Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

cws_ns3


  • Please log in to reply

#1
rasta11

rasta11

    Member

  • Member
  • PipPip
  • 23 posts
i have cws_ns3 on my pc...how can i get ride of it
please help....
  • 0

Advertisements


#2
-=jonnyrotten=-

-=jonnyrotten=-

    Member 2k

  • Retired Staff
  • 2,678 posts
Your computer has a number of spyware programs that we need to remove. For more info on spyware see the Spyware Tools link in my signature.

Let's start with a couple of free programs:
CWShredder is the first to run. Here's why: If a CoolWebSearch variant is indeed running on your system, it may actually prevent you from running spyware scans. It is smart enough to detect efforts to detect it, and stop them. Download CWShredder to your desktop or other location. Close all browser windows, double click the CWShredder icon to run, then click the Fix -> button. When finished, reboot and run Spybot Search & Destroy.

Spybot Search & Destroy Download and install. Start Spybot S&D using the "Spybot-S&D (easy mode)" link from your Start menu . Click the Search for updates button, if any are found then click the Download Updates button. After all updates are downloaded, click the Check for problems button. When the scan is complete, place a check next to anything marked in red, then click the Fix selected problems button. You may need to run Spybot S&D multiple times to remove all infections.

When finished, Reboot your computer.

CLICK HERE to download CWShredder
CLICK HERE to download Spybot S&D


Let us take a closer look at what is running on your PC. We'll need you to use a free diagnostic tool (HiJackThis) and post a log back here with the results.

Click the HijackThis Guide in my signature, download it and follow the instructions in the guide.

Most of what it lists will be harmless or even essential, DO NOT delete or modify anything yet! Someone will be along to tell you what steps to take after you post the contents of the scan results.

-=jonnyrotten=- <_<
  • 0

#3
rasta11

rasta11

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
thanks...i´m gona try that...
  • 0

#4
rasta11

rasta11

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Logfile of HijackThis v1.98.2
Scan saved at 21:20:57, on 01-10-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\FaxSetup.log:lhfpo
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\pctspk.exe
C:\WINDOWS\System32\PV92Tray.exe
C:\Programas\Ahead\InCD\InCD.exe
C:\Programas\Messenger Plus! 3\MsgPlus.exe
C:\WINDOWS\system32\iptz32.exe
C:\Program Files\Windows SyncroAd\SyncroAd.exe
c:\progra~1\intern~1\iexplore.exe
C:\WINDOWS\System32\bplhazr.exe
C:\Programas\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\win xp\Application Data\sohe.exe
C:\Program Files\Windows SyncroAd\WinSync.exe
C:\Programas\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\win xp\Os meus documentos\Rui\Diversos\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\lkxxy.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\lkxxy.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\lkxxy.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\lkxxy.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\lkxxy.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\lkxxy.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\lkxxy.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {C45410F7-1A22-A509-8145-C396D0E0B9E0} - C:\WINDOWS\system32\apixg32.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [PV92TRAY] PV92Tray.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Programas\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programas\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [window rule] C:\PROGRA~1\MATHRE~1\gram third.exe
O4 - HKLM\..\Run: [deadtransjugscamp] C:\Documents and Settings\All Users\Application Data\FunkAcidDeadTrans\CopyAcid.exe
O4 - HKLM\..\Run: [iptz32.exe] C:\WINDOWS\system32\iptz32.exe
O4 - HKLM\..\Run: [Windows SyncroAd] C:\Program Files\Windows SyncroAd\SyncroAd.exe
O4 - HKLM\..\Run: [omlhqflrqlvee] C:\WINDOWS\System32\bplhazr.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Aubc] C:\Documents and Settings\win xp\Application Data\sohe.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Programas\Webroot\Spy Sweeper\SpySweeper.exe" /0
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\MSMSGS.EXE
O12 - Plugin for .mpg: C:\Programas\Internet Explorer\PLUGINS\npqtplugin3.dll
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.slotch.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab28578.cab
O16 - DPF: {22222222-2222-2222-2222-222222222222} - file://c:\x.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab30149.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1093539524156
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab28578.cab
O21 - SSODL: SystemCheck - {54645654-2225-4455-44A1-9F4543D34544} - C:\WINDOWS\System32\vbsys.dll

thanks again..
  • 0

#5
-=jonnyrotten=-

-=jonnyrotten=-

    Member 2k

  • Retired Staff
  • 2,678 posts
Please download About:Buster and unzip it to your desktop. Start it, hit Ok, Start, And Ok again to start the scan. It will generate a log. Post that log along with a new Hijack this log here.

Download About:Buster here: http://www.softpedia...load-13127.html

-=jonnyrotten=- <_<
  • 0

#6
rasta11

rasta11

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
-- Scan 1 ---------------------------
About:Buster Version 3.0
Reference List : 15

No ADS found on system
Removed 7 Random Key Entries
Deleted 2 Service Keys Successfully!
Removed! : C:\WINDOWS\jgocm.dat
Attempted Clean Of Temp folder.
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!

-- Scan 2 ---------------------------
About:Buster Version 3.0
Reference List : 15

No ADS found on system
Removed 6 Random Key Entries
Attempted Clean Of Temp folder.
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!
  • 0

#7
rasta11

rasta11

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Logfile of HijackThis v1.98.2
Scan saved at 21:58:26, on 01-10-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\FaxSetup.log:lhfpo
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\pctspk.exe
C:\WINDOWS\System32\PV92Tray.exe
C:\Programas\Ahead\InCD\InCD.exe
C:\Programas\Messenger Plus! 3\MsgPlus.exe
C:\WINDOWS\system32\iptz32.exe
C:\Program Files\Windows SyncroAd\SyncroAd.exe
c:\progra~1\intern~1\iexplore.exe
C:\WINDOWS\System32\bplhazr.exe
C:\Programas\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\win xp\Application Data\sohe.exe
C:\Program Files\Windows SyncroAd\WinSync.exe
C:\Programas\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\win xp\Os meus documentos\Rui\Diversos\Nova pasta\AboutBuster\AboutBuster.exe
C:\Documents and Settings\win xp\Os meus documentos\Rui\Diversos\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.kbguvygeg...d42YPwFkgIn.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {C45410F7-1A22-A509-8145-C396D0E0B9E0} - C:\WINDOWS\system32\apixg32.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [PV92TRAY] PV92Tray.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Programas\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programas\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [window rule] C:\PROGRA~1\MATHRE~1\gram third.exe
O4 - HKLM\..\Run: [deadtransjugscamp] C:\Documents and Settings\All Users\Application Data\FunkAcidDeadTrans\CopyAcid.exe
O4 - HKLM\..\Run: [iptz32.exe] C:\WINDOWS\system32\iptz32.exe
O4 - HKLM\..\Run: [Windows SyncroAd] C:\Program Files\Windows SyncroAd\SyncroAd.exe
O4 - HKLM\..\Run: [omlhqflrqlvee] C:\WINDOWS\System32\bplhazr.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Aubc] C:\Documents and Settings\win xp\Application Data\sohe.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Programas\Webroot\Spy Sweeper\SpySweeper.exe" /0
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\MSMSGS.EXE
O12 - Plugin for .mpg: C:\Programas\Internet Explorer\PLUGINS\npqtplugin3.dll
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.slotch.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab28578.cab
O16 - DPF: {22222222-2222-2222-2222-222222222222} - file://c:\x.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab30149.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1093539524156
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab28578.cab
O21 - SSODL: SystemCheck - {54645654-2225-4455-44A1-9F4543D34544} - C:\WINDOWS\System32\vbsys.dll
  • 0

#8
-=jonnyrotten=-

-=jonnyrotten=-

    Member 2k

  • Retired Staff
  • 2,678 posts
Please download GetService.zip
Extract it to a new folder in the desktop. Double click on the Getservice.bat file to run it. This will create and open a text file named getservice.txt in the same folder. It will then open getservice.txt for you.
getservice.txt will list all active Services. Copy and paste the contents of getservice.txt in your next reply here. From the moment you post your list, until you see a detailed fix written up, DO NOT reboot your system or log off. If you do, the service will have changed and the fix provided will not work

-=jonnyrotten=- <_<
  • 0

#9
rasta11

rasta11

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
PsService v1.1 - local and remote services viewer/controller
Copyright © 2001-2003 Mark Russinovich
Sysinternals - www.sysinternals.com

