[Arquivado] spyware nao sei o q fazer

[nikols 0]

ja tentei o ad-aware,o spybot e o microsoft antispyware, mas nada adiantou. baixei o hijack, mas não sei o que fazer direito. Segue o log hijack:

 

Logfile of HijackThis v1.97.7

Scan saved at 10:12:04, on 20/10/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

C:\WINDOWS\system32\rundll32.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Microsoft AntiSpyware\gcasServ.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Microsoft AntiSpyware\gcasDtServ.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgalry.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\ACDSee32\ACDSee32.exe

C:\Arquivos de programas\Corel\Corel Graphics 12\Programs\CorelDRW.exe

C:\Documents and Settings\Nikolas\util\anti spyware hijack this\HijackThis.exe

 

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [gcasServ] "C:\Arquivos de programas\Microsoft AntiSpyware\gcasServ.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Inicialização rápida do HP Image Zone.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqthb08.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

[jgarcia 1]

Opa nikols,

 

Logfile of HijackThis v1.97.7

-> Versão muita antiga.

 

Faça o seguinte:

 

Baixe o HijackThis versão 1.99.1.

 

Depois > Iniciar > Meu Computador > 02 cliques no C > Coloca o HijackThis no C (extraindo do zip --> para uma pasta própria tipo c:/Hijack).

 

Execute o Hijack a partir do C, fechando os demais programas (deixando somente a área de trabalho).

 

Clique em Do a system scan and save a logfile, mas não marque nada, apenas poste o log gerado aqui neste mesmo tópico.

 

Importante: Gere o log do Hijack em Modo Normal (em Modo Seguro não), ok.

 

Abraços.

[nikols 0]

segue o logfile da versao atualizadaLogfile of HijackThis v1.99.1Scan saved at 11:35:18, on 20/10/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Arquivos de programas\Ahead\InCD\InCDsrv.exeC:\WINDOWS\system32\spoolsv.exeC:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exeC:\Arquivos de programas\Alwil Software\Avast4\ashServ.exeC:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exeC:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\Explorer.EXEC:\Arquivos de programas\Ahead\InCD\InCD.exeC:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exeC:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exeC:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exeC:\WINDOWS\system32\rundll32.exeC:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exeC:\Arquivos de programas\Microsoft AntiSpyware\gcasServ.exeC:\WINDOWS\system32\ctfmon.exeC:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exeC:\WINDOWS\system32\wuauclt.exeC:\Arquivos de programas\Microsoft AntiSpyware\gcasDtServ.exeC:\Arquivos de programas\HP\Digital Imaging\bin\hpqgalry.exeC:\Arquivos de programas\Messenger\msmsgs.exeC:\hijack\HijackThis.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exeO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUPO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe"O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [gcasServ] "C:\Arquivos de programas\Microsoft AntiSpyware\gcasServ.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /backgroundO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: Inicialização rápida do HP Image Zone.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqthb08.exeO8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)O20 - Winlogon Notify: SideBySide - C:\WINDOWS\system32\ir84l5lq1.dllO20 - Winlogon Notify: style32 - C:\WINDOWS\O23 - Service: Adobe LM Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exeO23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exemuito obrigado por enquanto,abraço

[jgarcia 1]

Caro nikols,

 

Vamos lá.

 

Habilite o Windows para mostrar todos os arquivos (até ocultos).

 

1ª Etapa

 

Baixe o Killbox em:

Killbox

 

Baixe, mas não execute ainda.

 

Baixe o Ewido em:

Ewido

 

Baixe e atualize, mas não execute ainda.

 

2ª Etapa

 

Execute o KillBox:

1) Selecione Delete on reboot;

2) Full path of file to delete;

3) Coloque:

C:\WINDOWS\system32\ir84l5lq1.dll - Aperte X. Responda "sim" à primeira pergunta e "não" à segunda.

 

É prudente que você faça a impressão deste documento ou salve-o em um lugar de fácil acesso, pois na próxima etapa entraremos em Modo Seguro e a conexão à internet não será possível.

 

3ª Etapa

 

Reinicie o computador em Modo Seguro (aperte a tecla F8 até aparecer uma tela preta em DOS e escolha Modo Seguro).

 

Execute o HijackThis, clique em Do a system scan only e marque:

O20 - Winlogon Notify: SideBySide - C:\WINDOWS\system32\ir84l5lq1.dll

O20 - Winlogon Notify: style32 - C:\WINDOWS\

Clique em Fix Checked.

 

4ª Etapa

 

Ainda em Modo Seguro faça o seguinte:

 

1) Execute uma verificação completa com o Ewido.

 

5ª Etapa

 

Reinicie em modo normal.

 

Poste o novo log.

 

Aguardo retorno.

 

Abraços.

