Deckard's System Scanner v20071014.68 Run by ECG on 2008-02-05 18:13:04 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- System Restore is disabled; attempting to re-enable...success. -- Last 1 Restore Point(s) -- 1: 2008-02-05 18:13:08 UTC - RP1 - Ponto de verificação do sistema Backed up registry hives. Performed disk cleanup. -- HijackThis (run as ECG.exe) ------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:16:12, on 05-02-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programas\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programas\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Programas\Alwil Software\Avast4\aswUpdSv.exe C:\Programas\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Programas\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\svchost.exe C:\Programas\Ficheiros comuns\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\PSIService.exe C:\Programas\Spyware Doctor\pctsAuxs.exe C:\Programas\Spyware Doctor\pctsSvc.exe C:\WINDOWS\system32\tcpsvcs.exe C:\PROGRA~1\SPYWAR~2\sp_rsser.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Programas\Alcatel\SpeedTouch USB\Dragdiag.exe C:\Programas\Windows Defender\MSASCui.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Programas\Google\Gmail Notifier\gnotify.exe C:\Programas\Spyware Doctor\pctsTray.exe C:\Programas\Enigma Software Group\SpyHunter\SpyHunter3.exe C:\Programas\Spyware Terminator\SpywareTerminatorShield.exe C:\WINDOWS\system32\ctfmon.exe C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programas\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe C:\Programas\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\TuneUpDefragService.exe C:\Programas\MSN Messenger\usnsvc.exe C:\Documents and Settings\ECG\Ambiente de trabalho\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\ECG.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60327 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://acesso.clix.pt/free/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Programas\Crawler\Toolbar\ctbr.dll O1 - Hosts: 102.54.94.97 rino.acme.com # servidor de origem O1 - Hosts: 38.25.63.10 x.acme.com # anfitrião de cliente x O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programas\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Programas\Crawler\Toolbar\ctbr.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programas\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programas\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file) O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programas\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programas\google\googletoolbar1.dll O3 - Toolbar: Barra de ferramentas &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Programas\Crawler\Toolbar\ctbr.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programas\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [Windows Defender] "C:\Programas\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [Ad-Watch] C:\Programas\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Programas\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [ISTray] "C:\Programas\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Programas\Enigma Software Group\SpyHunter\SpyHunter3.exe O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programas\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHEI~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHEI~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O8 - Extra context menu item: Crawler Search - tbr:iemenu O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\j2re1.4.2_04\bin\npjpi142_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\j2re1.4.2_04\bin\npjpi142_04.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Programas\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.clix.pt O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{06DF2878-B8C5-4753-9C7A-ED35CAEB57A0}: NameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\..\{793B74FF-742B-47B3-A192-1E8E407358DF}: NameServer = 195.23.129.126 194.79.69.222 O17 - HKLM\System\CS1\Services\Tcpip\..\{06DF2878-B8C5-4753-9C7A-ED35CAEB57A0}: NameServer = 10.0.0.138 O17 - HKLM\System\CS2\Services\Tcpip\..\{06DF2878-B8C5-4753-9C7A-ED35CAEB57A0}: NameServer = 10.0.0.138 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHEI~1\Skype\SKYPE4~1.DLL O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Programas\Crawler\Toolbar\ctbr.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programas\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programas\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashWebSv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programas\Bonjour\mDNSResponder.