SERVICE_NAME: Alerter
Notifica utilizadores e computadores seleccionados de alertas administrativos. Se este serviço estiver parado, os programas que utilizam alertas administrativos não os irão receber. Se este serviço estiver desactivado, quaisquer serviços que dependam dele explicitamente não serão iniciados.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k LocalService
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Alerta
DEPENDENCIES : LanmanWorkstation
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: ALG
Fornece suporte para plug-ins de protocolos de outros fabricantes para a 'Partilha de ligação à Internet' e o 'Firewall de ligação à Internet'
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\alg.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Serviço de gateway de camada de aplicação
DEPENDENCIES :
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: AppMgmt
Fornece serviços de instalação de software como, por exemplo, atribuir, publicar e remover.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Gestão de aplicações
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: AudioSrv
Gere dispositivos de áudio para programas baseados no Windows. Se este serviço for parado, os efeitos e dispositivos de áudio não irão funcionar correctamente. Se este serviço for desactivado, o início dos serviços de que dependem explicitamente irá falhar.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : AudioGroup
TAG : 0
DISPLAY_NAME : Áudio do Windows
DEPENDENCIES : PlugPlay
: RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: BITS
Utiliza a largura de banda inactiva da rede para transferir dados.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Serviço de transferência inteligente em fundo
DEPENDENCIES : Rpcss
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Browser
Mantém uma lista actualizada de computadores na rede e fornece-a aos computadores designados por browsers. Se este serviço estiver parado, esta lista não será actualizada ou mantida. Se este serviço estiver desactivado, quaisquer serviços que dependam dele explicitamente não serão iniciados.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Browser de computador
DEPENDENCIES : LanmanWorkstation
: LanmanServer
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: CiSvc
Conteúdo de índices e propriedades de ficheiros em computadores locais e remotos; possibilita o rápido acesso a ficheiros através de uma linguagem de consulta flexível.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\cisvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Serviço de indexação
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ClipSrv
Permite que o 'Visualizador da área de armazenamento' armazene informações e as pçartilhe com computadores remotos. Se o serviço for parado, o 'Visualizador da área de armazenamento' não poderá partilhar informações com computadores remotos. Se este serviço for desactivado, a inicialização dos serviços dependentes dele explicitamente falhará.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\clipsrv.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : ClipBook
DEPENDENCIES : NetDDE
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: COMSysApp
Gere a configuração e o controlo de componentes baseados no Component Object Model (COM)+. Se este serviço for parado, a maior parte dos componentes baseados no COM+ não funcionará correctamente. Se este serviço for desactivado, quaisquer serviços que dependam explicitamente dele não conseguirão ser inicializados.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Aplicação de sistema COM+
DEPENDENCIES : rpcss
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 30 seconds
FAILURE_ACTIONS : Restart DELAY: 1000 seconds
: Restart DELAY: 5000 seconds
: None DELAY: 1000 seconds

SERVICE_NAME: CryptSvc
Fornece três serviços de gestão: 'Serviço de catalogação de bases de dados', que confirma as assinaturas de ficheiros do Windows; 'Serviço de protecção de raiz', que adiciona e remove certificados de 'Autoridade de certificação de raiz fiável' deste computador e o 'Serviço de chaves' que ajuda a inscrever este computador para certificados. Se este serviço for parado, estes serviços de gestão não irão funcionar correctamente. Se este serviço estiver desactivado, quaisquer serviços que dependam dele explicitamente não irão iniciar correctamente.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Serviços criptográficos
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Dhcp
Gere a configuração da rede registando e actualizando endereços IP e nomes DNS.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : Cliente DHCP
DEPENDENCIES : Tcpip
: Afd
: NetBT
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: dmadmin
Configura unidades e volumes de disco rígido. O serviço só é executado para processos de configuração e depois pára.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\dmadmin.exe /com
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Serviço administrativo de gestão de discos lógicos
DEPENDENCIES : RpcSs
: PlugPlay
: DmServer
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: dmserver
Detecta e supervisiona as novas unidades de discos e envia informações sobre o volume de discos para o serviço administrativo de gestão de discos lógicos para configuração. Se este serviço for parado, as informações de estado de discos dinâmicos e de configuração podem ficar desactualizadas. Se este serviço for desactivado, a inicialização dos serviços dependentes dele explicitamente falhará.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Gestor de discos lógicos
DEPENDENCIES : RpcSs
: PlugPlay
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Dnscache
Resolve e coloca na cache os nomes DNS (Domain Name System) para este computador. Se este serviço estiver parado, este computador não será capaz de resolver os nomes de DNS e localizar os controladores de domínio Active Directory. Se este serviço estiver desactivado, quaisquer serviços que dependam dele explicitamente não serão iniciados.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k NetworkService
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : Cliente DNS
DEPENDENCIES : Tcpip
SERVICE_START_NAME: NT AUTHORITY\NetworkService

SERVICE_NAME: ERSvc
Permite o relato de erros para serviços e aplicações a serem executados em ambientes não padrão.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Serviço de relato de erros
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Eventlog
Activa mensagens do registo de eventos emitidas por programas baseados no Windows e componentes a apresentar no 'Visualizador de eventos'. Este serviço não pode ser parado.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\services.exe
LOAD_ORDER_GROUP : Event log
TAG : 0
DISPLAY_NAME : Registo de eventos
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: EventSystem
Suporta o serviço de notificação de eventos do sistema (SENS), que fornece a distribuição automática de eventos para subscrever componentes Component Object Model (COM). Se o serviço for parado, o SENS será encerrado e não poderá fornecer notificações de início e de fim de sessão. Se este serviço for desactivado, quaisquer serviços que dependam explicitamente do mesmo não conseguirão ser inicializados.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : Network
TAG : 0
DISPLAY_NAME : Sistema de eventos do COM+
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: FastUserSwitchingCompatibility
Fornece a gestão para as aplicações que requerem assistência num ambiente de vários utilizadores.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Compatibilidade de 'Mudança rápida de utilizador'
DEPENDENCIES : TermService
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: helpsvc
Activa o Centro de ajuda e suporte para ser executado neste computador. Se este serviço for parado, o Centro de ajuda e suporte não estará disponível. Se este serviço estiver desactivado, todos os serviços que dependem explicitamente dele não vão iniciar.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Ajuda e suporte
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 100 seconds
: Restart DELAY: 100 seconds
: None DELAY: 100 seconds