[nikols 0]

ola, segue o log após todas as operações, no entanto ainda abrem varias janelas....o q faço?Logfile of HijackThis v1.99.1Scan saved at 18:28:37, on 20/10/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Arquivos de programas\Ahead\InCD\InCDsrv.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exeC:\Arquivos de programas\Ahead\InCD\InCD.exeC:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exeC:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exeC:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exeC:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exeC:\Arquivos de programas\Microsoft AntiSpyware\gcasServ.exeC:\Arquivos de programas\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\ctfmon.exeC:\Arquivos de programas\Messenger\msmsgs.exeC:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exeC:\WINDOWS\system32\rundll32.exeC:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\Arquivos de programas\ewido\security suite\ewidoctrl.exeC:\Arquivos de programas\ewido\security suite\ewidoguard.exeC:\Arquivos de programas\HP\Digital Imaging\bin\hpqgalry.exeC:\Arquivos de programas\Microsoft AntiSpyware\gcasDtServ.exeC:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exeC:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exeC:\WINDOWS\system32\HPZipm12.exeC:\hijack\HijackThis.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exeO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUPO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe"O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [gcasServ] "C:\Arquivos de programas\Microsoft AntiSpyware\gcasServ.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /backgroundO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: Inicialização rápida do HP Image Zone.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqthb08.exeO8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)O20 - Winlogon Notify: Reliability - C:\WINDOWS\system32\l6l6lg3s16.dllO23 - Service: Adobe LM Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exeO23 - Service: ewido security suite control - ewido networks - C:\Arquivos de programas\ewido\security suite\ewidoctrl.exeO23 - Service: ewido security suite guard - ewido networks - C:\Arquivos de programas\ewido\security suite\ewidoguard.exeO23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeno aguardo, abraço...

[jgarcia 1]

Olá nikols,

 

Em seu novo log não há entradas consideradas anormais.

 

Para tirarmos a "prova dos nove" execute o Active Scan da Panda.

 

Depois poste o resultado aqui.

 

Abraços.

[nikols 0]

prezado garcia, não consegui utilizar o scan da panda, ele da uma mensagem de que: "a página não pode ser atualizada sem o reenvio da informação", clico em repetir, mas ele sempre volta na pagina anterior e assim sucessivamente...quando passo o ewido security suite, ele sempre pega alguns virus e o mesmo diz que os elimina.segue o relatório do ewido:--------------------------------------------------------- ewido security suite - Relatório de verificação--------------------------------------------------------- + Criado em: 09:31:11, 21/10/2005 + Relatório-Checksum: E80E311F + Resultado da verificação: [500] C:\WINDOWS\system32\dDdim.dll -> Spyware.Look2Me : Erro durante a limpeza [2080] C:\WINDOWS\system32\dDdim.dll -> Spyware.Look2Me : Erro durante a limpeza C:\Documents and Settings\Administrator\Configurações locais\Temp\Cookies\administrator@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Limpo com backup C:\Documents and Settings\Administrator\Configurações locais\Temp\Cookies\administrator@ads.pointroll[1].txt -> Spyware.Cookie.Pointroll : Limpo com backup C:\Documents and Settings\Administrator\Configurações locais\Temp\Cookies\administrator@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Limpo com backup C:\WINDOWS\system32\__delete_on_reboot__kt6sl7j71.dll -> Spyware.Look2Me : Limpo com backup C:\WINDOWS\Temp\Cookies\administrator@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Limpo com backup C:\WINDOWS\Temp\Cookies\administrator@paypopup[1].txt -> Spyware.Cookie.Paypopup : Limpo com backup::Fim do Relatórioe agora o q faço?abraço.

[nikols 0]

não sei se ajuda, mas vou portar o log do ad-aware também.

 

 

Ad-Aware SE Build 1.06r1

Logfile Created on:sexta-feira, 21 de outubro de 2005 10:19:19

Created with Ad-Aware SE Personal, free for private use.

Using definitions file:SE1R71 19.10.2005

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

References detected during the scan:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

CoolWebSearch(TAC index:10):10 total references

MRU List(TAC index:0):17 total references

Surfaccuracy(TAC index:5):1 total references

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Ad-Aware SE Settings

===========================

Set : Search for negligible risk entries

Set : Safe mode (always request confirmation)

Set : Scan active processes

Set : Scan registry

Set : Deep-scan registry

Set : Scan my IE Favorites for banned URLs

Set : Scan my Hosts file

 

Extended Ad-Aware SE Settings

===========================

Set : Unload recognized processes & modules during scan

Set : Scan registry for all users instead of current user only

Set : Always try to unload modules before deletion

Set : During removal, unload Explorer and IE if necessary

Set : Let Windows remove files in use at next reboot

Set : Delete quarantined objects after restoring

Set : Include basic Ad-Aware settings in log file

Set : Include additional Ad-Aware settings in log file

Set : Include reference summary in log file

Set : Include alternate data stream details in log file

Set : Play sound at scan completion if scan locates critical objects

 

 

21-10-2005 10:19:19 - Scan started. (Full System Scan)

 

MRU List Object Recognized!

