Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

http://a-search.biz/?wmid=1010 redirect


  • This topic is locked This topic is locked
18 replies to this topic

#1 bairradino

bairradino

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 27 September 2004 - 04:02 PM

My startup internet page is redirected to "http://a-search.biz/?wmid=1010"

See my HijackThis log.
What must I do?

_________________________________________________

Logfile of HijackThis v1.98.2
Scan saved at 21:52:16, on 27-09-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exe
C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\Symantec AntiVirus\DefWatch.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\PMJ151LA.BIN
C:\Programas\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Programas\Analog Devices\SoundMAX\Smtray.exe
C:\Programas\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Programas\Java\j2re1.4.2_03\bin\jusched.exe
C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\System32\evyldq.exe
C:\Programas\QuickTime\qttask.exe
C:\Documents and Settings\Manuel Borras\Application Data\ppq?l.exe
C:\Programas\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\WINDOWS\System32\WISPTIS.EXE
F:\Downloads\Diversos\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
R3 - URLSearchHook: MailTo Class - {FDE3577A-6254-181C-4E11-339E4F746BD3} - C:\WINDOWS\System32\wins32t.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\Jccatch.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [Smapp] C:\Programas\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programas\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programas\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [asruwos] C:\WINDOWS\System32\evyldq.exe
O4 - HKLM\..\Run: [tapisys] C:\WINDOWS\System32\tss.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exe
O4 - HKLM\..\RunOnce: [0007 - C:\Documents and Settings\Manuel Borras\Menu Iniciar\Programas\hp deskjet 990c series v3.0] C:\WINDOWS\command.com /c rmdir "C:\Documents and Settings\Manuel Borras\Menu Iniciar\Programas\hp deskjet 990c series v3.0"
O4 - HKCU\..\Run: [tapisys] C:\WINDOWS\System32\tss.exe
O4 - HKCU\..\Run: [MCW Startup] "C:\Programas\Monitor Calibration Wizard\MCW.exe" /s
O4 - HKCU\..\Run: [Srec] C:\Documents and Settings\Manuel Borras\Application Data\ppq?l.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programas\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programas\Ficheiros comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Programas\Ficheiros comuns\Autodesk Shared\acstart16.exe
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O4 - Global Startup: WiziWYG XP Startup.lnk = C:\Programas\Praxisoft\WiziWYG XP\WiziWYGXP.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\MSMSGS.EXE
O15 - Trusted Zone: http://linktrader.cyberspacehq.com
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php...4145ae90fecae62
O17 - HKLM\System\CCS\Services\Tcpip\..\{88E6C49A-65C6-47DF-B48D-51C2F882FA5B}: NameServer = 194.65.100.117

_________________________________________________________

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:03 PM

Posted 27 September 2004 - 06:18 PM

I want you to fix some of those entries. Please do the following:

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R3 - URLSearchHook: MailTo Class - {FDE3577A-6254-181C-4E11-339E4F746BD3} - C:\WINDOWS\System32\wins32t.dll
O4 - HKLM\..\Run: [asruwos] C:\WINDOWS\System32\evyldq.exe
O4 - HKLM\..\Run: [tapisys] C:\WINDOWS\System32\tss.exe
O4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exe
O4 - HKCU\..\Run: [tapisys] C:\WINDOWS\System32\tss.exe
O4 - HKCU\..\Run: [Srec] C:\Documents and Settings\Manuel Borras\Application Data\ppq?l.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php...4145ae90fecae62


Reboot your computer into Safe Mode

Then delete these files or directories (Do not be concerned if they do not exist)

C:\WINDOWS\System32\wins32t.dll
C:\WINDOWS\System32\evyldq.exe
C:\WINDOWS\System32\tss.exe
C:\Program Files\WindUpdates\WinUpdt.exe
C:\WINDOWS\System32\tss.exe
C:\Documents and Settings\Manuel Borras\Application Data\ppq?l.exe


Reboot your computer to go back to normal mode and post a new log.

#3 bairradino

bairradino
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 28 September 2004 - 01:30 PM