SERVICE_NAME: HidServ
Fornece acesso por entrada genérica a dispositivos de interface humana (HID), que activa e mantém a utilização de botões de acesso directo em teclados, controlos remotos e outros dispositivos de multimédia. Se este serviço for parado, os botões de acesso directo controlados por este serviço deixarão de funcionar. Se este serviço for desactivado, a inicialização dos serviços dependentes dele explicitamente falhará.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Acesso a dispositivos de interface humana
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ImapiService
Gere a gravação de CD utilizando a IMAPI (Image Mastering Applications Programming Interface). Se este serviço for parado, este computador não conseguirá gravar CDs. Se este serviço estiver desactivado, quaisquer serviços que dependam explicitamente do mesmo não conseguirão ser iniciados.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\imapi.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Serviço COM de gravação de CD de IMAPI
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: InCDsrv
Helper service for the InCD filesystem driver
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Programas\Ahead\InCD\InCDsrv.exe
LOAD_ORDER_GROUP : LocalValidation
TAG : 0
DISPLAY_NAME : InCD Helper
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Irmon
Suporta dispositivos de infravermelhos instalados no computador e detecta outros dispositivos que estejam no raio de acção.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : Monitor de infravermelhos
DEPENDENCIES : irda
: RpcSs
: TermService
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: lanmanserver
Suporta a partilha de ficheiros, de impressão e de pipes com nome sobre a rede para este computador. Se este serviço estiver parado, estas funções não estarão disponíveis. Se este serviço estiver desactivado, quaisquer serviços que dependam dele explicitamente não serão iniciados.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Servidor
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: lanmanworkstation
Cria e mantém clinte de ligações de rede a servidores remotos. Se este serviço estiver parado, estas ligações estarão indisponíveis. Se este serviço estiver desactivado, quaisquer serviços que dependam dele explicitamente não serão iniciados.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : NetworkProvider
TAG : 0
DISPLAY_NAME : Estação de trabalho
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: LmHosts
Activa o suporte para o serviço NetBIOS em TCP/IP (NetBT) e para a resolução de nomes NetBIOS.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k LocalService
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : Programa auxiliar TCP/IP NetBIOS
DEPENDENCIES : NetBT
: Afd
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: MDM
Supports local and remote debugging for Visual Studio and script debuggers. If this service is stopped, the debuggers will not function properly.
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : "C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE"
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Machine Debug Manager
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Messenger
Envia mensagens de serviço de 'Alerter' e 'net send' entre clientes e servidores. Este serviço não está relacionado com o Windows Messenger. Se este serviço estiver parado, as mensagens de 'Alerter' não serão enviadas. Se este serviço estiver desactrivado, quaisquer serviços que dependam dele explicitamente não serão iniciados.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Messenger
DEPENDENCIES : LanmanWorkstation
: NetBIOS
: PlugPlay
: RpcSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: mnmsrvc
Permite às pessoas autorizadas aceder remotamente ao seu ambiente de trabalho do Windows utilizando o NetMeeting.
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\mnmsrvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Partilha remota do ambiente de trabalho do NetMeeting
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: MSDTC
Coordena transacções que expandem vários gestores de recursos, tais como bases de dados, filas de mensagens e sistemas de ficheiros. Se este serviço for parado, estas transacções não ocorrerão. Se este serviço estiver desactivado, quaisquer serviços que dependam explicitamente do mesmo vão falhar.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\msdtc.exe
LOAD_ORDER_GROUP : MS Transactions
TAG : 0
DISPLAY_NAME : DTC (Coordenador de transacções distribuídas)
DEPENDENCIES : RPCSS
: SamSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: MSIServer
Instala, repara e remove software de acordo com as instruções contidas nos ficheiros .MSI.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\msiexec.exe /V
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Installer
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NetDDE
Fornece transporte e segurança de rede para intercâmbio dinâmico de dados (DDE) para programas em execução no mesmo computador ou em computadores diferentes. Se este serviço for parado, o transporte e segurança de DDE não estarão disponíveis. Se este serviço for desactivado, a inicialização dos serviços dependentes dele explicitamente falhará.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\netdde.exe
LOAD_ORDER_GROUP : NetDDEGroup
TAG : 0
DISPLAY_NAME : Rede DDE
DEPENDENCIES : NetDDEDSDM
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NetDDEdsdm
Gere partilhas de rede de intercâmbio dinâmico de dados (DDE). Se este serviço for parado, as partilhas de rede DDE não estarão disponíveis. Se este serviço for desactivado, a inicialização dos serviços dependentes dele explicitamente falhará.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\netdde.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Rede DDE DSDM
DEPENDENCIES :
: EGrLocalSystem
: Rede DDE DSDM
: m
: Rede DDE
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Netlogon
Suporta a autenticação pass-through dos eventos de início de sessão de conta para os computadores num domínio.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\lsass.exe
LOAD_ORDER_GROUP : RemoteValidation
TAG : 0
DISPLAY_NAME : Início de sessão de rede
DEPENDENCIES : LanmanWorkstation
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Netman
Gere objectos na pasta 'Ligações de acesso telefónico e de rede', na qual pode ver os locais das ligações da área da rede local e remota.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Ligações de rede
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Nla
Recolhe e armazena informações de configuração e localizações da rede e notifica as aplicações quando estas informações são alteradas.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Identificação da localização na rede (NLA)
DEPENDENCIES : Tcpip
: Afd
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NtLmSsp
Fornece segurança a programas de chamada de procedimento remoto (RPC) que utilizam transportes que não sejam pipes nomeados.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\lsass.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : NT LM Security Support Provider
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NtmsSvc
(null)
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Armazenamento amovível
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NVSvc
(null)
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\nvsvc32.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : NVIDIA Driver Helper Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

Error querying status of O?’ŽrtñåȲ$Ó on \\GSYK4K94G95SHT0:
SERVICE_NAME: ose
Guarda ficheiros de instalação utilizados para actualizações e reparações, sendo necessário para a transferência de actualizações do programa de configuração e relatórios de erros do utilitário Watson.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Programas\Ficheiros comuns\Microsoft Shared\Source Engine\OSE.EXE
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Office Source Engine
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: PlugPlay
Permite que um computador identifique e se adapte a alterações de hardware com pouca ou nenhuma interactividade do utilizador. A paragem ou desactivação deste serviço resultará na instabilidade do sistema.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\services.exe
LOAD_ORDER_GROUP : PlugPlay
TAG : 0
DISPLAY_NAME : Plug and Play
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: PolicyAgent
Gere a política de segurança IP e inicia o ISAKMP/Oakley (IKE) e o controlador de segurança IP.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\lsass.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Serviços IPSEC
DEPENDENCIES : RPCSS
: Tcpip
: IPSec
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ProtectedStorage
Fornece armazenamento para dados importantes como, por exemplo, chaves privadas, de forma a impedir o acesso de serviços, processos ou utilizadores não autorizados.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Armazenamento protegido
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RasAuto
Cria uma ligação a uma rede remota sempre que um programa referencia um DNS remoto, ou um nome ou endereço NetBIOS.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Gestor de ligação automática de acesso remoto
DEPENDENCIES : RasMan
: Tapisrv
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RasMan
Cria uma ligação de rede.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Gestor de ligação de acesso remoto
DEPENDENCIES : Tapisrv
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RDSessMgr
Gere e controla a 'Assistência remota'. Se este serviço for parado, a 'Assistência remota' não irá estar disponível. Antes de parar este serviço, consulte o separador 'Dependências' da caixa de diálogo 'Propriedades'.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\sessmgr.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Gestor de sessões de ajuda do 'Ambiente de trabalho remoto'
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RemoteAccess
Disponibiliza serviços de encaminhamento a empresas em ambientes de rede local e alargada.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Encaminhamento e acesso remoto
DEPENDENCIES : RpcSS
: +NetBIOSGroup
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RpcLocator
Gere a base de dados de serviço de nomes de RPC.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\locator.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Localizador RPC (Remote Procedure Call)
DEPENDENCIES : LanmanWorkstation
SERVICE_START_NAME: NT AUTHORITY\NetworkService

SERVICE_NAME: RpcSs
Fornece um mapeador de pontos finais e outros serviços RPC.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost -k rpcss
LOAD_ORDER_GROUP : COM Infrastructure
TAG : 0
DISPLAY_NAME : Chamada de procedimento remoto (RPC)
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 0 seconds
FAILURE_ACTIONS : Reboot DELAY: 60000 seconds

SERVICE_NAME: RSVP
Fornece a sinalização de rede e a função de configuração de controlo do trânsito local para programas que utilizem QoS e aplicações de controlo.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\rsvp.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : QoS RSVP
DEPENDENCIES : TcpIp
: Afd
: RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SamSs
Armazena as informações de segurança para as contas de utilizador locais.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe
LOAD_ORDER_GROUP : LocalValidation
TAG : 0
DISPLAY_NAME : Gestor de contas de segurança
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SCardDrv
Activa o suporte para leitores de smart cards não plug-and-play utilizados por este computador. Se parar este serviço, este computador não irá suportar leitores que não sejam plug-and-play. Se este serviço estiver desactivado, não será possível iniciar quaisquer serviços que dele dependam explicitamente.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\SCardSvr.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Ajuda do smart card
DEPENDENCIES : +Smart Card Reader
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: SCardSvr
Gere o acesso a smart cards lidas pelo computador. Se parar este serviço, não será possível a este computador ler smart cards. Se este serviço for desactivado, não será possível iniciar quaisquer serviços que dele dependam explicitamente.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\SCardSvr.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Smart Card
DEPENDENCIES : PlugPlay
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: Schedule
Permite a utilizador configurar e agendar tarefas automatizadas neste computador. Se este serviço estiver parado, estas tarefas não serão executadas nas horas agendadas. Se este serviço estiver desactivado, qualquer serviço que dependa explicitamente dele não será inciado.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : SchedulerGroup
TAG : 0
DISPLAY_NAME : Programador de tarefas
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: seclogon
Activa processos de início sob credenciais alternativas. Se parar este serviço, este tipo de acesso de início de sessão estará indisponível. Se este serviço for desactivado, quaisquer serviços que dele dependem explicitamente falharão ao iniciar.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Início de sessão secundário
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SENS
Regista os eventos do sistema como, por exemplo, início de sessão do Windows, rede e eventos de alimentação. Notifica os subscritores do sistema de eventos COM+ desses eventos.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : Network
TAG : 0
DISPLAY_NAME : Notificação de evento de sistema
DEPENDENCIES : EventSystem
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SharedAccess
Fornece conversão de endereços de rede, endereçamento, resolução de nomes e/ou serviços de prevenção de intrusões para uma rede de pequeno escritório ou doméstica.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Firewall de ligação à Internet(ICF) / Partilha de ligação à Internet (ICS)
DEPENDENCIES : Netman
: NLA
: RasMan
: ALG
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ShellHWDetection
(null)
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : ShellSvcGroup
TAG : 0
DISPLAY_NAME : Detecção de hadrware da shell
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Spooler
Carrega ficheiros para a memória para imprimir mais tarde.
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\spoolsv.exe
LOAD_ORDER_GROUP : SpoolerGroup
TAG : 0
DISPLAY_NAME : Spooler de impressão
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds
: None DELAY: 0 seconds