Location: : C:\Documents and Settings\Administrator\recent

Description : list of recently opened documents

 

 

MRU List Object Recognized!

Location: : software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct3d

 

 

MRU List Object Recognized!

Location: : software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct X

 

 

MRU List Object Recognized!

Location: : software\microsoft\directdraw\mostrecentapplication

Description : most recent application to use microsoft directdraw

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1957994488-2146964355-839522115-1003\software\microsoft\directinput\mostrecentapplication

Description : most recent application to use microsoft directinput

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1957994488-2146964355-839522115-1003\software\microsoft\directinput\mostrecentapplication

Description : most recent application to use microsoft directinput

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1957994488-2146964355-839522115-1003\software\microsoft\internet explorer

Description : last download directory used in microsoft internet explorer

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1957994488-2146964355-839522115-1003\software\microsoft\mediaplayer\player\settings

Description : last open directory used in jasc paint shop pro

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1957994488-2146964355-839522115-1003\software\microsoft\mediaplayer\preferences

Description : last playlist index loaded in microsoft windows media player

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1957994488-2146964355-839522115-1003\software\microsoft\mediaplayer\preferences

Description : last playlist loaded in microsoft windows media player

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1957994488-2146964355-839522115-1003\software\microsoft\search assistant\acmru

Description : list of recent search terms used with the search assistant

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1957994488-2146964355-839522115-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru

Description : list of recent programs opened

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1957994488-2146964355-839522115-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru

Description : list of recently saved files, stored according to file extension

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1957994488-2146964355-839522115-1003\software\microsoft\windows\currentversion\explorer\recentdocs

Description : list of recent documents opened

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1957994488-2146964355-839522115-1003\software\nico mak computing\winzip\filemenu

Description : winzip recently used archives

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1957994488-2146964355-839522115-1003\software\nvidia corporation\global\nview\windowmanagement

Description : nvidia nview cached application window positions

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1957994488-2146964355-839522115-1003\software\microsoft\windows media\wmsdk\general

Description : windows media sdk

 

 

Listing running processes

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

#:1 [smss.exe]

FilePath : \SystemRoot\System32\

ProcessID : 440

ThreadCreationTime : 21-10-2005 10:13:24

BasePriority : Normal

 

 

#:2 [winlogon.exe]

FilePath : \??\C:\WINDOWS\system32\

ProcessID : 520

ThreadCreationTime : 21-10-2005 10:13:26

BasePriority : High

 

 

#:3 [services.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 564

ThreadCreationTime : 21-10-2005 10:13:26

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Sistema operacional Microsoft® Windows®

CompanyName : Microsoft Corporation

FileDescription : Aplicativo de serviços e controle

InternalName : services.exe

LegalCopyright : © Microsoft Corporation. Todos os direitos reservados.

OriginalFilename : services.exe

 

#:4 [lsass.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 576

ThreadCreationTime : 21-10-2005 10:13:26

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : LSA Shell (Export Version)

InternalName : lsass.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : lsass.exe

 

#:5 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 728

ThreadCreationTime : 21-10-2005 10:13:28

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:6 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 868

ThreadCreationTime : 21-10-2005 10:13:28

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:7 [incdsrv.exe]

FilePath : C:\Arquivos de programas\Ahead\InCD\

ProcessID : 892

ThreadCreationTime : 21-10-2005 10:13:28

BasePriority : Normal

FileVersion : 4, 2, 4, 1

ProductVersion : 4, 2, 4, 1

ProductName : Ahead Software AG incdsrv

CompanyName : Ahead Software AG

FileDescription : incdsrv

InternalName : incdsrv

LegalCopyright : Copyright 1995-2004 Ahead Software AG and its licensors. All Rights Reserved.

LegalTrademarks : InCD is a trademark of Ahead Software AG

OriginalFilename : incdsrv.exe

 

#:8 [spoolsv.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1240

ThreadCreationTime : 21-10-2005 10:13:30

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Spooler SubSystem App

InternalName : spoolsv.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : spoolsv.exe

 

#:9 [aswupdsv.exe]

FilePath : C:\Arquivos de programas\Alwil Software\Avast4\

ProcessID : 1388

ThreadCreationTime : 21-10-2005 10:13:38

BasePriority : Normal

 

 

#:10 [ashserv.exe]