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programas\Ficheiros comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\FICHEI~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing) O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programas\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programas\Spyware Doctor\pctsSvc.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programas\Spyware Terminator\sp_rsser.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Unknown owner - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe (file missing) O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe -- End of file - 11163 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 cdrbsvsd - c:\windows\system32\drivers\cdrbsvsd.sys R1 sp_rsdrv2 (Spyware Terminator Driver 2) - c:\windows\system32\drivers\sp_rsdrv2.sys R3 Ad-Watch Connect Filter (Ad-Watch Connect Kernel Filter) - c:\windows\system32\drivers\nsdriver.sys R3 Ad-Watch Real-Time Scanner (AW Real-Time Scanner) - c:\windows\system32\drivers\awrtpd.sys R3 Ad-Watch Registry Filter (Ad-Watch Registry Kernel Filter) - c:\windows\system32\drivers\awrtrd.sys S0 BTHidMgr (Bluetooth HID Manager Service) - c:\windows\system32\drivers\bthidmgr.sys (file missing) S2 tm_cfw (Common Firewall Driver) - c:\windows\system32\drivers\tm_cfw.sys (file missing) S3 AdWatchDrv (AW Realtime Driver) - c:\windows\system32\drivers\awrtpd.sys S3 BlueletAudio (Bluetooth Audio Service) - c:\windows\system32\drivers\blueletaudio.sys (file missing) S3 BlueletSCOAudio (Bluetooth SCO Audio Service) - c:\windows\system32\drivers\blueletscoaudio.sys (file missing) S3 BT (Bluetooth PAN Network Adapter) - c:\windows\system32\drivers\btnetdrv.sys (file missing) S3 Btcsrusb (Bluetooth USB For Bluetooth Service) - c:\windows\system32\drivers\btcusb.sys (file missing) S3 BTHidEnum (Bluetooth HID Enumerator) - c:\windows\system32\drivers\vbtenum.sys (file missing) S3 FETNDIS (Controlador de placa Fast Ethernet VIA PCI 10/100Mb para NT) - c:\windows\system32\drivers\fetnd5.sys (file missing) S3 grmnusb - c:\windows\system32\drivers\grmnusb.sys S3 NAVENG - c:\progra~1\fichei~1\symant~1\virusd~1\20051214.017\naveng.sys (file missing) S3 NAVEX15 - c:\progra~1\fichei~1\symant~1\virusd~1\20051214.017\navex15.sys (file missing) S3 VComm (Virtual Serial port driver) - c:\windows\system32\drivers\vcomm.sys (file missing) S3 VcommMgr (Bluetooth VComm Manager Service) - c:\windows\system32\drivers\vcommmgr.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - c:\programas\bonjour\mdnsresponder.exe R2 sp_rssrv (Spyware Terminator Realtime Shield Service) - "c:\programas\spyware terminator\sp_rsser.exe" S2 SBService (ScriptBlocking Service) - c:\progra~1\fichei~1\symant~1\script~1\sbserv.exe (file missing) S2 TmPfw (Trend Micro Personal Firewall) - c:\progra~1\trendm~1\intern~1\tmpfw.exe (file missing) S3 FirebirdServerMAGIXInstance (Firebird Server - MAGIX Instance) - c:\magix\common\database\bin\fbserver.exe S3 FLEXnet Licensing Service - "c:\programas\ficheiros comuns\macrovision shared\flexnet publisher\fnplicensingservice.exe" -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: VIA Rhine II Fast Ethernet Adapter Device ID: PCI\VEN_1106&DEV_3065&SUBSYS_01021106&REV_78\3&267A616A&0&90 Manufacturer: VIA Technologies, Inc. Name: VIA Rhine II Fast Ethernet Adapter PNP Device ID: PCI\VEN_1106&DEV_3065&SUBSYS_01021106&REV_78\3&267A616A&0&90 Service: FETNDISB -- Scheduled Tasks ------------------------------------------------------------- 2008-02-05 17:25:14 364 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job 2008-02-05 17:14:42 322 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job -- Files created between 2008-01-05 and 2008-02-05 ----------------------------- 2008-02-04 15:54:39 0 d-------- C:\Programas\Panda Security 2008-02-03 20:31:30 138752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys 2008-02-03 18:09:00 0 d-------- C:\Programas\Crawler 2008-02-03 18:08:51 0 d-------- C:\Documents and Settings\ECG\Application Data\Spyware Terminator 2008-02-03 18:08:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator 2008-02-03 18:08:46 0 d-------- C:\Programas\Spyware Terminator 2008-02-03 17:52:24 0 d-------- C:\Programas\Enigma Software Group 2008-02-03 17:33:33 0 d-------- C:\Programas\IObit 2008-02-02 16:55:40 0 d-------- C:\Programas\VS Revo Group 2008-01-30 21:49:21 0 d-------- C:\Documents and Settings\ECG\.housecall6.6 2008-01-30 10:55:35 0 d-------- C:\WINDOWS\system32\Os Meus Documentos 2008-01-29 14:38:48 0 d-------- C:\Documents and Settings\ECG\Ambiente Trabalho 2008-01-28 15:47:09 0 d-------- C:\Programas\Ficheiros comuns\Symantec Shared 2008-01-27 17:08:37 0 d-------- C:\Programas\Snapfish Foto Álbum 2008-01-23 18:35:50 9699328 --a------ C:\Documents