SERVICE_NAME: srservice
Executa funções de restauro do sistema. Para parar o serviço, desactive a opção 'Restauro do sistema' a partir do separador 'Restauro do sistema' em 'O meu computador'->'Propriedades'
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Serviço de 'Restauro do sistema'
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SSDPSRV
Permite a identificação de dispositivos UPnP na rede doméstica.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k LocalService
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Serviço de identificação SSDP
DEPENDENCIES :
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: stisvc
Fornece serviços de aquisição de imagem para scanners e câmaras.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k imgsvc
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Image Acquisition (WIA)
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SwPrv
Gere cópias sombra baseadas em software criadas pelo serviço de cópia sombra de volumes. Se este serviço for parado, não é possível gerir as cópias sombra baseados em software. Se este serviço for desactivado, quaisquer serviços que dependam explicitamente dele não conseguirão arrancar.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\dllhost.exe /Processid:{290063EA-6BB2-488D-AE96-1EE2CC9A4095}
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : MS Software Shadow Copy Provider
DEPENDENCIES : rpcss
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SysmonLog
Recolhe dados de desempenho de computadores locais ou remotos baseados em parâmetros de agendamento pré-configurados e, em seguida, grava os dados num registo ou activa um alerta. Se este serviço for parado, as informações de desempenho não serão recolhidas. Se este serviço for desactivado, os serviços que dependem explicitamente dele não serão iniciados.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\smlogsvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Alertas e registos de desempenho
DEPENDENCIES :
SERVICE_START_NAME: NT Authority\NetworkService

SERVICE_NAME: TapiSrv
Fornece suporte de Telephony API (TAPI) para programas que controlam dispositivos telefónicos e ligações de voz com base em IP no computador local e através da rede local em servidores com o serviço em execução.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Dispositivos telefónicos
DEPENDENCIES : PlugPlay
: RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: TermService
Permite a múltiplos utilizadores estarem ligados interactivamente a um computador bem como mostrar os ambientes de trabalho e aplicações a computadores remotos. É o que está por detrás do 'Ambiente de trabalho remoto' (incluindo RD para administradores), 'Mudança rápida de utilizador', 'Assistência remota' e 'Servidor de terminais'.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Serviços de terminal
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Themes
Fornece a gestão de temas por parte dos utilizadores.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : UIGroup
TAG : 0
DISPLAY_NAME : Temas
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds
: None DELAY: 0 seconds

SERVICE_NAME: TrkWks
Mantém hiperligações entre ficheiros NTFS num computador ou em vários computadores num domínio de rede.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Cliente de Distributed Link Tracking
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: uploadmgr
Gere transferências de ficheiros síncronas e [bleep]íncronas entre clientes e servidores na rede. Se este serviço for parado, as transferências de ficheiros síncronas e [bleep]íncronas entre clientes e servidores na rede não vão ocorrer. Se este serviço for desactivado, todos os serviços que dependem explicitamente dele não vão conseguir ser iniciados.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Upload Manager
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 100 seconds
: Restart DELAY: 100 seconds
: None DELAY: 100 seconds

SERVICE_NAME: upnphost
Fornece suporte para hospedar dispositivos Universal Plug and Play.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k LocalService
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Anfitrião de dispositivos Universal Plug and Play
DEPENDENCIES : SSDPSRV
SERVICE_START_NAME: NT AUTHORITY\LocalService
FAIL_RESET_PERIOD : -1 seconds
FAILURE_ACTIONS : Restart DELAY: 0 seconds

SERVICE_NAME: UPS
Gere uma fonte de alimentação ininterrupta (UPS) ligada ao computador.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\ups.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Fonte de alimentação ininterrupta
DEPENDENCIES :
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: VSS
Gere e implementa cópias de mirror de volume utilizadas para cópia de segurança, entre outros propósitos. Se este serviço for parado, as cópias de mirror não estarão disponíveis para cópia de segurança e esta poderá falhar. Se este serviço estiver desactivado, não será possível iniciar qualquer serviço que dependa explicitamente dele.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\vssvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Cópia sombra de volume
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: W32Time
Gere a sincronização da data e da hora de todos clientes e servidores na rede. Se este serviço parar, a sincronização de data e hora deixará de estar disponível. Se este serviço estiver desactivado, não será possível iniciar quaisquer serviços que dependam explicitamente dele.


TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Hora do Windows
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: WebClient
Permite que os programas baseados no Windows criem, acedam e modifiquem ficheiros baseados na Internet. Se este serviço estiver parado, estas funções não estarão disponíveis. Se este serviço estiver desactivado, qualquer serviço que dependa explicitamente dele não será inciado.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k LocalService
LOAD_ORDER_GROUP : NetworkProvider
TAG : 0
DISPLAY_NAME : WebClient
DEPENDENCIES : MRxDAV
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: winmgmt
Fornece uma interface comum e modelo de objecto para aceder a informação de gestão de acesso acerca do sistema operativo, dispositivos, aplicações e serviços. Se este serviço for parado, a maioria do software baseado em Windows não irá funcionar correctamente. Se este serviço estiver desactivado, quaisquer serviços que dependam explicitamente dele não conseguirão iniciar.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : WMI (Instrumento de gestão do Windows)
DEPENDENCIES : RPCSS
: Eventlog
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds

SERVICE_NAME: WmdmPmSp
Obtém o número de série de um leitor de música portátil ligado ao computador
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Número de série de multimédia portátil
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: WmiApSrv
Fornece informações de biblioteca de desempenho a partir de fornecedores HiPerf de WMI.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\wbem\wmiapsrv.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Adaptador de desempenho WMI
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: wuauserv
Permite a transferência e instalação de actualizações do Windows. Se este serviço estiver desactivado, este computador não conseguirá utilizar a funcionalidade de actualizações automáticas nem o website Windows Update.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Actualizações automáticas
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: WZCSVC
Fornece configuração automática aos adaptadores 802.11
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : Configuração zero sem fios
DEPENDENCIES : RpcSs
: Ndisuio
SERVICE_START_NAME: LocalSystem
  • 0

#10
-=jonnyrotten=-

-=jonnyrotten=-

    Member 2k

  • Retired Staff
  • 2,678 posts
You may have done some of this stuff already, so just skip over the parts that tell you to download certain programs and just run them again when instructed to.

Print out these instructions so you have them handy as some of the steps need to be done in safe mode and you may not be able to go online. We need IE to remain closed throughout the process. With that in mind, read through the instructions and download all necessary files ahead of time. Opening IE may cause the fix to fail

1. Download AboutBuster. Unzip it to c:\aboutbuster but don't run it yet we'll do that later on down in this list in SAFE MODE.
2. Reboot to Safe Mode => How do I boot into safe mode?
3. Make sure your PC is configured to show hidden files. Open Windows Explorer & Go to "Tools" => "Folder Options". Click on the "View" tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and untick "hide extensions for known file types". Now click "Apply to all folders". Click "Apply" then "OK"

4. Next, go to Start => Run and type "Services.msc" (without quotes) then hit Ok. Scroll down and find the service called
"Network Security Service" or "Workstation NetLogon Service" or "Remote Procedure Call (RPC) Helper"In your case it looks like "ose"

Error querying status of O?’ŽrtñåȲ$Ó on \\GSYK4K94G95SHT0:
SERVICE_NAME: ose
Guarda ficheiros de instalação utilizados para actualizações e reparações, sendo necessário para a transferência de actualizações do programa de configuração e relatórios de erros do utilitário Watson.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Programas\Ficheiros comuns\Microsoft Shared\Source Engine\OSE.EXE
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Office Source Engine
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem


When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok and close any open windows.
5. Press control-alt-delete to get into the task manager and end the follow processes if they exist:

iptz32.exe
bplhazr.exe
sohe.exe
WinSync.exe

6. Now close all open windows AND browsers, run HijackThis and put checks next to all the following, then click "Fix Checked":

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.kbguvygeg...d42YPwFkgIn.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {C45410F7-1A22-A509-8145-C396D0E0B9E0} - C:\WINDOWS\system32\apixg32.dll
O4 - HKLM\..\Run: [iptz32.exe] C:\WINDOWS\system32\iptz32.exe
O4 - HKLM\..\Run: [omlhqflrqlvee] C:\WINDOWS\System32\bplhazr.exe
O4 - HKCU\..\Run: [Aubc] C:\Documents and Settings\win xp\Application Data\sohe.exe
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.slotch.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab28578.cab
O16 - DPF: {22222222-2222-2222-2222-222222222222} - file://c:\x.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab30149.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab28578.cab
O21 - SSODL: SystemCheck - {54645654-2225-4455-44A1-9F4543D34544} - C:\WINDOWS\System32\vbsys.dll

7. Delete the following files if present (If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. if it is uncheck it and try again.):

C:\WINDOWS\system32\apixg32.dll
C:\WINDOWS\system32\iptz32.exe
C:\WINDOWS\System32\bplhazr.exe
C:\Documents and Settings\win xp\Application Data\sohe.exe

8.Next, we will remove the offending service. Go to Start->Run and type Regedit then click Ok.
Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
and highlight Services in the left pane. In the right pane, look for any these entries named as:
"Network Security Service" or "Workstation NetLogon Service" or "Remote Procedure Call (RPC) Helper"or"ose"

If any are listed, right-click that entry in the right pane and choose Delete.