FilePath : C:\Arquivos de programas\Alwil Software\Avast4\

ProcessID : 1400

ThreadCreationTime : 21-10-2005 10:13:38

BasePriority : High

FileVersion : 4, 6, 665, 0

ProductVersion : 4, 6, 0, 0

ProductName : avast! Antivirus

FileDescription : avast! antivirus service

InternalName : aswServ

LegalCopyright : Copyright © 2005 ALWIL Software

OriginalFilename : aswServ.exe

 

#:11 [avgamsvr.exe]

FilePath : C:\ARQUIV~1\Grisoft\AVGFRE~1\

ProcessID : 1424

ThreadCreationTime : 21-10-2005 10:13:38

BasePriority : Normal

FileVersion : 7,1,0,321

ProductVersion : 7.1.0.321

ProductName : AVG Anti-Virus System

CompanyName : GRISOFT, s.r.o.

FileDescription : AVG Alert Manager

InternalName : avgamsvr

LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.

OriginalFilename : avgamsvr.EXE

 

#:12 [avgupsvc.exe]

FilePath : C:\ARQUIV~1\Grisoft\AVGFRE~1\

ProcessID : 1444

ThreadCreationTime : 21-10-2005 10:13:38

BasePriority : Normal

FileVersion : 7,1,0,321

ProductVersion : 7.1.0.321

ProductName : AVG 7.0 Anti-Virus System

CompanyName : GRISOFT, s.r.o.

FileDescription : AVG Update Service

InternalName : avgupsvc

LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.

OriginalFilename : avgupdsvc.EXE

 

#:13 [ewidoctrl.exe]

FilePath : C:\Arquivos de programas\ewido\security suite\

ProcessID : 1516

ThreadCreationTime : 21-10-2005 10:13:39

BasePriority : Normal

FileVersion : 3, 0, 0, 1

ProductVersion : 3, 0, 0, 1

ProductName : ewido control

CompanyName : ewido networks

FileDescription : ewido control

InternalName : ewido control

LegalCopyright : Copyright © 2004

OriginalFilename : ewidoctrl.exe

 

#:14 [ewidoguard.exe]

FilePath : C:\Arquivos de programas\ewido\security suite\

ProcessID : 1532

ThreadCreationTime : 21-10-2005 10:13:39

BasePriority : Normal

FileVersion : 3, 0, 0, 1

ProductVersion : 3, 0, 0, 1

ProductName : guard

CompanyName : ewido networks

FileDescription : guard

InternalName : guard

LegalCopyright : Copyright © 2004

OriginalFilename : guard.exe

 

#:15 [mdm.exe]

FilePath : C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\

ProcessID : 1584

ThreadCreationTime : 21-10-2005 10:13:40

BasePriority : Normal

FileVersion : 7.00.9064.9150

ProductVersion : 7.00.9064.9150

ProductName : Microsoft Development Environment

CompanyName : Microsoft Corporation

FileDescription : Machine Debug Manager

InternalName : mdm.exe

LegalCopyright : Copyright © Microsoft Corp. 1997-2000

OriginalFilename : mdm.exe

 

#:16 [nvsvc32.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1620

ThreadCreationTime : 21-10-2005 10:13:40

BasePriority : Normal

FileVersion : 6.14.10.5655

ProductVersion : 6.14.10.5655

ProductName : NVIDIA Driver Helper Service, Version 56.55

CompanyName : NVIDIA Corporation

FileDescription : NVIDIA Driver Helper Service, Version 56.55

InternalName : NVSVC

LegalCopyright : © NVIDIA Corporation. All rights reserved.

OriginalFilename : nvsvc32.exe

 

#:17 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1732

ThreadCreationTime : 21-10-2005 10:13:40

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:18 [ashmaisv.exe]

FilePath : C:\Arquivos de programas\Alwil Software\Avast4\

ProcessID : 124

ThreadCreationTime : 21-10-2005 10:13:45

BasePriority : Normal

 

 

#:19 [ashwebsv.exe]

FilePath : C:\Arquivos de programas\Alwil Software\Avast4\

ProcessID : 236

ThreadCreationTime : 21-10-2005 10:13:46

BasePriority : Normal

 

 

#:20 [rundll32.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 500

ThreadCreationTime : 21-10-2005 10:18:22

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Sistema operacional Microsoft® Windows®

CompanyName : Microsoft Corporation

FileDescription : Executa uma DLL como um aplicativo

InternalName : rundll

LegalCopyright : © Microsoft Corporation. Todos os direitos reservados.

OriginalFilename : RUNDLL.EXE

 

#:21 [explorer.exe]

FilePath : C:\WINDOWS\

ProcessID : 2080

ThreadCreationTime : 21-10-2005 10:18:25

BasePriority : Normal

FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 6.00.2900.2180

ProductName : Sistema operacional Microsoft® Windows®

CompanyName : Microsoft Corporation

FileDescription : Windows Explorer

InternalName : explorer

LegalCopyright : © Microsoft Corporation. Todos os direitos reservados.