and Settings\ECG\ntuser.dat 2008-01-21 17:43:13 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-01-11 17:12:57 88 -r-hs---- C:\WINDOWS\system32\94EBDF6699.sys 2008-01-11 17:11:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Corel 2008-01-11 16:48:30 0 d-------- C:\Programas\Corel 2008-01-11 16:48:20 0 d-------- C:\Documents and Settings\ECG\Application Data\InstallShield -- Find3M Report --------------------------------------------------------------- 2008-02-05 17:26:03 0 d-------- C:\Programas\Spyware Doctor 2008-02-05 17:16:35 627090 --a------ C:\WINDOWS\system32\perfh016.dat 2008-02-05 17:16:35 109896 --a------ C:\WINDOWS\system32\perfc016.dat 2008-02-03 17:03:14 0 d-------- C:\Programas\Trend Micro 2008-02-02 17:04:10 0 d-------- C:\Programas\Real 2008-01-30 14:23:11 0 d-------- C:\Programas\Mozilla Thunderbird 2008-01-28 15:47:09 0 d-------- C:\Programas\Ficheiros comuns 2008-01-24 17:23:46 0 d-------- C:\Programas\TuneUp Utilities 2008 2008-01-22 17:39:48 0 d-------- C:\Documents and Settings\ECG\Application Data\Image Zone Express 2008-01-17 00:53:04 3350 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys 2008-01-14 17:41:04 1080 --a------ C:\WINDOWS\AUTOLNCH.REG 2008-01-11 17:51:53 0 d-------- C:\Programas\IrfanView 2008-01-11 17:17:13 0 d-------- C:\Programas\Web Photo Album 2008-01-11 17:14:00 0 d-------- C:\Documents and Settings\ECG\Application Data\Corel 2008-01-06 17:54:03 0 d-------- C:\Documents and Settings\ECG\Application Data\Skype 2008-01-02 16:36:55 0 d-------- C:\Programas\AvRack 2008-01-02 01:08:05 0 d-------- C:\Documents and Settings\ECG\Application Data\w.bloggar 2008-01-02 01:07:50 0 d-------- C:\Programas\w.bloggar 2008-01-01 16:44:05 0 d-------- C:\Programas\Google 2007-12-30 18:33:23 0 d-------- C:\Documents and Settings\ECG\Application Data\Microsoft Web Folders 2007-12-30 18:02:41 0 d-------- C:\Documents and Settings\ECG\Application Data\Spamihilator 2007-12-29 00:08:04 0 d-------- C:\Documents and Settings\ECG\Application Data\Printer Info Cache 2007-12-26 16:40:49 0 d-------- C:\Programas\Microsoft AntiSpyware 2007-12-26 16:40:49 0 d-------- C:\Programas\Messenger 2007-12-25 17:06:06 99965 --a------ C:\WINDOWS\UninstallThunderbird.exe 2007-12-25 17:06:02 11312 --a------ C:\WINDOWS\mozver.dat 2007-12-25 12:35:32 0 d-------- C:\Programas\MSBuild 2007-12-21 17:57:51 0 d-------- C:\Programas\Ficheiros comuns\Wise Installation Wizard 2007-12-10 16:00:37 0 d-------- C:\Programas\Microsoft CAPICOM 2.1.0.2 2007-12-10 13:07:09 0 d-------- C:\Programas\Ficheiros comuns\Logitech 2007-12-10 13:06:42 0 d-------- C:\Programas\Logitech 2007-11-25 16:19:01 203776 --a------ C:\WINDOWS\system32\clrviddc.dll -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [04-12-2007 13:00] "SpeedTouch USB Diagnostics"="C:\Programas\Alcatel\SpeedTouch USB\Dragdiag.exe" [12-11-2002 10:02] "Windows Defender"="C:\Programas\Windows Defender\MSASCui.exe" [03-11-2006 18:20] "Ad-Watch"="C:\Programas\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe" [28-01-2008 20:14] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [19-07-2005 17:32] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Programas\Google\Gmail Notifier\gnotify.exe" [15-07-2005 21:48] "ISTray"="C:\Programas\Spyware Doctor\pctsTray.exe" [10-12-2007 14:53] "SpyHunter Security Suite"="C:\Programas\Enigma Software Group\SpyHunter\SpyHunter3.exe" [23-01-2008 14:47] "SpywareTerminator"="C:\Programas\Spyware Terminator\SpywareTerminatorShield.exe" [03-02-2008 18:13] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04-08-2004 12:00] "swg"="C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [01-12-2007 17:00] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "DWQueuedReporting"="C:\PROGRA~1\FICHEI~1\MICROS~1\DW\dwtrig20.exe" -t "Picasa Media Detector"=C:\Programas\Picasa2\PicasaMediaDetector.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "NoVisualStyleChoice"=0 (0x0) "NoColorChoice"=0 (0x0) "NoSizeChoice"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoRemoteRecursiveEvents"=1 (0x1) "LinkResolveIgnoreLinkInfo"=0 (0x0) "NoResolveSearch"=1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"=1 (0x1) "NoSaveSettings"=0 (0x0) "NoSMConfigurePrograms"=1 (0x1) "NoRecentDocsMenu"=1 (0x1) "NoLowDiskSpaceChecks"=1 (0x1) "NoChangeKeyboardNavigationIndicators"=0 (0x0) "NoSharedDocuments"=1 (0x1) "LinkResolveIgnoreLinkInfo"=0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Arranque^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Arranque\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Arranque^Adobe Reader Synchronizer.lnk] path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Arranque\Adobe Reader Synchronizer.lnk backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Arranque^Logitech Desktop Messenger.lnk] path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Arranque\Logitech Desktop Messenger.lnk backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Arranque^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Arranque\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Arranque^Picture Package Menu.lnk] path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Arranque\Picture Package Menu.lnk backup=C:\WINDOWS\pss\Picture Package Menu.