Again in Regedit, navigate to
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root and highlight Root in the Left Pane. In the right pane, look for any entries like this:
"LEGACY Network Security Service" or "LEGACY Workstation NetLogon Service" or "LEGACY Remote Procedure Call (RPC) Helper"or "ose"

If you find it, right-click it in the right-pane and choose delete.
If you have trouble deleting a key. Then click once on the key name to highlight it and click on the Permission menu option under Security or Edit. Then Uncheck "Allow inheritible permissions" and press copy. Then click on everyone and put a checkmark in "full control". Then press apply and ok and attempt to delete the key again.

9. Browse to c:\aboutbuster and double click on aboutbuster.exe. When the tool is open press the OK button, then the Start button, then the OK button, and then finally the Yes button. It will start scanning your computer for files. If it asks if you would like to do a second pass, allow it to do so.When finished, press the "Save log" button. I will want a copy of that log after all steps are completed here.
10. Copy the contents of the Quote Box to Notepad. Name the file as fix.reg. Change the Save as Type to All Files. Save this file on the desktop

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HSA]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""


Then double-click on the fix.reg file, and when it prompts to merge say yes, and this will clear some registry entries left behind by the process.

11. Run Ad-Aware with the latest update.
  • Download the latest version of Ad-Aware (Ad-Aware SE Build 1.03).
  • If you have a previous version of Ad-Aware installed, during the installation of the new version you will be prompted to uninstall or keep the older version - be sure to uninstall the previous version.
  • After installing Ad-aware, you will be prompted to update the program and run a full scan. De-select all boxes so that it does not run.
  • Manually run "Ad-Aware SE Personal" and from the main screen Click on "Check for Updates Now".
  • Once the definitions have been updated:
  • Reconfigure Ad-Aware for Full Scan as per the following instructions:
    • Launch the program, and click on the Gear at the top of the start screen.
    • Under General Settings the following boxes should all be checked off: (Checked will be indicated by a green circle with a check mark in it, Un-Checked is a red circle with an X in it. If it is greyed out, those features are only available in the retail version.)
      • "Automatically save logfile"
      • Automatically quarrantine objects prior to removal"
      • Safe Mode (always request confirmation)
      • Prompt to update outdated confirmation) - Change to 7 days.
    • Click the "Scanning" button (On the left side).
    • Under Drives & Folders, select "Scan within Archives"
    • Click "Click here to select Drives + folders" and select your installed hard drives.
    • Under Memory & Registry, select all options.
    • Click the "Advanced" button (On the left hand side).
    • Under "Shell Integration", select "Move deleted files to Recycle Bin".
    • Under "Log-file detail", select all options.
    • Click on the "Defaults" button on the left.
    • Type in the full url of what you want as your default homepage and searchpage e.g. http://www.google.com.
    • Click the "Tweak" button (Again, on the left hand side).
    • Expand "Scanning Engine" by clicking on the "+" (Plus) symbol) and select the following:
      • "Unload recognized processes during scanning."
      • "Obtain command line of scanned processes"
      • "Scan registry for all users instead of current user only"
    • Under "Cleaning Engine", select the following:
      • "Always try to unload modules before deletion."
      • "During removal, unload explorer and IE if necessary"
      • "Let Windows remove files in use at next reboot."
      • "Delete quarrantined objects after restoring"
    • Click on "Safety Settings" and select "Write-protect system files after repair (Hosts file, etc)"
    • Click on "Proceed" to save these Preferences.
    • Click on the "Scan Now" button on the left.
    • Under "Select Scan Mode, be sure to select "Use Custom Scanning Options".
  • Close all programs except ad-aware.
  • Click on "Next" in the bottom right corner to start the scan.
  • Run the Ad-Aware scan and allow it to remove everything it finds and then REBOOT - Even if not prompted to.
  • After you log back in, Ad-Aware may run to finalize the scan and remove any locked files that it may of found. Allow it to finish.
12. Clean out temporary and temporary Internet files. Go to "Start" => "Run" and type in the box: "cleanmgr". Let it scan your system for files to remove. Make sure these 3 are checked and then press "ok" to remove:
Temporary Files
Temporary Internet Files
Recycle Bin

13. Reboot to normal mode.
14. Replace Deleted Files
It is also possible that the infection may have deleted up to three files from your system. If these files are present, to be safe I suggest you overwrite them with a new copy.

Go here and download the version of control.exe for your operating system. If you are running Windows 2000, copy it to c:\winnt\system32\. For Windows XP, copy it to c:\windows\system32\.

Download the Hoster from here Press 'Restore Original Hosts' and press 'OK'
Exit Program.

If you have Spybot S&D installed you may also need to replace one file.
Go here and download SDHelper.dll. Copy the file to the folder containing you Spybot S&D program (normally C:\Program Files\Spybot - Search & Destroy)

Additionally, Please check your ActiveX security settings. They may have been changed by this CWS variant to allow ALL ActiveX!! If they have been changed, reset your active x security settings in IE as recommended.
Go to Internet Options/Security/Internet, press 'default level', then OK.
Now press "Custom Level."
In the ActiveX section, set the first option, 'Download signed controls', to 'Prompt; set the
second option, 'Download unsigned controls', to 'Disable'; and finally, set 'Initialize and Script ActiveX controls not marked as safe" to 'Disable'.

15.Do an online scan at TrendMicro's site. Let it remove any infected files found.
16. Finally, when you are all done, please post the new HJT log and the AboutBuster log here for review.

-=jonnyrotten=- <_<
  • 0

Advertisements


#11
rasta11

rasta11

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
ok, thanks...i will try that..i hope to do everything rigth...
thanks again for the help <_<
  • 0

#12
-=jonnyrotten=-

-=jonnyrotten=-

    Member 2k

  • Retired Staff
  • 2,678 posts
Very Important...

Please make sure you do not open IE for any reason, connect to the internet, or reboot your computer until the instructions tell you to. If you do any of these we will need to start over from the beginning. I hope you see this in time....


-=jonnyrotten=- <_<
  • 0

#13
rasta11

rasta11

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
can someone help me with cws_ns3?
thanks
  • 0

#14
Smokey

Smokey

    Member 1K

  • Retired Staff
  • 1,423 posts
Download Ad-aware from: http://www.lavasoft.de/res/aaw6.exe

Install the program and launch it.

First, in the main window, look in the bottom right corner and click on Check for updates now and download the latest reference files.

Next, we need to configure Ad-aware for a full scan.

-> Click on the Gear icon (second from the left) to access the preferences/settings window

1. In the General window make sure the following are selected:
  • Automatically save log-file

  • Automatically quarantine objects prior to removal

  • Safe Mode (always request confirmation)
2. Click on the Scanning button on the left and select :
  • Scan Within Archives

  • Scan Active Processes

  • Scan Registry

  • Deep Scan Registry

  • Scan my IE favorites for banned URL’s

  • Scan my Hosts file

  • Under Click here to select drives + folders, choose:

  • All of your hard drives
-> Click on the Advanced button on the left and select:
  • Include additional process information

  • Include additional file information

  • Include environment information

  • Include additional object details
-> Click the Tweak button and select:
  • Under the Scanning Engine:
    • Unload recognized processes during scanning
    • Include basic Ad-aware settings in logfile
    • Include additional Ad-aware settings in logfile
  • Under the Cleaning Engine:
    • Let Windows remove files in use at next reboot
-> Click on Proceed to save the settings.

-> Click Start and on the next screen choose Activate in-depth Scan at the bottom of the page and then choose:
  • Use Custom Scanning Options
-> Click Next and Ad-aware will scan your hard drive(s) with the options you have selected.

-> Save the log file when it asks and then click Finish

-> When finished, mark everything for removal and get rid of it. (Right-click the window and choose Select All from the drop down menu and click Next).