OriginalFilename : EXPLORER.EXE

 

#:22 [incd.exe]

FilePath : C:\Arquivos de programas\Ahead\InCD\

ProcessID : 2176

ThreadCreationTime : 21-10-2005 10:18:29

BasePriority : Normal

FileVersion : 4, 2, 4, 1

ProductVersion : 4, 2, 4, 1

ProductName : Ahead Software AG InCD

CompanyName : Ahead Software AG

FileDescription : InCD

InternalName : InCD

LegalCopyright : Copyright 1995-2004 Ahead Software AG and its licensors. All Rights Reserved.

LegalTrademarks : InCD is a trademark of Ahead Software AG

OriginalFilename : InCD.exe

 

#:23 [avgcc.exe]

FilePath : C:\ARQUIV~1\Grisoft\AVGFRE~1\

ProcessID : 2192

ThreadCreationTime : 21-10-2005 10:18:29

BasePriority : Normal

FileVersion : 7,1,0,338

ProductVersion : 7.1.0.338

ProductName : AVG Anti-Virus System

CompanyName : GRISOFT, s.r.o.

FileDescription : AVG Control Center

InternalName : AvgCC

LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.

OriginalFilename : AvgCC.EXE

 

#:24 [hpwuschd2.exe]

FilePath : C:\Arquivos de programas\HP\HP Software Update\

ProcessID : 2224

ThreadCreationTime : 21-10-2005 10:18:30

BasePriority : Normal

FileVersion : 2, 0, 39, 0

ProductVersion : 2, 0, 39, 0

ProductName : Hewlett-Packard hpwuSchd

CompanyName : Hewlett-Packard Company

FileDescription : hpwuSchd

InternalName : hpwuSchd

LegalCopyright : Copyright © 2003

OriginalFilename : hpwuSchd2.exe

 

#:25 [hpcmpmgr.exe]

FilePath : C:\Arquivos de programas\HP\hpcoretech\

ProcessID : 2232

ThreadCreationTime : 21-10-2005 10:18:30

BasePriority : Normal

FileVersion : 2.1.1.0

ProductVersion : 2.1.5

ProductName : hp coretech (COmponent REuse TECHnology)

CompanyName : Hewlett-Packard Company

FileDescription : HP Framework Component Manager Service

InternalName : HPComponentManagerService module

LegalCopyright : Copyright © Hewlett-Packard. 2002-2004

OriginalFilename : HpCmpMgr.exe

 

#:26 [ashdisp.exe]

FilePath : C:\ARQUIV~1\ALWILS~1\Avast4\

ProcessID : 2240

ThreadCreationTime : 21-10-2005 10:18:30

BasePriority : Normal

FileVersion : 4, 6, 665, 0

ProductVersion : 4, 6, 0, 0

ProductName : avast! Antivirus

FileDescription : avast! service GUI component

InternalName : aswDisp

LegalCopyright : Copyright © 2005 ALWIL Software

OriginalFilename : aswDisp.exe

 

#:27 [gcasserv.exe]

FilePath : C:\Arquivos de programas\Microsoft AntiSpyware\

ProcessID : 2264

ThreadCreationTime : 21-10-2005 10:18:32

BasePriority : Idle

FileVersion : 1.00.0615

ProductVersion : 1.00.0615

ProductName : Microsoft AntiSpyware (Beta 1)

CompanyName : Microsoft Corporation

FileDescription : Microsoft AntiSpyware Service

InternalName : gcasServ

LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.

LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet is a trademark of Microsoft Corporation.

OriginalFilename : gcasServ.exe

 

#:28 [ctfmon.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 2368

ThreadCreationTime : 21-10-2005 10:18:34

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : CTF Loader

InternalName : CTFMON

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : CTFMON.EXE

 

#:29 [msmsgs.exe]

FilePath : C:\Arquivos de programas\Messenger\

ProcessID : 2488

ThreadCreationTime : 21-10-2005 10:18:36

BasePriority : Normal

FileVersion : 4.7.3000

ProductVersion : Version 4.7.3000

ProductName : Messenger

CompanyName : Microsoft Corporation

FileDescription : Windows Messenger

InternalName : msmsgs

LegalCopyright : Copyright © Microsoft Corporation 2004

LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.

OriginalFilename : msmsgs.exe

 

#:30 [gcasdtserv.exe]

FilePath : C:\Arquivos de programas\Microsoft AntiSpyware\

ProcessID : 2532

ThreadCreationTime : 21-10-2005 10:18:36

BasePriority : Normal

FileVersion : 1.00.0615

ProductVersion : 1.00.0615

ProductName : Microsoft AntiSpyware (Beta 1)

CompanyName : Microsoft Corporation

FileDescription : Microsoft AntiSpyware Data Service

InternalName : gcasDtServ

LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.

LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet is a trademark of Microsoft Corporation.

OriginalFilename : gcasDtServ.exe

 

#:31 [msnmsgr.exe]

FilePath : C:\Arquivos de programas\MSN Messenger\

ProcessID : 2632

ThreadCreationTime : 21-10-2005 10:18:43

BasePriority : Normal

FileVersion : 7.5.0306

ProductVersion : 7.5.0306

ProductName : MSN Messenger

CompanyName : Microsoft Corporation

FileDescription : MSN Messenger

InternalName : msnmsgr

LegalCopyright : Copyright © Microsoft Corporation 1997-2004

LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.

OriginalFilename : msnmsgr.exe

 

#:32 [hpqtra08.exe]

FilePath : C:\Arquivos de programas\HP\Digital Imaging\bin\

ProcessID : 2732

ThreadCreationTime : 21-10-2005 10:18:45

BasePriority : Normal

FileVersion : 43.1.5.000

ProductVersion : 043.001.005.000

ProductName : hp digital imaging - hp all-in-one series

CompanyName : Hewlett-Packard Co.

FileDescription : HP Digital Imaging Monitor (CUE)

InternalName : HPQTRA00

LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2004

OriginalFilename : HPQTRA00.EXE

Comments : HP Digital Imaging Monitor (CUE)

 

#:33 [hpqgalry.exe]

FilePath : C:\Arquivos de programas\HP\Digital Imaging\bin\

ProcessID : 2940

ThreadCreationTime : 21-10-2005 10:18:49

BasePriority : Normal

 

 

#:34 [coreldrw.exe]

FilePath : C:\Arquivos de programas\Corel\Corel Graphics 12\Programs\

ProcessID : 3544

ThreadCreationTime : 21-10-2005 10:20:56

BasePriority : Normal

FileVersion : 12.0.0.458

ProductVersion : 12.0.0.458

ProductName : Corel Graphics Applications

CompanyName : Corel Corporation

FileDescription : CorelDRAW®

InternalName : CorelDrw

LegalCopyright : Copyright© 2003 Corel Corporation

LegalTrademarks : Corel, CorelDRAW, Corel DESIGNER, Corel R.A.V.E., Corel PHOTO-PAINT, CorelTRACE and Corel CAPTURE are trademarks or registered trademarks of Corel Corporation and/or its subsidiaries in Canada, the U.S. and/or other countries.

OriginalFilename : CorelDrw.exe

 

#:35 [winamp.exe]

FilePath : C:\Arquivos de programas\Winamp\

ProcessID : 2700

ThreadCreationTime : 21-10-2005 11:00:10

BasePriority : Normal

FileVersion : 2.77

ProductVersion : 2.77

ProductName : Winamp

CompanyName : Nullsoft

FileDescription : Winamp

InternalName : WINAMP

LegalCopyright : Copyright © 1997-2001, Nullsoft, Inc.

LegalTrademarks : Nullsoft and Winamp are trademarks of Nullsoft, Inc.

OriginalFilename : Winamp.exe

Comments : Visit http://www.winamp.com/ for updates.

 

#:36 [iexplore.exe]

FilePath : C:\Arquivos de programas\Internet Explorer\

ProcessID : 2868

ThreadCreationTime : 21-10-2005 11:17:37

BasePriority : Normal

FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 6.00.2900.2180

ProductName : Sistema operacional Microsoft® Windows®

CompanyName : Microsoft Corporation

FileDescription : Internet Explorer

InternalName : iexplore

LegalCopyright : © Microsoft Corporation. Todos os direitos reservados.

OriginalFilename : IEXPLORE.EXE

 

#:37 [iexplore.exe]

FilePath : C:\Arquivos de programas\Internet Explorer\

ProcessID : 2756

ThreadCreationTime : 21-10-2005 11:18:55

BasePriority : Normal

FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 6.00.2900.2180

ProductName : Sistema operacional Microsoft® Windows®

CompanyName : Microsoft Corporation

FileDescription : Internet Explorer

InternalName : iexplore

LegalCopyright : © Microsoft Corporation. Todos os direitos reservados.

OriginalFilename : IEXPLORE.EXE

 

#:38 [iexplore.exe]

FilePath : C:\ARQUIVOS DE PROGRAMAS\INTERNET EXPLORER\

ProcessID : 3844

ThreadCreationTime : 21-10-2005 11:51:53

BasePriority : Normal

FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 6.00.2900.2180

ProductName : Sistema operacional Microsoft® Windows®

CompanyName : Microsoft Corporation

FileDescription : Internet Explorer

InternalName : iexplore

LegalCopyright : © Microsoft Corporation. Todos os direitos reservados.