Thanks Grinler for help.
I did what you told me to do.
Here's the new log.
_____________________________________
Logfile of HijackThis v1.98.2
Scan saved at 19:25:29, on 28-09-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exe
C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\Symantec AntiVirus\DefWatch.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\PMJ151LA.BIN
C:\Programas\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Programas\Analog Devices\SoundMAX\Smtray.exe
C:\Programas\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Programas\Java\j2re1.4.2_03\bin\jusched.exe
C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Programas\QuickTime\qttask.exe
C:\Programas\Messenger\msmsgs.exe
C:\Programas\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\cleanmgr.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\Source Engine\OSE.EXE
F:\Downloads\Diversos\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\Jccatch.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [Smapp] C:\Programas\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programas\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programas\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunOnce: [0007 - C:\Documents and Settings\Manuel Borras\Menu Iniciar\Programas\hp deskjet 990c series v3.0] C:\WINDOWS\command.com /c rmdir "C:\Documents and Settings\Manuel Borras\Menu Iniciar\Programas\hp deskjet 990c series v3.0"
O4 - HKCU\..\Run: [MCW Startup] "C:\Programas\Monitor Calibration Wizard\MCW.exe" /s
O4 - HKCU\..\Run: [MSMSGS] "C:\Programas\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programas\Ficheiros comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Programas\Ficheiros comuns\Autodesk Shared\acstart16.exe
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O4 - Global Startup: WiziWYG XP Startup.lnk = C:\Programas\Praxisoft\WiziWYG XP\WiziWYGXP.exe
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\MSMSGS.EXE
O15 - Trusted Zone: http://linktrader.cyberspacehq.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{88E6C49A-65C6-47DF-B48D-51C2F882FA5B}: NameServer = 194.65.100.117
____________________________________________________________

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:03 PM

Posted 28 September 2004 - 01:51 PM

Log looks clean...great job!

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point.

    You can find instructions on how to enable and reenable system restore here:

    Managing Windows Millenium System Restore

    or

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Glad I was able to help.

#5 bairradino

bairradino
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 28 September 2004 - 06:56 PM

Grinler,

Thanks for your help, once more, and for your kind words.
However I still have the infection.
Here's my recent log...
_____________________________________________
Logfile of HijackThis v1.98.2
Scan saved at 0:54:02, on 29-09-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exe
C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\Symantec AntiVirus\DefWatch.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\PMJ151LA.BIN
C:\Programas\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Programas\Analog Devices\SoundMAX\Smtray.exe
C:\Programas\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Programas\Java\j2re1.4.2_03\bin\jusched.exe
C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Programas\QuickTime\qttask.exe
C:\Programas\Messenger\msmsgs.exe
C:\Programas\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programas\Internet Explorer\iexplore.exe
F:\Downloads\Diversos\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\Jccatch.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [Smapp] C:\Programas\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programas\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programas\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunOnce: [0007 - C:\Documents and Settings\Manuel Borras\Menu Iniciar\Programas\hp deskjet 990c series v3.0] C:\WINDOWS\command.com /c rmdir "C:\Documents and Settings\Manuel Borras\Menu Iniciar\Programas\hp deskjet 990c series v3.0"
O4 - HKCU\..\Run: [MCW Startup] "C:\Programas\Monitor Calibration Wizard\MCW.exe" /s
O4 - HKCU\..\Run: [MSMSGS] "C:\Programas\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programas\Ficheiros comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Programas\Ficheiros comuns\Autodesk Shared\acstart16.exe
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O4 - Global Startup: WiziWYG XP Startup.lnk = C:\Programas\Praxisoft\WiziWYG XP\WiziWYGXP.exe
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\MSMSGS.EXE
O15 - Trusted Zone: http://linktrader.cyberspacehq.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{88E6C49A-65C6-47DF-B48D-51C2F882FA5B}: NameServer = 194.65.100.117
________________________________________________________

I had already Spybot Search&Destroy and an anti-virus but something happened with my sons' surfing I supose.

#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:03 PM

Posted 28 September 2004 - 10:36 PM

Can you please zip and email the following files to submitmalware@gmail.com and grinler@yahoo.com:

C:\WINDOWS\PMJ151LA.BIN

When you email me, please include a link to this topic.

Thanks

The first thing I need you to do is download the file from here:

Getservices.zip - Get list of XP/2000/NT Services

Extract the file to the c:\ drive. Then navigate to the c:\getservices and double-click on the getservices.bat file. A notepad will open up. Please paste the contents of that notepad as a reply to this post along with a brand new hijackthis log.

#7 bairradino

bairradino
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 29 September 2004 - 03:12 PM

Here it goes!
Content of "getservice.txt":
____________________________________________________

PsService v1.1 - local and remote services viewer/controller
Copyright © 2001-2003 Mark Russinovich
Sysinternals - www.sysinternals.com

SERVICE_NAME: Adobe LM Service
Adobe LM Service
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : "C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe"
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Adobe LM Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ALG
Fornece suporte para plug-ins de protocolos de outros fabricantes para a 'Partilha de ligação à Internet' e o 'Firewall de ligação à Internet'
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\alg.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Serviço de gateway de camada de aplicação
DEPENDENCIES :
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: AppMgmt
Fornece serviços de instalação de software como, por exemplo, atribuir, publicar e remover.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Gestão de aplicações
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: aspnet_state
Provides support for out-of-process session states for ASP.NET. If this service is stopped, out-of-process requests will not be processed. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : ASP.NET State Service
DEPENDENCIES :
SERVICE_START_NAME: NT AUTHORITY\NetworkService

SERVICE_NAME: AudioSrv
Gere dispositivos de áudio para programas baseados no Windows. Se este serviço for parado, os efeitos e dispositivos de áudio não irão funcionar correctamente. Se este serviço for desactivado, o início dos serviços de que dependem explicitamente irá falhar.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : AudioGroup
TAG : 0
DISPLAY_NAME : Áudio do Windows
DEPENDENCIES : PlugPlay
: RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Autodesk Licensing Service
Anchor service for Autodesk products licensed with SafeCast
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : "C:\Programas\Ficheiros comuns\Autodesk Shared\Service\AdskScSrv.exe"
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Autodesk Licensing Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: BITS
Utiliza a largura de banda inactiva da rede para transferir dados.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Serviço de transferência inteligente em fundo
DEPENDENCIES : LanmanWorkstation
: RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ccEvtMgr
Symantec Event Manager
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : "C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe"
LOAD_ORDER_GROUP : Symantec Services
TAG : 0
DISPLAY_NAME : Symantec Event Manager
DEPENDENCIES : RPCSS
: ccSetMgr
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ccPwdSvc
Symantec Password Validation Service
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : "C:\Programas\Ficheiros comuns\Symantec Shared\ccPwdSvc.exe"
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Symantec Password Validation
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ccSetMgr
Symantec Settings Manager
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : "C:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exe"
LOAD_ORDER_GROUP : Symantec Services
TAG : 0
DISPLAY_NAME : Symantec Settings Manager
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Ccsoasf
(null)
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME :
LOAD_ORDER_GROUP : Parallel arbitrator
TAG : 1
DISPLAY_NAME : Ccsoasf
DEPENDENCIES :
SERVICE_START_NAME:

SERVICE_NAME: cisvc
Conteúdo de índices e propriedades de ficheiros em computadores locais e remotos; possibilita o rápido acesso a ficheiros através de uma linguagem de consulta flexível.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\cisvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Serviço de indexação
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ClipSrv
Permite que o 'Visualizador da área de armazenamento' armazene informações e as pçartilhe com computadores remotos. Se o serviço for parado, o 'Visualizador da área de armazenamento' não poderá partilhar informações com computadores remotos. Se este serviço for desactivado, a inicialização dos serviços dependentes dele explicitamente falhará.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\clipsrv.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : ClipBook
DEPENDENCIES : NetDDE
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: COMSysApp
Gere a configuração e o controlo de componentes baseados no Component Object Model (COM)+. Se este serviço for parado, a maior parte dos componentes baseados no COM+ não funcionará correctamente. Se este serviço for desactivado, quaisquer serviços que dependam explicitamente dele não conseguirão ser inicializados.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Aplicação de sistema COM+
DEPENDENCIES : rpcss
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 30 seconds
FAILURE_ACTIONS : Restart DELAY: 1000 seconds
: Restart DELAY: 5000 seconds
: None DELAY: 1000 seconds

SERVICE_NAME: CryptSvc
Fornece três serviços de gestão: 'Serviço de catalogação de bases de dados', que confirma as assinaturas de ficheiros do Windows; 'Serviço de protecção de raiz', que adiciona e remove certificados de 'Autoridade de certificação de raiz fiável' deste computador e o 'Serviço de chaves' que ajuda a inscrever este computador para certificados. Se este serviço for parado, estes serviços de gestão não irão funcionar correctamente. Se este serviço estiver desactivado, quaisquer serviços que dependam dele explicitamente não irão iniciar correctamente.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Serviços criptográficos
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: DefWatch
Monitors and maintains virus definitions.
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : "C:\Programas\Symantec AntiVirus\DefWatch.exe"
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Symantec AntiVirus Definition Watcher
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Dhcp
Gere a configuração da rede registando e actualizando endereços IP e nomes DNS.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : Cliente DHCP
DEPENDENCIES : Tcpip
: Afd
: NetBT
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: dmadmin
Configura unidades e volumes de disco rígido. O serviço só é executado para processos de configuração e depois pára.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\dmadmin.exe /com
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Serviço administrativo de gestão de discos lógicos
DEPENDENCIES : RpcSs
: PlugPlay
: DmServer
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: dmserver
Detecta e supervisiona as novas unidades de discos e envia informações sobre o volume de discos para o serviço administrativo de gestão de discos lógicos para configuração. Se este serviço for parado, as informações de estado de discos dinâmicos e de configuração podem ficar desactualizadas. Se este serviço for desactivado, a inicialização dos serviços dependentes dele explicitamente falhará.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Gestor de discos lógicos
DEPENDENCIES : RpcSs
: PlugPlay
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Dnscache
Resolve e coloca na cache os nomes DNS (Domain Name System) para este computador. Se este serviço estiver parado, este computador não será capaz de resolver os nomes de DNS e localizar os controladores de domínio Active Directory. Se este serviço estiver desactivado, quaisquer serviços que dependam dele explicitamente não serão iniciados.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k NetworkService
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : Cliente DNS
DEPENDENCIES : Tcpip
SERVICE_START_NAME: NT AUTHORITY\NetworkService

SERVICE_NAME: ERSvc
Permite o relato de erros para serviços e aplicações a serem executados em ambientes não padrão.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Serviço de relato de erros
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Eventlog
Activa mensagens do registo de eventos emitidas por programas baseados no Windows e componentes a apresentar no 'Visualizador de eventos'. Este serviço não pode ser parado.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\services.exe
LOAD_ORDER_GROUP : Event log
TAG : 0
DISPLAY_NAME : Registo de eventos
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: EventSystem
Suporta o serviço de notificação de eventos do sistema (SENS), que fornece a distribuição automática de eventos para subscrever componentes Component Object Model (COM). Se o serviço for parado, o SENS será encerrado e não poderá fornecer notificações de início e de fim de sessão. Se este serviço for desactivado, quaisquer serviços que dependam explicitamente do mesmo não conseguirão ser inicializados.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : Network
TAG : 0
DISPLAY_NAME : Sistema de eventos do COM+
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: FastUserSwitchingCompatibility
Fornece a gestão para as aplicações que requerem assistência num ambiente de vários utilizadores.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Compatibilidade de 'Mudança rápida de utilizador'
DEPENDENCIES : TermService
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: helpsvc
Activa o Centro de ajuda e suporte para ser executado neste computador. Se este serviço for parado, o Centro de ajuda e suporte não estará disponível. Se este serviço estiver desactivado, todos os serviços que dependem explicitamente dele não vão iniciar.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Ajuda e suporte
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 100 seconds
: Restart DELAY: 100 seconds
: None DELAY: 100 seconds

SERVICE_NAME: HidServ
Fornece acesso por entrada genérica a dispositivos de interface humana (HID), que activa e mantém a utilização de botões de acesso directo em teclados, controlos remotos e outros dispositivos de multimédia. Se este serviço for parado, os botões de acesso directo controlados por este serviço deixarão de funcionar. Se este serviço for desactivado, a inicialização dos serviços dependentes dele explicitamente falhará.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Acesso a dispositivos de interface humana
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ImapiService
Gere a gravação de CD utilizando a IMAPI (Image Mastering Applications Programming Interface). Se este serviço for parado, este computador não conseguirá gravar CDs. Se este serviço estiver desactivado, quaisquer serviços que dependam explicitamente do mesmo não conseguirão ser iniciados.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\imapi.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Serviço COM de gravação de CD de IMAPI
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Irmon
Suporta dispositivos de infravermelhos instalados no computador e detecta outros dispositivos que estejam no raio de acção.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : Monitor de infravermelhos
DEPENDENCIES : irda
: RpcSs
: TermService
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: LmHosts
Activa o suporte para o serviço NetBIOS em TCP/IP (NetBT) e para a resolução de nomes NetBIOS.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k LocalService
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : Programa auxiliar TCP/IP NetBIOS
DEPENDENCIES : NetBT
: Afd
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: MDM
Manages local and remote debugging for Visual Studio debuggers
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : "C:\Programas\Ficheiros comuns\Microsoft Shared\VS7Debug\mdm.exe"
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Machine Debug Manager
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: mnmsrvc
Permite às pessoas autorizadas aceder remotamente ao seu ambiente de trabalho do Windows utilizando o NetMeeting.
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\mnmsrvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Partilha remota do ambiente de trabalho do NetMeeting
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Morfdulu
(null)
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME :
LOAD_ORDER_GROUP : System Bus Extender
TAG : 1
DISPLAY_NAME : Morfdulu
DEPENDENCIES :
SERVICE_START_NAME:

SERVICE_NAME: MSDTC
Coordena transacções que expandem vários gestores de recursos, tais como bases de dados, filas de mensagens e sistemas de ficheiros. Se este serviço for parado, estas transacções não ocorrerão. Se este serviço estiver desactivado, quaisquer serviços que dependam explicitamente do mesmo vão falhar.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\msdtc.exe
LOAD_ORDER_GROUP : MS Transactions
TAG : 0
DISPLAY_NAME : DTC (Coordenador de transacções distribuídas)
DEPENDENCIES : RPCSS
: SamSS
SERVICE_START_NAME: NT AUTHORITY\NetworkService

SERVICE_NAME: MSIServer
Instala, repara e remove software de acordo com as instruções contidas nos ficheiros .MSI.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\msiexec.exe /V
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Installer
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NetDDE
Fornece transporte e segurança de rede para intercâmbio dinâmico de dados (DDE) para programas em execução no mesmo computador ou em computadores diferentes. Se este serviço for parado, o transporte e segurança de DDE não estarão disponíveis. Se este serviço for desactivado, a inicialização dos serviços dependentes dele explicitamente falhará.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\netdde.exe
LOAD_ORDER_GROUP : NetDDEGroup
TAG : 0
DISPLAY_NAME : Rede DDE
DEPENDENCIES : NetDDEDSDM
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NetDDEdsdm
Gere partilhas de rede de intercâmbio dinâmico de dados (DDE). Se este serviço for parado, as partilhas de rede DDE não estarão disponíveis. Se este serviço for desactivado, a inicialização dos serviços dependentes dele explicitamente falhará.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\netdde.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Rede DDE DSDM
DEPENDENCIES :
: EGrLocalSystem
: Rede DDE DSDM
: m
: Rede DDE
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Netman
Gere objectos na pasta 'Ligações de acesso telefónico e de rede', na qual pode ver os locais das ligações da área da rede local e remota.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Ligações de rede
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Nla
Recolhe e armazena informações de configuração e localizações da rede e notifica as aplicações quando estas informações são alteradas.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Identificação da localização na rede (NLA)
DEPENDENCIES : Tcpip
: Afd
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NtmsSvc
(null)
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Armazenamento amovível
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ose
Salva arquivos de instalação usados em atualizações e reparos e é necessário para baixar atualizações da instalação e relatórios de erro do Watson.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Programas\Ficheiros comuns\Microsoft Shared\Source Engine\OSE.EXE
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Office Source Engine
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: PlugPlay
Permite que um computador identifique e se adapte a alterações de hardware com pouca ou nenhuma interactividade do utilizador. A paragem ou desactivação deste serviço resultará na instabilidade do sistema.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\services.exe
LOAD_ORDER_GROUP : PlugPlay
TAG : 0
DISPLAY_NAME : Plug and Play
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: PMJ151LA
(null)
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\PMJ151LA.BIN
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : PMJ151 AutoLaunch Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: pnpsvc
Provides plug and play svc devices support
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Plug and Play svc service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: PolicyAgent
Gere a política de segurança IP e inicia o ISAKMP/Oakley (IKE) e o controlador de segurança IP.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\lsass.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Serviços IPSEC
DEPENDENCIES : RPCSS
: Tcpip
: IPSec
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ProtectedStorage
Fornece armazenamento para dados importantes como, por exemplo, chaves privadas, de forma a impedir o acesso de serviços, processos ou utilizadores não autorizados.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Armazenamento protegido
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RasAuto
Cria uma ligação a uma rede remota sempre que um programa referencia um DNS remoto, ou um nome ou endereço NetBIOS.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Gestor de ligação automática de acesso remoto
DEPENDENCIES : RasMan
: Tapisrv
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RasMan
Cria uma ligação de rede.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Gestor de ligação de acesso remoto
DEPENDENCIES : Tapisrv
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RDSessMgr
Gere e controla a 'Assistência remota'. Se este serviço for parado, a 'Assistência remota' não irá estar disponível. Antes de parar este serviço, consulte o separador 'Dependências' da caixa de diálogo 'Propriedades'.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\sessmgr.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Gestor de sessões de ajuda do 'Ambiente de trabalho remoto'
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RemoteAccess
Disponibiliza serviços de encaminhamento a empresas em ambientes de rede local e alargada.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Encaminhamento e acesso remoto
DEPENDENCIES : RpcSS
: +NetBIOSGroup
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RemoteRegistry
Permite que os utilizadores remotos modifiquem definições de registo neste computador. Se este serviço for parado, o registo só poderá ser modificado pelos utilizadores deste computador. Se este serviço for desactivado, a inicialização dos serviços dependentes dele explicitamente falhará
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k LocalService
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Registo remoto
DEPENDENCIES : RPCSS
SERVICE_START_NAME: NT AUTHORITY\LocalService
FAIL_RESET_PERIOD : 0 seconds
FAILURE_ACTIONS : Restart DELAY: 1000 seconds

SERVICE_NAME: RpcSs
Fornece um mapeador de pontos finais e outros serviços RPC.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost -k rpcss
LOAD_ORDER_GROUP : COM Infrastructure
TAG : 0
DISPLAY_NAME : Chamada de procedimento remoto (RPC)
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 0 seconds
FAILURE_ACTIONS : Reboot DELAY: 60000 seconds

SERVICE_NAME: RSVP
Fornece a sinalização de rede e a função de configuração de controlo do trânsito local para programas que utilizem QoS e aplicações de controlo.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\rsvp.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : QoS RSVP
DEPENDENCIES : TcpIp
: Afd
: RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SamSs
Armazena as informações de segurança para as contas de utilizador locais.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe
LOAD_ORDER_GROUP : LocalValidation
TAG : 0
DISPLAY_NAME : Gestor de contas de segurança
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SavRoam
Symantec AntiVirus Roaming Service
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : "C:\Programas\Symantec AntiVirus\SavRoam.exe"
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : SAVRoam
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SCardDrv
Activa o suporte para leitores de smart cards não plug-and-play utilizados por este computador. Se parar este serviço, este computador não irá suportar leitores que não sejam plug-and-play. Se este serviço estiver desactivado, não será possível iniciar quaisquer serviços que dele dependam explicitamente.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\SCardSvr.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Ajuda do smart card
DEPENDENCIES : +Smart Card Reader
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: SCardSvr
Gere o acesso a smart cards lidas pelo computador. Se parar este serviço, não será possível a este computador ler smart cards. Se este serviço for desactivado, não será possível iniciar quaisquer serviços que dele dependam explicitamente.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\SCardSvr.exe
LOAD_ORDER_GROUP : SmartCardGroup
TAG : 0
DISPLAY_NAME : Smart Card
DEPENDENCIES : PlugPlay
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: Schedule
Permite a utilizador configurar e agendar tarefas automatizadas neste computador. Se este serviço estiver parado, estas tarefas não serão executadas nas horas agendadas. Se este serviço estiver desactivado, qualquer serviço que dependa explicitamente dele não será inciado.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : SchedulerGroup
TAG : 0
DISPLAY_NAME : Programador de tarefas
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: seclogon
Activa processos de início sob credenciais alternativas. Se parar este serviço, este tipo de acesso de início de sessão estará indisponível. Se este serviço for desactivado, quaisquer serviços que dele dependem explicitamente falharão ao iniciar.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Início de sessão secundário
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SENS
Regista os eventos do sistema como, por exemplo, início de sessão do Windows, rede e eventos de alimentação. Notifica os subscritores do sistema de eventos COM+ desses eventos.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : Network
TAG : 0
DISPLAY_NAME : Notificação de evento de sistema
DEPENDENCIES : EventSystem
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SharedAccess
Fornece conversão de endereços de rede, endereçamento, resolução de nomes e/ou serviços de prevenção de intrusões para uma rede de pequeno escritório ou doméstica.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Firewall de ligação à Internet(ICF) / Partilha de ligação à Internet (ICS)
DEPENDENCIES : Netman
: NLA
: RasMan
: ALG
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ShellHWDetection
(null)
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : ShellSvcGroup
TAG : 0
DISPLAY_NAME : Detecção de hadrware da shell
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SNDSrvc
Symantec Network Drivers Service
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : "C:\Programas\Ficheiros comuns\Symantec Shared\SNDSrvc.exe"
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Symantec Network Drivers Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SoundMAX Agent Service (default)
(null)
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Programas\Analog Devices\SoundMAX\SMAgent.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : SoundMAX Agent Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Spooler
Carrega ficheiros para a memória para imprimir mais tarde.
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\spoolsv.exe
LOAD_ORDER_GROUP : SpoolerGroup
TAG : 0
DISPLAY_NAME : Spooler de impressão
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds
: None DELAY: 0 seconds

SERVICE_NAME: srservice
Executa funções de restauro do sistema. Para parar o serviço, desactive a opção 'Restauro do sistema' a partir do separador 'Restauro do sistema' em 'O meu computador'->'Propriedades'
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Serviço de 'Restauro do sistema'
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SSDPSRV
Permite a identificação de dispositivos UPnP na rede doméstica.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k LocalService
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Serviço de identificação SSDP
DEPENDENCIES :
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: stisvc
Fornece serviços de aquisição de imagem para scanners e câmaras.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k imgsvc
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Image Acquisition (WIA)
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SwPrv
Gere cópias sombra baseadas em software criadas pelo serviço de cópia sombra de volumes. Se este serviço for parado, não é possível gerir as cópias sombra baseados em software. Se este serviço for desactivado, quaisquer serviços que dependam explicitamente dele não conseguirão arrancar.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\dllhost.exe /Processid:{FFDD02B4-68DC-40C3-B10F-136CD213D189}
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : MS Software Shadow Copy Provider
DEPENDENCIES : rpcss
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Symantec AntiVirus
Provides real-time virus scanning, reporting, and management functionality for Symantec AntiVirus.
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : "C:\Programas\Symantec AntiVirus\Rtvscan.exe"
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Symantec AntiVirus
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SysmonLog
Recolhe dados de desempenho de computadores locais ou remotos baseados em parâmetros de agendamento pré-configurados e, em seguida, grava os dados num registo ou activa um alerta. Se este serviço for parado, as informações de desempenho não serão recolhidas. Se este serviço for desactivado, os serviços que dependem explicitamente dele não serão iniciados.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\smlogsvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Alertas e registos de desempenho
DEPENDENCIES :
SERVICE_START_NAME: NT Authority\NetworkService

SERVICE_NAME: TapiSrv
Fornece suporte de Telephony API (TAPI) para programas que controlam dispositivos telefónicos e ligações de voz com base em IP no computador local e através da rede local em servidores com o serviço em execução.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Dispositivos telefónicos
DEPENDENCIES : PlugPlay
: RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: TermService
Permite a múltiplos utilizadores estarem ligados interactivamente a um computador bem como mostrar os ambientes de trabalho e aplicações a computadores remotos. É o que está por detrás do 'Ambiente de trabalho remoto' (incluindo RD para administradores), 'Mudança rápida de utilizador', 'Assistência remota' e 'Servidor de terminais'.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Serviços de terminal
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Themes
Fornece a gestão de temas por parte dos utilizadores.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : UIGroup
TAG : 0
DISPLAY_NAME : Temas
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds
: None DELAY: 0 seconds

SERVICE_NAME: TlntSvr
Permite que um utilizador remoto inicie sessão neste computador e execute programas, e suporte diversos clientes de Telnet de TCP/IP, incluindo computadores baseados em UNIX e baseados no Windows. Se parar este serviço for, o acesso de utilizador remoto a programas pode estar indisponível. Se este serviço estiver desactivado, não será possível iniciar quaisquer serviços que dependem dele explicitamente.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\tlntsvr.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Telnet
DEPENDENCIES : RPCSS
: TCPIP
: NTLMSSP
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: TrkWks
Mantém hiperligações entre ficheiros NTFS num computador ou em vários computadores num domínio de rede.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Cliente de Distributed Link Tracking
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: uploadmgr
Gere transferências de ficheiros síncronas e assíncronas entre clientes e servidores na rede. Se este serviço for parado, as transferências de ficheiros síncronas e assíncronas entre clientes e servidores na rede não vão ocorrer. Se este serviço for desactivado, todos os serviços que dependem explicitamente dele não vão conseguir ser iniciados.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Upload Manager
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 100 seconds
: Restart DELAY: 100 seconds
: None DELAY: 100 seconds

SERVICE_NAME: upnphost
Fornece suporte para hospedar dispositivos Universal Plug and Play.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k LocalService
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Anfitrião de dispositivos Universal Plug and Play
DEPENDENCIES : SSDPSRV
SERVICE_START_NAME: NT AUTHORITY\LocalService
FAIL_RESET_PERIOD : -1 seconds
FAILURE_ACTIONS : Restart DELAY: 0 seconds

SERVICE_NAME: UPS
Gere uma fonte de alimentação ininterrupta (UPS) ligada ao computador.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\ups.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Fonte de alimentação ininterrupta
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: VSS
Gere e implementa cópias de mirror de volume utilizadas para cópia de segurança, entre outros propósitos. Se este serviço for parado, as cópias de mirror não estarão disponíveis para cópia de segurança e esta poderá falhar. Se este serviço estiver desactivado, não será possível iniciar qualquer serviço que dependa explicitamente dele.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\vssvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Cópia sombra de volume
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: W32Time
Gere a sincronização da data e da hora de todos clientes e servidores na rede. Se este serviço parar, a sincronização de data e hora deixará de estar disponível. Se este serviço estiver desactivado, não será possível iniciar quaisquer serviços que dependam explicitamente dele.


TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Hora do Windows
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 5 seconds
FAILURE_ACTIONS : Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds

SERVICE_NAME: WebClient
Permite que os programas baseados no Windows criem, acedam e modifiquem ficheiros baseados na Internet. Se este serviço estiver parado, estas funções não estarão disponíveis. Se este serviço estiver desactivado, qualquer serviço que dependa explicitamente dele não será inciado.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k LocalService
LOAD_ORDER_GROUP : NetworkProvider
TAG : 0
DISPLAY_NAME : WebClient
DEPENDENCIES : MRxDAV
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: winmgmt
Fornece uma interface comum e modelo de objecto para aceder a informação de gestão de acesso acerca do sistema operativo, dispositivos, aplicações e serviços. Se este serviço for parado, a maioria do software baseado em Windows não irá funcionar correctamente. Se este serviço estiver desactivado, quaisquer serviços que dependam explicitamente dele não conseguirão iniciar.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : WMI (Instrumento de gestão do Windows)
DEPENDENCIES : RPCSS
: Eventlog
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds

SERVICE_NAME: WmdmPmSN
Obtém o número de série de qualquer leitor de multimédia portátil ligado a este computador. Se este serviço for interrompido, poderá não conseguir transferir conteúdo protegido para o dispositivo.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Serviço do número de série de leitores de multimédia portáteis
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Wmi
Fornece informações sobre a gestão de sistemas de e para controladores.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Extens. contr. da Windows Management Instrumentation
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: WmiApSrv
Fornece informações de biblioteca de desempenho a partir de fornecedores HiPerf de WMI.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\wbem\wmiapsrv.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Adaptador de desempenho WMI
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: wuauserv
Permite a transferência e instalação de actualizações fundamentais para o Windows. Se o serviço estiver desactivado, será possível actualizar manualmente o sistema operativo no Web site Windows Update.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Actualizações automáticas
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: WZCSVC
Fornece configuração automática aos adaptadores 802.11
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : Configuração zero sem fios
DEPENDENCIES : RpcSs
: Ndisuio
SERVICE_START_NAME: LocalSystem

______________________________________________

The file requested was sent to your e-mail adresses.

#8 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:03 PM

Posted 29 September 2004 - 03:22 PM

While i look over this, can you please zip and send the file:

C:\WINDOWS\PMJ151LA.BIN

to grinler@yahoo.com

#9 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:03 PM

Posted 29 September 2004 - 03:24 PM

Ahhh...buggers changed the redirect to another domain...one sec. Ill have you fixed up in no time :thumbsup:

Hi. Please download and install the program Registry Lite from here:

http://www.resplendence.com/reglite

Once it is installed, please double click on the icon that should now be on your desktop. If an icon is not there, then check under programs portion of the Start Menu.

Once it is opened, copy and paste the below line, into the address field of Registrar Lite.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pnpsvc\Parameters\\ServiceDll

And press enter. You will now be presented with new information in the right and left sections of the program. In the right section you should see the ServiceDll value highlighted. Double-click on it and copy and paste the text found in the value field in your next reply to this post.

#10 bairradino

bairradino
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 29 September 2004 - 04:44 PM

The value is:
"c:\windows\system32\aqrrejah.dll"

#11 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:03 PM

Posted 29 September 2004 - 04:45 PM

Start Hijackthis and when it opens, click on Config then click on Misc Tools. Once at the new screen click on the "Delete a file on reboot" button. You will be presented with a dialog asking you to pick a file. Copy and paste c:\windows\system32\aqrrejah.dll into the file name field and press the open button.

When Hijackthis prompts you to reboot, please do so.

When the computer is back to your desktop confirm that c:\windows\system32\aqrrejah.dll no longer exists.

If it is no longer there then do the following:

Delete the file c:\windows\system32\pnpsvc.inf

Then launch Notepad, and copy and paste the contents of the quote box below into a new text file.

Save it as file name: "fixme.reg" (not including the quotes). Save as file type: All files (*.*) and save it on your Desktop.

REGEDIT4

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet\Control\SafeBoot\Minimal\pnpsvc]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet\Control\SafeBoot\Network\pnpsvc]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PNPSVC]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\PNPSVC]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PNPSVC]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\pnpsvc]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\pnpsvc]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet001\Services\EventLog\Application\PNPSVC]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PNPSVC]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\pnpsvc]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Network\pnpsvc]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet002\Services\EventLog\Application\PNPSVC]


Now double-click on the fixme.reg file you just saved and click on the Yes button when it asks if you would like to merge the information.

Next start registrar lite again and enter into the address field each of these addresses. At each location delete the highlighted LEGACY_PNPSVC. If you have trouble deleting one of these, right click on it, and click on the properties. Then click on the permissions button and make sure everyone or users has full control set. Then try to delete it again.

Do not delete any other entries at all.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PNPSVC
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PNPSVC
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_PNPSVC

Reboot your computer, post a new hijackthis log and let us know how everything is working.

#12 bairradino

bairradino
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 29 September 2004 - 05:22 PM

Great!
You are almost there.
The only thing missing is that I get an "access denied" message when trying to delete:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PNPSVC
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PNPSVC
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_PNPSVC

However the redirect action no longer exists.
Any suggestions on how to delete them?

#13 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:03 PM

Posted 29 September 2004 - 08:57 PM

Next start registrar lite again and enter into the address field each of these addresses. At each location delete the highlighted LEGACY_PNPSVC. If you have trouble deleting one of these, right click on it, and click on the properties. Then click on the permissions button and make sure everyone or users has full control set. Then try to delete it again.


Read above closely. It tells you how to change the permissions on the key so you can delete them

#14 bairradino

bairradino
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 30 September 2004 - 01:25 PM

I tried yesterday night several times and I didn't get it. That's Why I post you.
Now, after reading your last post I tried again without succes.
When I give Full Control to Everyone it appears another group SYSTEM and I get an Access Denied.
Can you help me?

#15 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:03 PM

Posted 30 September 2004 - 01:58 PM

What do you mean

it appears another group SYSTEM






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users