-> Reboot your computer and post a hijackthis log. See the "HiJackThis Guide" link in my signature.
  • 0

#15
rasta11

rasta11

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Lavasoft Ad-aware Personal Build 6.181
Logfile created on :sábado, 2 de Outubro de 2004 16:12:24
Created with Ad-aware Personal, free for private use.
Using reference-file :01R342 25.09.2004
______________________________________________________

Reffile status:
=========================
Reference file loaded:
Reference Number : 01R217 08.09.2003
Internal build : 107
File location : C:\Programas\Lavasoft\Ad-aware 6\reflist.ref
Total size : 574398 Bytes
Signature data size : 563299 Bytes
Reference data size : 11035 Bytes
Signatures total : 12937
Target categories : 10
Target families : 267
02-10-2004 16:04:46 Performing Webupdate...

Installing Update...
Reference file loaded:
Reference Number : 01R342 25.09.2004
Internal build : 276
File location : C:\Programas\Lavasoft\Ad-aware 6\reflist.ref
Total size : 1347890 Bytes
Signature data size : 1325938 Bytes
Reference data size : 21888 Bytes
Signatures total : 29315
Target categories : 10
Target families : 558

02-10-2004 16:05:50 Success.
Update successfully downlodaded and installed.


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:33 %
Total physical memory:261616 kb
Available physical memory:84524 kb
Total page file size:632064 kb
Available on page file:448256 kb
Total virtual memory:2097024 kb
Available virtual memory:2047236 kb
OS:

Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file


02-10-2004 16:12:24 - Scan started. (Custom mode)

Listing running processes
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 02-10-2004 14:59:17
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ThreadCreationTime : 02-10-2004 14:59:19
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ThreadCreationTime : 02-10-2004 14:59:20
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 02-10-2004 14:59:20
BasePriority : Normal
FileSize : 99 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Aplica
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Sistema operativo Microsoft
Created on : 25-04-2003 12:00:00
Last accessed : 02-10-2004 14:59:16
Last modified : 25-04-2003 12:00:00

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 02-10-2004 14:59:20
BasePriority : Normal
FileSize : 11 KB
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
OriginalFilename : lsass.exe
ProductName : Microsoft
Created on : 25-04-2003 12:00:00
Last accessed : 02-10-2004 14:59:16
Last modified : 25-04-2003 12:00:00

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 02-10-2004 14:59:21
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 25-04-2003 12:00:00
Last accessed : 02-10-2004 14:59:16
Last modified : 25-04-2003 12:00:00

#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 02-10-2004 14:59:21
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 25-04-2003 12:00:00
Last accessed : 02-10-2004 14:59:16
Last modified : 25-04-2003 12:00:00

#:8 [incdsrv.exe]
FilePath : C:\Programas\Ahead\InCD\
ThreadCreationTime : 02-10-2004 14:59:21
BasePriority : Normal
FileSize : 784 KB
FileVersion : 4, 1, 0, 1
ProductVersion : 4, 1, 0, 1
Copyright : Copyright
CompanyName : AHEAD Software
FileDescription : incdsrv
InternalName : incdsrv
OriginalFilename : incdsrv.exe
ProductName : AHEAD Software incdsrv
Created on : 23-07-2004 10:08:52
Last accessed : 02-10-2004 14:59:16
Last modified : 13-12-2003 4:43:02

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 02-10-2004 14:59:22
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 25-04-2003 12:00:00
Last accessed : 02-10-2004 14:59:16
Last modified : 25-04-2003 12:00:00

#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 02-10-2004 14:59:22
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 25-04-2003 12:00:00
Last accessed : 02-10-2004 14:59:16
Last modified : 25-04-2003 12:00:00

#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 02-10-2004 14:59:23
BasePriority : Normal
FileSize : 50 KB
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
OriginalFilename : spoolsv.exe
ProductName : Microsoft
Created on : 25-04-2003 12:00:00
Last accessed : 02-10-2004 14:59:16
Last modified : 25-04-2003 12:00:00

#:12 [mdm.exe]
FilePath : C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\
ThreadCreationTime : 02-10-2004 14:59:23
BasePriority : Normal
FileSize : 314 KB
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
OriginalFilename : mdm.exe
ProductName : Microsoft
Created on : 19-06-2003 22:25:00
Last accessed : 02-10-2004 14:59:16
Last modified : 19-06-2003 22:25:00

#:13 [nvsvc32.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 02-10-2004 14:59:23
BasePriority : Normal
FileSize : 60 KB
FileVersion : 6.13.10.3082
ProductVersion : 6.13.10.3082
Copyright : © NVIDIA Corporation. All rights reserved.
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 30.82
InternalName : NVSVC
OriginalFilename : nvsvc32.exe
ProductName : NVIDIA Driver Helper Service, Version 30.82
Created on : 05-05-2003 10:27:37
Last accessed : 02-10-2004 14:59:16
Last modified : 05-05-2003 10:27:37

#:14 [lhfpo]
FilePath : C:\WINDOWS\FaxSetup.log:
ThreadCreationTime : 02-10-2004 14:59:23
BasePriority : Normal


#:15 [explorer.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 02-10-2004 14:59:27
BasePriority : Normal
FileSize : 982 KB
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
CompanyName : Microsoft Corporation
FileDescription : Explorador do Windows
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Sistema operativo Microsoft
Created on : 25-04-2003 12:00:00
Last accessed : 02-10-2004 15:03:30
Last modified : 25-04-2003 12:00:00

#:16 [pctspk.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 02-10-2004 14:59:28
BasePriority : Normal
FileSize : 176 KB
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
Copyright : Copyright © 2001
FileDescription : pctvoice MFC Application
InternalName : pctvoice
OriginalFilename : pctvoice.EXE
ProductName : pctvoice Application
Created on : 25-06-2004 11:03:03
Last accessed : 02-10-2004 14:59:16
Last modified : 24-04-2003 11:15:50

#:17 [pv92tray.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 02-10-2004 14:59:28
BasePriority : Normal
FileSize : 132 KB
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
Copyright : Copyright © 2002
CompanyName : PCtel Inc.
FileDescription : PTV92Tray Application
InternalName : PTV92Tray
OriginalFilename : PTV92Tray.EXE
ProductName : PTV92Tray Application
Created on : 25-06-2004 11:03:03
Last accessed : 02-10-2004 14:59:28
Last modified : 24-04-2003 11:35:02

#:18 [incd.exe]
FilePath : C:\Programas\Ahead\InCD\
ThreadCreationTime : 02-10-2004 14:59:28
BasePriority : Normal
FileSize : 1212 KB
FileVersion : 4, 1, 0, 1
ProductVersion : 4, 1, 0, 1
Copyright : Copyright © Ahead Software 1996-2003, Karlsbad, Germany
CompanyName : Ahead Software AG
FileDescription : InCD
InternalName : InCD
OriginalFilename : InCD.exe
ProductName : InCD
Created on : 23-07-2004 10:08:52
Last accessed : 02-10-2004 14:59:16
Last modified : 13-12-2003 4:43:32

#:19 [msgplus.exe]
FilePath : C:\Programas\Messenger Plus! 3\
ThreadCreationTime : 02-10-2004 14:59:28
BasePriority : Normal
FileSize : 156 KB
FileVersion : 3, 0, 0, 92
ProductVersion : 3, 0, 0, 92
Copyright : Copyright © 2001-2004
CompanyName : Patchou
FileDescription : Messenger Plus!
InternalName : MsgPlus
OriginalFilename : MsgPlus.exe
ProductName : Messenger Plus! 3
Created on : 11-08-2004 9:12:20
Last accessed : 02-10-2004 14:59:16
Last modified : 11-08-2004 9:12:25

#:20 [iexplore.exe]
FilePath : c:\progra~1\intern~1\
ThreadCreationTime : 02-10-2004 14:59:28
BasePriority : Normal
FileSize : 89 KB
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
OriginalFilename : IEXPLORE.EXE
ProductName : Sistema operativo Microsoft
Created on : 25-06-2004 10:50:36
Last accessed : 02-10-2004 14:59:38
Last modified : 25-04-2003 12:00:00

#:21 [iptz32.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 02-10-2004 14:59:28
BasePriority : Normal
FileSize : 26 KB
Created on : 30-09-2004 18:41:49
Last accessed : 02-10-2004 14:59:23
Last modified : 30-09-2004 18:41:49

#:22 [syncroad.exe]
FilePath : C:\Program Files\Windows SyncroAd\
ThreadCreationTime : 02-10-2004 14:59:28
BasePriority : Normal
FileSize : 24 KB
Created on : 01-10-2004 15:28:29
Last accessed : 02-10-2004 14:59:16
Last modified : 01-10-2004 15:28:33