OriginalFilename : IEXPLORE.EXE

 

#:39 [iexplore.exe]

FilePath : C:\ARQUIVOS DE PROGRAMAS\INTERNET EXPLORER\

ProcessID : 3152

ThreadCreationTime : 21-10-2005 11:55:56

BasePriority : Normal

FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 6.00.2900.2180

ProductName : Sistema operacional Microsoft® Windows®

CompanyName : Microsoft Corporation

FileDescription : Internet Explorer

InternalName : iexplore

LegalCopyright : © Microsoft Corporation. Todos os direitos reservados.

OriginalFilename : IEXPLORE.EXE

 

#:40 [hpzipm12.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 2296

ThreadCreationTime : 21-10-2005 11:57:58

BasePriority : Normal

FileVersion : 8, 0, 0, 0

ProductVersion : 8, 0, 0, 0

ProductName : HP PML

CompanyName : HP

FileDescription : PML Driver

InternalName : PmlDrv

LegalCopyright : Copyright © 1998, 1999 Hewlett-Packard Company

OriginalFilename : PmlDrv.exe

 

#:41 [iexplore.exe]

FilePath : C:\ARQUIVOS DE PROGRAMAS\INTERNET EXPLORER\

ProcessID : 2104

ThreadCreationTime : 21-10-2005 12:00:00

BasePriority : Normal

FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 6.00.2900.2180

ProductName : Sistema operacional Microsoft® Windows®

CompanyName : Microsoft Corporation

FileDescription : Internet Explorer

InternalName : iexplore

LegalCopyright : © Microsoft Corporation. Todos os direitos reservados.

OriginalFilename : IEXPLORE.EXE

 

#:42 [iexplore.exe]

FilePath : C:\ARQUIVOS DE PROGRAMAS\INTERNET EXPLORER\

ProcessID : 3060

ThreadCreationTime : 21-10-2005 12:04:04

BasePriority : Normal

FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 6.00.2900.2180

ProductName : Sistema operacional Microsoft® Windows®

CompanyName : Microsoft Corporation

FileDescription : Internet Explorer

InternalName : iexplore

LegalCopyright : © Microsoft Corporation. Todos os direitos reservados.

OriginalFilename : IEXPLORE.EXE

 

#:43 [iexplore.exe]

FilePath : C:\Arquivos de programas\Internet Explorer\

ProcessID : 3392

ThreadCreationTime : 21-10-2005 12:05:15

BasePriority : Normal

FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 6.00.2900.2180

ProductName : Sistema operacional Microsoft® Windows®

CompanyName : Microsoft Corporation

FileDescription : Internet Explorer

InternalName : iexplore

LegalCopyright : © Microsoft Corporation. Todos os direitos reservados.

OriginalFilename : IEXPLORE.EXE

 

#:44 [iexplore.exe]

FilePath : C:\ARQUIVOS DE PROGRAMAS\INTERNET EXPLORER\

ProcessID : 3592

ThreadCreationTime : 21-10-2005 12:08:07

BasePriority : Normal

FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 6.00.2900.2180

ProductName : Sistema operacional Microsoft® Windows®

CompanyName : Microsoft Corporation

FileDescription : Internet Explorer

InternalName : iexplore

LegalCopyright : © Microsoft Corporation. Todos os direitos reservados.

OriginalFilename : IEXPLORE.EXE

 

#:45 [iexplore.exe]

FilePath : C:\ARQUIVOS DE PROGRAMAS\INTERNET EXPLORER\

ProcessID : 3632

ThreadCreationTime : 21-10-2005 12:12:11

BasePriority : Normal

FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 6.00.2900.2180

ProductName : Sistema operacional Microsoft® Windows®

CompanyName : Microsoft Corporation

FileDescription : Internet Explorer

InternalName : iexplore

LegalCopyright : © Microsoft Corporation. Todos os direitos reservados.

OriginalFilename : IEXPLORE.EXE

 

#:46 [iexplore.exe]

FilePath : C:\ARQUIVOS DE PROGRAMAS\INTERNET EXPLORER\

ProcessID : 3848

ThreadCreationTime : 21-10-2005 12:16:15

BasePriority : Normal

FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 6.00.2900.2180

ProductName : Sistema operacional Microsoft® Windows®

CompanyName : Microsoft Corporation

FileDescription : Internet Explorer

InternalName : iexplore

LegalCopyright : © Microsoft Corporation. Todos os direitos reservados.