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Arranque^Picture Package VCD Maker.lnk] path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Arranque\Picture Package VCD Maker.lnk backup=C:\WINDOWS\pss\Picture Package VCD Maker.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Arranque^VIA RAID TOOL.lnk] path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Arranque\VIA RAID TOOL.lnk backup=C:\WINDOWS\pss\VIA RAID TOOL.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^ECG^Menu Iniciar^Programas^Arranque^Corel Print House Registration.lnk] path=C:\Documents and Settings\ECG\Menu Iniciar\Programas\Arranque\Corel Print House Registration.lnk backup=C:\WINDOWS\pss\Corel Print House Registration.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^ECG^Menu Iniciar^Programas^Arranque^OpenOffice.org 2.1.lnk] path=C:\Documents and Settings\ECG\Menu Iniciar\Programas\Arranque\OpenOffice.org 2.1.lnk backup=C:\WINDOWS\pss\OpenOffice.org 2.1.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\12Voip] "C:\Programas\12Voip.com\12Voip\12Voip.exe" -nosplash -minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] "C:\Programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader] C:\Programas\Corel\Corel Snapfire\Corel Photo Downloader.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] "C:\Programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk] C:\Programas\Google\Google Talk\googletalk.exe /autostart [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] "C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gStart] C:\Garmin\gStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager] "C:\Programas\HP\hpcoretech\hpcmpmgr.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] "C:\Programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05] C:\WINDOWS\system32\hphmon05.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05] c:\Programas\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\I&F Viewer toolbar] "C:\Programas\Photo Toolkit\ivbar\phototoolkitmem.exe" -start [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "C:\Programas\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM] C:\Programas\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair] C:\Programas\Logitech\ImageStudio\ISStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray] C:\Programas\Logitech\ImageStudio\LogiTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate] C:\Programas\Logitech\Video\ManifestEngine.exe boot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair] C:\Programas\Logitech\Video\ISStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray] C:\Programas\Logitech\Video\LogiTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "C:\Programas\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] C:\Programas\Picasa2\PicasaMediaDetector.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Programas\QuickTime\QTTask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteAdvisor] C:\Programas\SiteAdvisor\5020\SiteAdv.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] "C:\Programas\Skype\Phone\Skype.exe" /nosplash /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] SOUNDMAN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Programas\Java\j2re1.4.2_04\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] "C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe" -osboot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Programas\Google\Gmail Notifier\gnotify.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Skype"="C:\Programas\Skype\Phone\Skype.exe" /nosplash /minimized "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe "swg"=C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent "VTTimer"=VTTimer.exe "VTTrayp"=VTtrayp.exe "TkBellExe"="C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe" -osboot [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs BthServ p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp *Newly Created Service* - AD-WATCH_REGISTRY_FILTER -- Hosts ----------------------------------------------------------------------- 102.54.94.97 rino.acme.com # servidor de origem 38.25.63.10 x.acme.com # anfitrião de cliente x 127.0.0.1 localhost -- End of Deckard's System Scanner: finished at 2008-02-05 18:18:30 ------------