#:23 [bplhazr.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 02-10-2004 14:59:29
BasePriority : Normal
FileSize : 37 KB
Created on : 01-10-2004 15:29:03
Last accessed : 02-10-2004 14:59:16
Last modified : 20-07-2004 15:33:58

#:24 [ctfmon.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 02-10-2004 14:59:29
BasePriority : Normal
FileSize : 13 KB
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
OriginalFilename : CTFMON.EXE
ProductName : Microsoft
Created on : 25-04-2003 12:00:00
Last accessed : 02-10-2004 14:59:16
Last modified : 25-04-2003 12:00:00

#:25 [sohe.exe]
FilePath : C:\Documents and Settings\win xp\Application Data\
ThreadCreationTime : 02-10-2004 14:59:29
BasePriority : Normal
FileSize : 79 KB
Created on : 01-10-2004 15:28:06
Last accessed : 02-10-2004 14:59:29
Last modified : 01-10-2004 15:28:06

#:26 [iexplore.exe]
FilePath : C:\Programas\Internet Explorer\
ThreadCreationTime : 02-10-2004 14:59:29
BasePriority : Normal
FileSize : 89 KB
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
OriginalFilename : IEXPLORE.EXE
ProductName : Sistema operativo Microsoft
Created on : 25-06-2004 10:50:36
Last accessed : 02-10-2004 14:59:38
Last modified : 25-04-2003 12:00:00

#:27 [winsync.exe]
FilePath : C:\Program Files\Windows SyncroAd\
ThreadCreationTime : 02-10-2004 14:59:29
BasePriority : Normal
FileSize : 17 KB
Created on : 01-10-2004 15:28:12
Last accessed : 02-10-2004 14:59:16
Last modified : 01-10-2004 15:28:14

#:28 [iexplore.exe]
FilePath : C:\Programas\Internet Explorer\
ThreadCreationTime : 02-10-2004 14:59:36
BasePriority : Normal
FileSize : 89 KB
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
OriginalFilename : IEXPLORE.EXE
ProductName : Sistema operativo Microsoft
Created on : 25-06-2004 10:50:36
Last accessed : 02-10-2004 14:59:38
Last modified : 25-04-2003 12:00:00

#:29 [wuauclt.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 02-10-2004 15:00:23
BasePriority : Normal
FileSize : 112 KB
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
CompanyName : Microsoft Corporation
FileDescription : Actualiza
InternalName : wuauclt.exe
OriginalFilename : wuauclt.exe
ProductName : Sistema operativo Microsoft
Created on : 25-06-2004 10:49:11
Last accessed : 02-10-2004 14:59:16
Last modified : 03-08-2004 12:58:34

#:30 [ad-aware.exe]
FilePath : C:\Programas\Lavasoft\Ad-aware 6\
ThreadCreationTime : 02-10-2004 15:03:59
BasePriority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 02-10-2004 15:03:43
Last accessed : 02-10-2004 15:04:22
Last modified : 12-07-2003 21:00:20

Memory scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0


Started registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

StopPop Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : Interface\{4534CD6B-59D6-43FD-864B-06A0D843444A}


VX2 Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : TypeLib\{690BCCB4-6B83-4203-AE77-038C116594EC}


VX2 Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : vx2.vx2obj


VX2 Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : multimppdll.multimppdllobj.1


VX2 Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : localnrddll.localnrddllobj.1


Registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 5
Objects found so far: 5


Started deep registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainDefault_Page_URLabout:blank

Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "about:blank"
Category : Data Miner
Comment : Possible browser hijack attempt
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Default_Page_URL
Data : "about:blank"


TopSearch Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment : ({B7156514-A76C-4545-9D5B-A4E1D02C7AEC})
Rootkey : HKEY_CLASSES_ROOT
Object : TopSearch.TSLink


TopSearch Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment : ({B7156514-A76C-4545-9D5B-A4E1D02C7AEC})
Rootkey : HKEY_CLASSES_ROOT
Object : TopSearch.TSLink.1

Trusted zone presumably compromised : blazefind.com

Possible Browser Hijack attempt Object recognized!
Type : RegKey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : blazefind.com
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\blazefind.com

Trusted zone presumably compromised : flingstone.com

Possible Browser Hijack attempt Object recognized!
Type : RegKey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : flingstone.com
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\flingstone.com

Trusted zone presumably compromised : searchbarcash.com

Possible Browser Hijack attempt Object recognized!
Type : RegKey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : searchbarcash.com
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchbarcash.com

Trusted zone presumably compromised : slotch.com

Possible Browser Hijack attempt Object recognized!
Type : RegKey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : slotch.com
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\slotch.com

Trusted zone presumably compromised : searchbarcash.com
Trusted zone presumably compromised : blazefind.com

Possible Browser Hijack attempt Object recognized!
Type : RegKey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : blazefind.com
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\blazefind.com

Trusted zone presumably compromised : flingstone.com

Possible Browser Hijack attempt Object recognized!
Type : RegKey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : flingstone.com
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\flingstone.com

Trusted zone presumably compromised : searchbarcash.com

Possible Browser Hijack attempt Object recognized!
Type : RegKey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : searchbarcash.com
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchbarcash.com

Trusted zone presumably compromised : slotch.com

Possible Browser Hijack attempt Object recognized!
Type : RegKey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : slotch.com
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\slotch.com

Trusted zone presumably compromised : xxxtoolbar.com

Possible Browser Hijack attempt Object recognized!
Type : RegKey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : xxxtoolbar.com
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xxxtoolbar.com

Trusted zone presumably compromised : searchbarcash.com

Deep registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 12
Objects found so far: 17


Deep scanning and examining files (A:)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Disk scan result for A:\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 17


Deep scanning and examining files (C:)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Tracking Cookie Object recognized!
Type : File
Data : win xp@ayb.lop[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\win xp\Cookies\

Created on : 01-10-2004 20:15:03
Last accessed : 02-10-2004 14:59:31
Last modified : 01-10-2004 20:15:03



Tracking Cookie Object recognized!
Type : File
Data : win xp@doubleclick[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\win xp\Cookies\

Created on : 01-10-2004 20:43:21
Last accessed : 02-10-2004 15:13:43
Last modified : 01-10-2004 20:43:40



Tracking Cookie Object recognized!
Type : File
Data : win xp@gator[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\win xp\Cookies\

Created on : 01-10-2004 21:42:30
Last accessed : 02-10-2004 15:13:43
Last modified : 02-10-2004 8:20:28



Tracking Cookie Object recognized!
Type : File
Data : win xp@lop[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\win xp\Cookies\

Created on : 02-10-2004 8:20:26
Last accessed : 02-10-2004 14:59:31
Last modified : 02-10-2004 8:20:26



Tracking Cookie Object recognized!
Type : File
Data : win xp@revenue[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\win xp\Cookies\

Created on : 01-10-2004 21:42:29
Last accessed : 02-10-2004 15:13:43
Last modified : 02-10-2004 9:03:58



Tracking Cookie Object recognized!
Type : File
Data : win xp@trafficmp[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\win xp\Cookies\

Created on : 02-10-2004 9:03:58
Last accessed : 02-10-2004 15:13:43
Last modified : 02-10-2004 9:03:58



Tracking Cookie Object recognized!
Type : File
Data : win xp@tribalfusion[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\win xp\Cookies\

Created on : 01-10-2004 22:03:41
Last accessed : 02-10-2004 15:13:43
Last modified : 01-10-2004 22:03:41



VX2 Object recognized!
Type : File
Data : multimpp.dll
Category : Data Miner
Comment :
Object : C:\Documents and Settings\win xp\Definições locais\Temp\THI1593.tmp\
FileSize : 140 KB
FileVersion : 0, 5, 4, 35
ProductVersion : 0, 5, 4, 35
Copyright : Copyright
CompanyName : Multimpp
FileDescription : www.multimpp.com
InternalName : multimpp
OriginalFilename : multimpp.dll
ProductName : multimpp
Created on : 01-10-2004 15:34:39
Last accessed : 02-10-2004 15:13:44
Last modified : 16-08-2004 18:24:14



VX2 Object recognized!
Type : File
Data : multimpp.dll
Category : Data Miner
Comment :
Object : C:\Documents and Settings\win xp\Definições locais\Temp\THI168C.tmp\
FileSize : 140 KB
FileVersion : 0, 5, 4, 35
ProductVersion : 0, 5, 4, 35
Copyright : Copyright
CompanyName : Multimpp
FileDescription : www.multimpp.com
InternalName : multimpp
OriginalFilename : multimpp.dll
ProductName : multimpp
Created on : 01-10-2004 19:03:05
Last accessed : 02-10-2004 15:13:45
Last modified : 16-08-2004 18:24:14