OriginalFilename : IEXPLORE.EXE

 

#:47 [ad-aware.exe]

FilePath : C:\Arquivos de programas\Lavasoft\Ad-Aware SE Personal\

ProcessID : 1060

ThreadCreationTime : 21-10-2005 12:17:36

BasePriority : Normal

FileVersion : 6.2.0.236

ProductVersion : SE 106

ProductName : Lavasoft Ad-Aware SE

CompanyName : Lavasoft Sweden

FileDescription : Ad-Aware SE Core application

InternalName : Ad-Aware.exe

LegalCopyright : Copyright © Lavasoft AB Sweden

OriginalFilename : Ad-Aware.exe

Comments : All Rights Reserved

 

#:48 [iexplore.exe]

FilePath : C:\Arquivos de programas\Internet Explorer\

ProcessID : 212

ThreadCreationTime : 21-10-2005 12:17:53

BasePriority : Normal

FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 6.00.2900.2180

ProductName : Sistema operacional Microsoft® Windows®

CompanyName : Microsoft Corporation

FileDescription : Internet Explorer

InternalName : iexplore

LegalCopyright : © Microsoft Corporation. Todos os direitos reservados.

OriginalFilename : IEXPLORE.EXE

 

Memory scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 17

 

 

Started registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Registry Scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 17

 

 

Started deep registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Deep registry scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 17

 

 

Started Tracking Cookie scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

 

Tracking cookie scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 17

 

 

 

Deep scanning and examining files (C:)

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Surfaccuracy Object Recognized!

Type : File

Data : A0002778.exe

TAC Rating : 5

Category : Malware

Comment :

Object : C:\System Volume Information\_restore{40D55CEB-3382-4F3B-B25F-5E3370B70E02}\RP13\

FileVersion : 1, 0, 0, 1

ProductVersion : 1, 0, 0, 1

ProductName : SAcc Application

InternalName : SAcc

LegalCopyright : Copyright © 2004

OriginalFilename : SAcc.EXE

 

 

CoolWebSearch Object Recognized!

Type : File

Data : A0003775.dll

TAC Rating : 10

Category : Malware

Comment :

Object : C:\System Volume Information\_restore{40D55CEB-3382-4F3B-B25F-5E3370B70E02}\RP14\

 

 

 

CoolWebSearch Object Recognized!

Type : File

Data : A0003786.dll

TAC Rating : 10

Category : Malware

Comment :

Object : C:\System Volume Information\_restore{40D55CEB-3382-4F3B-B25F-5E3370B70E02}\RP14\

 

 

 

CoolWebSearch Object Recognized!

Type : File

Data : A0003790.dll

TAC Rating : 10

Category : Malware

Comment :

Object : C:\System Volume Information\_restore{40D55CEB-3382-4F3B-B25F-5E3370B70E02}\RP14\

 

 

 

Disk Scan Result for C:\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 21

 

 

Scanning Hosts file......

Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Hosts file scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

45 entries scanned.

New critical objects:0

Objects found so far: 21

 

 

 

 

Performing conditional scans...

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

CoolWebSearch Object Recognized!

Type : Regkey

Data :

TAC Rating : 10

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\downloadmanager

 

CoolWebSearch Object Recognized!

Type : RegValue

Data :

TAC Rating : 10

Category : Malware

Comment :

Rootkey : HKEY_CURRENT_USER

Object : software\microsoft\internet explorer\new windows

Value : PopupMgr

 

CoolWebSearch Object Recognized!

Type : RegValue

Data :

TAC Rating : 10

Category : Malware

Comment :

Rootkey : HKEY_CURRENT_USER

Object : software\microsoft\internet explorer\main

Value : Enable Browser Extensions

 

CoolWebSearch Object Recognized!

Type : RegData

Data : about:blank

TAC Rating : 10

Category : Malware

Comment :

Rootkey : HKEY_CURRENT_USER

Object : software\microsoft\internet explorer\main

Value : Start Page

Data : about:blank

 

CoolWebSearch Object Recognized!

Type : RegData

Data : about:blank

TAC Rating : 10

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\internet explorer\main

Value : Start Page

Data : about:blank

 

CoolWebSearch Object Recognized!

Type : File

Data : desktop.html

TAC Rating : 10

Category : Malware

Comment :

Object : C:\WINDOWS\

 

 

 

CoolWebSearch Object Recognized!

Type : File

Data : wbemess.log

TAC Rating : 10

Category : Malware

Comment :

Object : C:\WINDOWS\system32\wbem\logs\

 

 

 

Conditional scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 7

Objects found so far: 28

 

10:26:11 Scan Complete

 

Summary Of This Scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Total scanning time:00:06:51.860

Objects scanned:112446

Objects identified:11

Objects ignored:0

New critical objects:11

[jgarcia 1]

Caro nikols,

 

Siga as orientações deste tutorial aqui.

 

Abraços.

[Shine 0]

Tópico Arquivado

 

Como o autor não respondeu por mais de 20 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada

para um moderador da área juntamente com o link para este tópico e explique

o motivo da reabertura.