"ImagePath"="system32\drivers\swmidi.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SwPrv]
"ImagePath"="c:\windows\system32\dllhost.exe /Processid:{EDD09FFE-B860-48E1-8C0F-C8C9CC8687B5}"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swwd]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc810]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc8xx]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_hi]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_u3]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SynTP]
"ImagePath"="system32\DRIVERS\SynTP.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sysaudio]
"ImagePath"="system32\drivers\sysaudio.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SysmonLog]
"ImagePath"="%SystemRoot%\system32\smlogsvc.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TapiSrv]
"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip]
"ImagePath"="system32\DRIVERS\tcpip.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDPIPE]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDTCP]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermDD]
"ImagePath"="system32\DRIVERS\termdd.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermService]
"ServiceDll"="%SystemRoot%\System32\termsrv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Themes]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TlntSvr]
"ImagePath"="c:\windows\system32\tlntsvr.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TosIde]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TrkWks]
"ServiceDll"="%SystemRoot%\system32\trkwks.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TSDDD]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\uagp35]
"ImagePath"="system32\DRIVERS\uagp35.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Udfs]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ultra]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Update]
"ImagePath"="system32\DRIVERS\update.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\upnphost]
"ServiceDll"="%SystemRoot%\System32\upnphost.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UPS]
"ImagePath"="%SystemRoot%\System32\ups.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\USB]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbehci]
"ImagePath"="system32\DRIVERS\usbehci.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbhub]
"ImagePath"="system32\DRIVERS\usbhub.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbohci]
"ImagePath"="system32\DRIVERS\usbohci.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbstor]
"ImagePath"="system32\DRIVERS\USBSTOR.SYS"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VgaSave]
"ImagePath"="\SystemRoot\System32\drivers\vga.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ViaIde]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VolSnap]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VSS]
"ImagePath"="%SystemRoot%\System32\vssvc.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VXD]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W32Time]
"ServiceDll"="%systemroot%\system32\w32time.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W3SVC]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wanarp]
"ImagePath"="system32\DRIVERS\wanarp.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WDICA]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wdmaud]
"ImagePath"="system32\drivers\wdmaud.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WebClient]
"ServiceDll"="%SystemRoot%\System32\webclnt.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\winmgmt]
"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Winsock]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinSock2]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinTrust]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmdmPmSN]
"ServiceDll"="c:\windows\system32\MsPMSNSv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wmi]
"ServiceDll"="%SystemRoot%\System32\advapi32.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApRpl]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApSrv]
"ImagePath"="c:\windows\system32\wbem\wmiapsrv.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WMPNetworkSvc]
"ImagePath"=""c:\arquivos de programas\Windows Media Player\WMPNetwk.exe""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WS2IFSL]
"ImagePath"="\SystemRoot\System32\drivers\ws2ifsl.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wscsvc]
"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wuauserv]
"ServiceDll"="c:\windows\system32\wuauserv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfPf]
"ImagePath"="system32\DRIVERS\WudfPf.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfRd]
"ImagePath"="system32\DRIVERS\wudfrd.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfSvc]
"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WZCSVC]
"ServiceDll"="%SystemRoot%\System32\wzcsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\XDva352]
"ImagePath"="\??\c:\windows\system32\XDva352.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\XDva356]
"ImagePath"="\??\c:\windows\system32\XDva356.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\XDva359]
"ImagePath"="\??\c:\windows\system32\XDva359.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\XDva361]
"ImagePath"="\??\c:\windows\system32\XDva361.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xmlprov]
"ServiceDll"="%SystemRoot%\System32\xmlprov.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{21226CC8-4969-4FFF-91E7-A7188C0C26A6}]
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
- - - - - - - > 'explorer.exe'(3776)
c:\windows\system32\WININET.dll
c:\arquiv~1\ASSIST~1\SMARTB~1\SBHook.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Tempo para conclusão: 2010-08-21 16:04:32
ComboFix-quarantined-files.txt 2010-08-21 19:04
Pré-execução: 6 pasta(s) 55.115.718.656 bytes disponíveis
Pós execução: 8 pasta(s) 55.099.158.528 bytes disponíveis
WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - C5E25653A10C2A643A7A46AFF009F05D
Carlinhos- Iniciante
- Mensagens : 1
Reputação : 0
Data de inscrição : 22/08/2010
Re: Log do combofix como saber se tenho virus ?
por Amigo Brasileiro Ter 24 Ago 2010, 11:50
Olá Carlinhos! Seja bem-vindo ao Fórum PC Brasil.
Siga, por gentileza, as dicas deste tutorial para fazer uma limpeza de seu PC com o Malwarebytes:[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
___________________________
Crie uma pasta própria (como por exemplo C:\Arquivos de Programas\HijackThis).Faça o download do [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] e no momento de salvá-lo escolha a opção de salvá-lo nesta pasta que você acabou de criar e descompacte o hijackthis.zip dentro dela.
Dê um duplo clique no instalador do Hijackthis > clique na opção I Accept.
Clique no botão: Do a system scan and save a logfile. Depois será aberta uma tela com o log, então é só selecionar este Log (Clique no menu: Editar » Selecionar Tudo), depois disso volte novamente no menu: Editar » e clique na opção: Copiar).
Depois disso é só voltar aqui no fórum e postar este log do Hijackthis juntamente com o log do Malwarebytes para que eles possam ser analisados.
Ficamos no aguardo de sua resposta.
Na sua próxima resposta poste este log do Malwarebytes juntamente com um novo log do Hijackthis e nos diga como está o seu PC após este procedimento.
Ficamos no aguardo.
Amigo Brasileiro- Membro Pleno
- Mensagens : 882
Reputação : 11
Data de inscrição : 16/12/2008
Re: Log do combofix como saber se tenho virus ?
por Admin Sex 15 Out 2010, 13:01
Tópico arquivado.
Como o autor não respondeu ao tópico por mais de 20 dias, o mesmo foi arquivado.
Caso você seja o autor do tópico e quer que o mesmo seja reaberto, envie uma mensagem privada para um membro da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] com um link para este tópico e justifique porque você precisa dele reaberto.
Como o autor não respondeu ao tópico por mais de 20 dias, o mesmo foi arquivado.
Caso você seja o autor do tópico e quer que o mesmo seja reaberto, envie uma mensagem privada para um membro da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] com um link para este tópico e justifique porque você precisa dele reaberto.
Admin- Administrador Fundador
- Mensagens : 515
Reputação : 49
Data de inscrição : 26/05/2008
Idade : 46
Localização : Brasil -
Tópicos semelhantes» Verificar Log Combofix
» Vírus, muitos vírus - SOCORRO!!
» Log do Combofix e aplicação das medidas cabíveis.
» Analize do AdwCleaner por favor me ajudem a retirar o lixo do Adsby Supra Saving
» Vírus Win32:RmnDrp Estragando tudo!!!
» Vírus, muitos vírus - SOCORRO!!
» Log do Combofix e aplicação das medidas cabíveis.
» Analize do AdwCleaner por favor me ajudem a retirar o lixo do Adsby Supra Saving
» Vírus Win32:RmnDrp Estragando tudo!!!
Página 1 de 1
Permissões neste sub-fórum
Não podes responder a tópicos|
|
|