VX2 Object recognized!
Type : File
Data : multimpp.dll
Category : Data Miner
Comment :
Object : C:\Documents and Settings\win xp\Definições locais\Temp\THI1EEA.tmp\
FileSize : 140 KB
FileVersion : 0, 5, 4, 35
ProductVersion : 0, 5, 4, 35
Copyright : Copyright
CompanyName : Multimpp
FileDescription : www.multimpp.com
InternalName : multimpp
OriginalFilename : multimpp.dll
ProductName : multimpp
Created on : 02-10-2004 11:16:15
Last accessed : 02-10-2004 15:13:45
Last modified : 16-08-2004 18:24:14



VX2 Object recognized!
Type : File
Data : multimpp.dll
Category : Data Miner
Comment :
Object : C:\Documents and Settings\win xp\Definições locais\Temp\THI2D13.tmp\
FileSize : 140 KB
FileVersion : 0, 5, 4, 35
ProductVersion : 0, 5, 4, 35
Copyright : Copyright
CompanyName : Multimpp
FileDescription : www.multimpp.com
InternalName : multimpp
OriginalFilename : multimpp.dll
ProductName : multimpp
Created on : 01-10-2004 20:14:32
Last accessed : 02-10-2004 15:13:45
Last modified : 16-08-2004 18:24:14



VX2 Object recognized!
Type : File
Data : multimpp.dll
Category : Data Miner
Comment :
Object : C:\Documents and Settings\win xp\Definições locais\Temp\THI2EAB.tmp\
FileSize : 140 KB
FileVersion : 0, 5, 4, 35
ProductVersion : 0, 5, 4, 35
Copyright : Copyright
CompanyName : Multimpp
FileDescription : www.multimpp.com
InternalName : multimpp
OriginalFilename : multimpp.dll
ProductName : multimpp
Created on : 02-10-2004 14:59:37
Last accessed : 02-10-2004 14:59:37
Last modified : 16-08-2004 18:24:14



VX2 Object recognized!
Type : File
Data : multimpp.dll
Category : Data Miner
Comment :
Object : C:\Documents and Settings\win xp\Definições locais\Temp\THI4007.tmp\
FileSize : 140 KB
FileVersion : 0, 5, 4, 35
ProductVersion : 0, 5, 4, 35
Copyright : Copyright
CompanyName : Multimpp
FileDescription : www.multimpp.com
InternalName : multimpp
OriginalFilename : multimpp.dll
ProductName : multimpp
Created on : 01-10-2004 16:33:53
Last accessed : 02-10-2004 15:13:45
Last modified : 16-08-2004 18:24:14



VX2 Object recognized!
Type : File
Data : multimpp.dll
Category : Data Miner
Comment :
Object : C:\Documents and Settings\win xp\Definições locais\Temp\THI5586.tmp\
FileSize : 140 KB
FileVersion : 0, 5, 4, 35
ProductVersion : 0, 5, 4, 35
Copyright : Copyright
CompanyName : Multimpp
FileDescription : www.multimpp.com
InternalName : multimpp
OriginalFilename : multimpp.dll
ProductName : multimpp
Created on : 01-10-2004 19:28:04
Last accessed : 02-10-2004 15:13:45
Last modified : 16-08-2004 18:24:14



VX2 Object recognized!
Type : File
Data : multimpp.dll
Category : Data Miner
Comment :
Object : C:\Documents and Settings\win xp\Definições locais\Temp\THI6646.tmp\
FileSize : 140 KB
FileVersion : 0, 5, 4, 35
ProductVersion : 0, 5, 4, 35
Copyright : Copyright
CompanyName : Multimpp
FileDescription : www.multimpp.com
InternalName : multimpp
OriginalFilename : multimpp.dll
ProductName : multimpp
Created on : 01-10-2004 16:49:49
Last accessed : 02-10-2004 15:13:45
Last modified : 16-08-2004 18:24:14



VX2 Object recognized!
Type : File
Data : multimpp.dll
Category : Data Miner
Comment :
Object : C:\Documents and Settings\win xp\Definições locais\Temp\THI6878.tmp\
FileSize : 140 KB
FileVersion : 0, 5, 4, 35
ProductVersion : 0, 5, 4, 35
Copyright : Copyright
CompanyName : Multimpp
FileDescription : www.multimpp.com
InternalName : multimpp
OriginalFilename : multimpp.dll
ProductName : multimpp
Created on : 02-10-2004 8:19:34
Last accessed : 02-10-2004 15:13:46
Last modified : 16-08-2004 18:24:14



BargainBuddy Object recognized!
Type : File
Data : shortcuts.txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\win xp\Definições locais\Temp\
FileSize : 6 KB
Created on : 01-10-2004 15:30:10
Last accessed : 02-10-2004 15:13:49
Last modified : 01-10-2004 15:30:11



VX2 Object recognized!
Type : File
Data : thnall1l[1].exe
Category : Data Miner
Comment :
Object : C:\Documents and Settings\win xp\Definições locais\Temporary Internet Files\Content.IE5\ORT3IAZL\
FileSize : 68 KB
FileVersion : 1, 0, 0, 12
ProductVersion : 1, 0, 0, 12
Copyright : BetterInternet, Inc.
CompanyName : BetterInternet, Inc.
FileDescription : www.abetterinternet.com - Utility for downloading files and upgrading software.
InternalName : Install Utility
OriginalFilename : InstUtil.exe
ProductName : Install Utility
Created on : 01-10-2004 16:49:38
Last accessed : 02-10-2004 14:59:32
Last modified : 01-10-2004 16:49:42



DyFuCA Object recognized!
Type : File
Data : actalert.exe
Category : Malware
Comment :
Object : C:\Program Files\Internet Optimizer\update\
FileSize : 35 KB
Created on : 01-10-2004 15:28:35
Last accessed : 02-10-2004 15:14:12
Last modified : 01-10-2004 15:28:40



DyFuCA Object recognized!
Type : File
Data : actalert.exe
Category : Malware
Comment :
Object : C:\Program Files\Internet Optimizer\
FileSize : 35 KB
Created on : 01-10-2004 15:28:40
Last accessed : 02-10-2004 15:14:12
Last modified : 01-10-2004 15:28:40



WinAD Object recognized!
Type : File
Data : ide21201.vxd
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\
FileSize : 4 KB
Created on : 01-10-2004 15:28:33
Last accessed : 02-10-2004 15:16:41
Last modified : 01-10-2004 15:28:33



VX2 Object recognized!
Type : File
Data : multimpp.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\
FileSize : 140 KB
FileVersion : 0, 5, 4, 35
ProductVersion : 0, 5, 4, 35
Copyright : Copyright
CompanyName : Multimpp
FileDescription : www.multimpp.com
InternalName : multimpp
OriginalFilename : multimpp.dll
ProductName : multimpp
Created on : 02-10-2004 14:59:37
Last accessed : 02-10-2004 15:00:30
Last modified : 16-08-2004 18:24:14



Disk scan result for C:\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 39


Deep scanning and examining files (D:)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Disk scan result for D:\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 39


Deep scanning and examining files (E:)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Disk scan result for E:\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 39


Performing conditional scans..
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

VX2 Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : Software\Multimpp


VX2 Object recognized!
Type : File
Data : dummy.htm
Category : Data Miner
Comment :
Object : c:\docume~1\winxp~1\defini~1\temp\

Created on : 01-10-2004 15:28:44
Last accessed : 02-10-2004 15:17:14
Last modified : 01-10-2004 15:28:44



DyFuCA Object recognized!
Type : Folder
Category : Malware
Comment :
Object : c:\program files\Internet Optimizer


DyFuCA Object recognized!
Type : File
Data : optimize.exe
Category : Malware
Comment :
Object : c:\program files\internet optimizer\
FileSize : 44 KB
Created on : 01-10-2004 15:28:31
Last accessed : 02-10-2004 15:14:12
Last modified : 01-10-2004 15:28:31



DyFuCA Object recognized!
Type : File
Data : update
Category : Malware
Comment :
Object : c:\program files\internet optimizer\

Created on : 01-10-2004 15:28:32
Last accessed : 02-10-2004 15:14:12
Last modified : 01-10-2004 15:28:35



Conditional scan result:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 5
Objects found so far: 44


16:19:54 Scan complete

Summary of this scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Total scanning time :00:07:30:453
Objects scanned :112367
Objects identified :44
Objects ignored :0
New objects :44
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP