The only records I have from the pings are from yesterday (when I started logging them).This may be a stretch (a large stretch), but someone could have planted something on your Windows box that is using pings as a covert channel (given that person has also taken control of the webserver that hosts transamericana.org and can watch the connection logs). Do you have a capture of the pings for someone to do a frequency analysis on?
Also, you may want to post a list of your currently running processes in hopes someone may spot something that looks wrong.
-Michael
On Sat, 29 Jan 2005 12:03:39 +0000, Antonio Henrique Oliveira <[EMAIL PROTECTED]> wrote:
Gregh wrote:
----- Original Message ----- From: "Antonio Henrique Oliveira" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Saturday, January 29, 2005 9:46 PM Subject: [Full-Disclosure] Transamericana.org
Dear all,
Please excuse me if this is a bit off-topic, but since this is the only IT related mailing list I subscribe (apart from Secunia's) I decided to post here.
From sometime ago (I cannot determine exactly when this started to
happen), my workstation (WinXP SP2 PT, fully patched) has been sending out ping requests to www.transamericana.org when I login to the machine (right at the beginning of the login process, and only at that time).
Perchance is your DNS hosted there? Eg, your ISP's DNS servers?
Greg.
No. The Linux box runs bind for the internal (and external) networks and does direct queries to the root servers, not using our ISP's DNS. The internal network is configured with DHCP and the DNS server for all hosts is set to the linux box internal address. Also, my workstation (and there are 5 more) is the only one doing this.
Regards, -- Anto'nio Henrique A. Proenca de Oliveira
"Although we can never go back, like an old sweet song with a strong refrain, memories remain" - (Someone)
Please avoid sending me Word or PowerPoint attachments. See http://www.fsf.org/philosophy/no-word-attachments.html $Id: .signature,v 1.3 2004/07/14 08:08:10 tat Exp tat $
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
It sends three pings (not replied to) to www.transamericana.org during login process and then stops until I login again (either by reboot or logoff/login).
Attached are two files with results from "HiJackThis", as per Gregh's suggestion. They show the running processes and the list of programs executed during login.
Regards, -- Anto'nio Henrique A. Proenca de Oliveira R. 3 - Lote 22 - Loteam. Pinhel 4805-078 Caldas das Taipas - Portugal T +351 253 576 888 / Work +351 255 862 416 M +351 96 323 1169 / [EMAIL PROTECTED]
"Although we can never go back, like an old sweet song with a strong refrain, memories remain" - (Someone)
Please avoid sending me Word or PowerPoint attachments. See http://www.fsf.org/philosophy/no-word-attachments.html $Id: .signature,v 1.3 2004/07/14 08:08:10 tat Exp tat $
Logfile of HijackThis v1.99.0 Scan saved at 12:34:50, on 29-01-2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\apcupsd\bin\apcupsd.exe C:\WINDOWS\System32\cisvc.exe C:\Programas\Ficheiros comuns\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Programas\RealVNC\VNC4\WinVNC4.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\Explorer.EXE C:\Programas\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Programas\Iomega\AutoDisk\ADUserMon.exe C:\Programas\Iomega\DriveIcons\ImgIcon.exe C:\Programas\iTunes\iTunesHelper.exe C:\Programas\iPod\bin\iPodService.exe C:\Programas\Mozilla Thunderbird\thunderbird.exe C:\Programas\PuTTY\pageant.exe C:\Programas\One Guy Coding\Automachron\achron.exe C:\Programas\OpenOffice.org1.1.4\program\soffice.exe C:\Programas\Microsoft Office\Office\2070\msoffice.exe C:\Programas\Yahoo!\Messenger\ymsgr_tray.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\WINZIP\winzip32.exe C:\Documents and Settings\ah.HOMES\Defini��es locais\Temp\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.postmark.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.citydesk.pt R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Programas\Outlook Express\msimn.exe" R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.2:3128 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperliga��es O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programas\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [ADUserMon] C:\Programas\Iomega\AutoDisk\ADUserMon.exe O4 - HKLM\..\Run: [Apcupsd] "c:\apcupsd\bin\apcupsd.exe" /servicehelper O4 - HKLM\..\Run: [Deskup] C:\Programas\Iomega\DriveIcons\deskup.exe /IMGSTART O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Programas\Iomega\DriveIcons\ImgIcon.exe O4 - HKLM\..\Run: [iTunesHelper] C:\Programas\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [WATCHPNP_Xerox] watchPnp.exe Xerox O4 - HKCU\..\Run: [Yahoo! Pager] C:\Programas\Yahoo!\Messenger\ypager.exe -quiet O4 - Startup: Automachron.lnk = C:\Programas\One Guy Coding\Automachron\achron.exe O4 - Startup: OpenOffice.org 1.1.4.lnk = C:\Programas\OpenOffice.org1.1.4\program\quickstart.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Mozilla Thunderbird (Safe Mode).lnk = C:\Programas\Mozilla Thunderbird\thunderbird.exe O4 - Global Startup: Pageant.lnk = C:\Programas\PuTTY\pageant.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.citydesk.pt O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093519773919 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = homes.local O17 - HKLM\Software\..\Telephony: DomainName = homes.local O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = homes.local O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = homes.local O23 - Service: Apcupsd UPS Server - Unknown - c:\apcupsd\bin\apcupsd.exe O23 - Service: [EMAIL PROTECTED]:+Programas+FOLDING+fah502-console - Stanford University - C:\Programas\FOLDING\fah502-console.exe O23 - Service: Iomega Activity Disk2 - Unknown - (file missing) O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programas\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: VNC Server Version 4 - RealVNC Ltd. - C:\Programas\RealVNC\VNC4\WinVNC4.exe O23 - Service: Iomega Active Disk - Iomega Corporation - C:\Programas\Iomega\AutoDisk\ADService.exe
StartupList report, 29-01-2005, 12:38:34
StartupList version: 1.52.2
Started from : C:\Documents and Settings\ah.HOMES\Defini��es
locais\Temp\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\apcupsd\bin\apcupsd.exe
C:\WINDOWS\System32\cisvc.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\Programas\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Programas\Iomega\AutoDisk\ADUserMon.exe
C:\Programas\Iomega\DriveIcons\ImgIcon.exe
C:\Programas\iTunes\iTunesHelper.exe
C:\Programas\iPod\bin\iPodService.exe
C:\Programas\Mozilla Thunderbird\thunderbird.exe
C:\Programas\PuTTY\pageant.exe
C:\Programas\One Guy Coding\Automachron\achron.exe
C:\Programas\OpenOffice.org1.1.4\program\soffice.exe
C:\Programas\Microsoft Office\Office\2070\msoffice.exe
C:\Programas\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\ah.HOMES\Defini��es locais\Temp\HijackThis.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Startup:
[C:\Documents and Settings\ah.HOMES\Menu Iniciar\Programas\Arranque]
Automachron.lnk = C:\Programas\One Guy Coding\Automachron\achron.exe
OpenOffice.org 1.1.4.lnk =
C:\Programas\OpenOffice.org1.1.4\program\quickstart.exe
Shell folders AltStartup:
*Folder not found*
User shell folders Startup:
*Folder not found*
User shell folders AltStartup:
*Folder not found*
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Menu Iniciar\Programas\Arranque]
Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat
7.0\Reader\reader_sl.exe
Microsoft Office.lnk = C:\Programas\Microsoft Office\Office\OSA9.EXE
Mozilla Thunderbird (Safe Mode).lnk = C:\Programas\Mozilla
Thunderbird\thunderbird.exe
Pageant.lnk = C:\Programas\PuTTY\pageant.exe
Shell folders Common AltStartup:
*Folder not found*
User shell folders Common Startup:
*Folder not found*
User shell folders Alternate Common Startup:
*Folder not found*
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*
[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*
[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
AdaptecDirectCD = "C:\Programas\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
ADUserMon = C:\Programas\Iomega\AutoDisk\ADUserMon.exe
Apcupsd = "c:\apcupsd\bin\apcupsd.exe" /servicehelper
Deskup = C:\Programas\Iomega\DriveIcons\deskup.exe /IMGSTART
Iomega Drive Icons = C:\Programas\Iomega\DriveIcons\ImgIcon.exe
iTunesHelper = C:\Programas\iTunes\iTunesHelper.exe
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
nwiz = nwiz.exe /install
QuickTime Task = "C:\Programas\QuickTime\qttask.exe" -atboottime
Synchronization Manager = %SystemRoot%\system32\mobsync.exe /logon
WATCHPNP_Xerox = watchPnp.exe Xerox
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Yahoo! Pager = C:\Programas\Yahoo!\Messenger\ypager.exe -quiet
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
[OptionalComponents]
*No values found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .SCR:
HKEY_CLASSES_ROOT\AutoCADScriptFile\shell\open\command
(Default) = C:\WINDOWS\NOTEPAD.EXE "%1"
--------------------------------------------------
File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command
(Default) = C:\WINDOWS\System32\mshta.exe "%1" %*
--------------------------------------------------
File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command
(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1
--------------------------------------------------
Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)
[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP
[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall
%SystemRoot%\system32\themeui.dll
[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT
/user /install
[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection
C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection
C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection
C:\WINDOWS\INF\wmp.inf,PerUserStub
[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT
/user /install
[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll
[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe
[{8b15971b-5355-4c82-8c07-7e181ea07608}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection
C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
--------------------------------------------------
Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps
*Registry key not found*
--------------------------------------------------
Load/Run keys from C:\WINDOWS\WIN.INI:
load=*INI section not found*
run=*INI section not found*
Load/Run keys from Registry:
HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Checking for EXPLORER.EXE instances:
C:\WINDOWS\Explorer.exe: PRESENT!
C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present
--------------------------------------------------
Checking for superhidden extensions:
.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden
--------------------------------------------------
Verifying REGEDIT.EXE integrity:
- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Editor de registo'
Registry check passed
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
--------------------------------------------------
Enumerating Task Scheduler jobs:
*No jobs found*
--------------------------------------------------
Enumerating Download Program Files:
[Microsoft XML Parser for Java]
CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
[WUWebControl Class]
InProcServer32 = C:\WINDOWS\System32\wuweb.dll
CODEBASE =
http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093519773919
[{9F1C11AA-197B-4942-BA54-47A8489BB47F}]
CODEBASE =
http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37578.0401967593
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
--------------------------------------------------
Enumerating Winsock LSP files:
NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll
Protocol #16: C:\WINDOWS\system32\mswsock.dll
Protocol #17: C:\WINDOWS\system32\mswsock.dll
Protocol #18: C:\WINDOWS\system32\mswsock.dll
Protocol #19: C:\WINDOWS\system32\mswsock.dll
Protocol #20: C:\WINDOWS\system32\mswsock.dll
Protocol #21: C:\WINDOWS\system32\mswsock.dll
Protocol #22: C:\WINDOWS\system32\mswsock.dll
Protocol #23: C:\WINDOWS\system32\mswsock.dll
Protocol #24: C:\WINDOWS\system32\mswsock.dll
Protocol #25: C:\WINDOWS\system32\mswsock.dll
--------------------------------------------------
Enumerating Windows NT/2000/XP services
abp480n5: System32\DRIVERS\ABP480N5.SYS (system)
Intel(r) 82801 - servi�o de instala��o do controlador de �udio (WDM):
system32\drivers\ac97intc.sys (manual start)
Controlador ACPI da Microsoft: System32\DRIVERS\ACPI.sys (system)
adpu160m: System32\DRIVERS\adpu160m.sys (system)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual
start)
Ambiente de suporte com funcionalidades de rede AFD:
\SystemRoot\System32\drivers\afd.sys (system)
Filtro de barramento Intel AGP: System32\DRIVERS\agp440.sys (system)
Filtro de barramento Compaq AGP: System32\DRIVERS\agpCPQ.sys (system)
Aha154x: System32\DRIVERS\aha154x.sys (system)
aic78u2: System32\DRIVERS\aic78u2.sys (system)
aic78xx: System32\DRIVERS\aic78xx.sys (system)
Alerta: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
Servi�o de gateway de camada de aplica��o: %SystemRoot%\System32\alg.exe
(manual start)
AliIde: System32\DRIVERS\aliide.sys (system)
Filtro de barramento ALI AGP: System32\DRIVERS\alim1541.sys (system)
Controlador de filtro de barramento AMD AGP: System32\DRIVERS\amdagp.sys
(system)
amsint: System32\DRIVERS\amsint.sys (system)
Apcupsd UPS Server: "c:\apcupsd\bin\apcupsd.exe" /service (autostart)
Gest�o de aplica��es: %SystemRoot%\system32\svchost.exe -k netsvcs (manual
start)
asc: System32\DRIVERS\asc.sys (system)
asc3350p: System32\DRIVERS\asc3350p.sys (system)
asc3550: System32\DRIVERS\asc3550.sys (system)
Controlador de m�dia ass�ncrono de RAS: System32\DRIVERS\asyncmac.sys (manual
start)
Controlador de disco r�gido IDE/ESDI padr�o: System32\DRIVERS\atapi.sys (system)
Ati HotKey Poller: %SystemRoot%\System32\atievxx.exe (autostart)
atimpab: System32\DRIVERS\atimpab.sys (manual start)
ATM - protocolo para cliente ARP: System32\DRIVERS\atmarpc.sys (manual start)
�udio do Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Controladores de stub de �udio: System32\DRIVERS\audstub.sys (manual start)
Servi�o de transfer�ncia inteligente em fundo:
%SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Browser de computador: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Bluetooth Audio: System32\DRIVERS\btaudio.sys (manual start)
Bluetooth Virtual Communications Driver: System32\DRIVERS\btport.sys (manual
start)
Bluetooth LAN Access Server: System32\DRIVERS\btwdndis.sys (manual start)
WIDCOMM USB Bluetooth Driver: System32\Drivers\btwusb.sys (manual start)
cbidf: System32\DRIVERS\cbidf2k.sys (system)
Descodificador de captura fechada: System32\DRIVERS\CCDECODE.sys (manual start)
cd20xrnt: System32\DRIVERS\cd20xrnt.sys (system)
Controlador de CD-ROM: System32\DRIVERS\cdrom.sys (system)
Servi�o de indexa��o: C:\WINDOWS\System32\cisvc.exe (autostart)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
CmdIde: System32\DRIVERS\cmdide.sys (system)
Aplica��o de sistema COM+: C:\WINDOWS\System32\dllhost.exe
/Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cpqarray: System32\DRIVERS\cpqarray.sys (system)
Servi�os criptogr�ficos: %SystemRoot%\system32\svchost.exe -k netsvcs
(autostart)
dac2w2k: System32\DRIVERS\dac2w2k.sys (system)
dac960nt: System32\DRIVERS\dac960nt.sys (system)
DCOM - Lan�ador de processo de servidor: %SystemRoot%\system32\svchost -k
DcomLaunch (autostart)
Team MFP Comm Driver: System32\Drivers\DgiVecp.sys (autostart)
Cliente DHCP: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Controlador de disco: System32\DRIVERS\disk.sys (system)
Servi�o administrativo de gest�o de discos l�gicos:
%SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
Controlador do gestor de disco l�gico: System32\drivers\dmio.sys (system)
dmload: System32\drivers\dmload.sys (system)
Gestor de discos l�gicos: %SystemRoot%\System32\svchost.exe -k netsvcs
(autostart)
Microsoft - sintetizador Kernel DSL: system32\drivers\DMusic.sys (manual start)
Cliente DNS: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
dpti2o: System32\DRIVERS\dpti2o.sys (system)
Microsoft Kernel DRM Descrambler Filter: system32\drivers\drmkaud.sys (manual
start)
Intel(R) - controlador de adaptador PRO: System32\DRIVERS\e100b325.sys (manual
start)
3Com EtherLink XL 90XB/C Adapter Driver: System32\DRIVERS\el90xbc5.sys (manual
start)
Servi�o de relato de erros: %SystemRoot%\System32\svchost.exe -k netsvcs
(autostart)
Creative AudioPCI (ES1371,ES1373) (WDM): system32\drivers\es1371mp.sys (manual
start)
Registo de eventos: %SystemRoot%\system32\services.exe (autostart)
Sistema de eventos do COM+: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual
start)
[EMAIL PROTECTED]:+Programas+FOLDING+fah502-console:
C:\Programas\FOLDING\fah502-console -svcstart (manual start)
Compatibilidade de 'Mudan�a r�pida de utilizador':
%SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Fax: %systemroot%\system32\fxssvc.exe (manual start)
Controlador de disquete: System32\DRIVERS\fdc.sys (manual start)
D-Link DFE-530TX PCI Fast Ethernet Adapter Driver:
System32\DRIVERS\dlkfet5b.sys (manual start)
Controlador de unidades de disquetes: System32\DRIVERS\flpydisk.sys (manual
start)
FltMgr: system32\drivers\fltmgr.sys (system)
SEMC DSS-20 SyncStation Serial Converter Driver: system32\drivers\ftdibus.sys
(manual start)
Controlador do gestor de volume: System32\DRIVERS\ftdisk.sys (system)
Lundinova Filter Driver: system32\drivers\ftlund.sys (manual start)
SEMC DSS-20 SyncStation Driver: system32\drivers\ftser2k.sys (manual start)
Enumerador de portas de jogos: System32\DRIVERS\gameenum.sys (manual start)
GEAR CDRom Filter: SYSTEM32\DRIVERS\GEARAspiWDM.sys (manual start)
Classificador de pacotes gen�rico: System32\DRIVERS\msgpc.sys (manual start)
hardlock: \??\C:\WINDOWS\System32\drivers\hardlock.sys (autostart)
Haspnt: \??\C:\WINDOWS\System32\drivers\Haspnt.sys (autostart)
Ajuda e suporte: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Acesso a dispositivos de interface humana: %SystemRoot%\System32\svchost.exe -k
netsvcs (disabled)
hpn: System32\DRIVERS\hpn.sys (system)
hpt3xx: System32\DRIVERS\hpt3xx.sys (system)
HTTP: System32\Drivers\HTTP.sys (manual start)
SSL de HTTP: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i2omp: System32\DRIVERS\i2omp.sys (system)
Teclado i8042 e controlador de porta de rato PS/2:
System32\DRIVERS\i8042prt.sys (system)
i81x: System32\DRIVERS\i81xnt5.sys (manual start)
iAimFP0: System32\DRIVERS\wADV01nt.sys (manual start)
iAimFP1: System32\DRIVERS\wADV02NT.sys (manual start)
iAimFP2: System32\DRIVERS\wADV05NT.sys (manual start)
iAimFP3: System32\DRIVERS\wSiINTxx.sys (manual start)
iAimFP4: System32\DRIVERS\wVchNTxx.sys (manual start)
iAimTV0: System32\DRIVERS\wATV01nt.sys (manual start)
iAimTV1: System32\DRIVERS\wATV02NT.sys (manual start)
iAimTV2: System32\DRIVERS\wATV03nt.sys (manual start)
iAimTV3: System32\DRIVERS\wATV04nt.sys (manual start)
iAimTV4: System32\DRIVERS\wCh7xxNT.sys (manual start)
Controlador de filtro de grava��o de CD: System32\DRIVERS\imapi.sys (system)
Servi�o COM de grava��o de CD de IMAPI: C:\WINDOWS\System32\imapi.exe (manual
start)
ini910u: System32\DRIVERS\ini910u.sys (system)
IntelIde: System32\DRIVERS\intelide.sys (system)
Iomega Devices Disk Filter Services: System32\DRIVERS\iomdisk.sys (system)
Iomega Activity Disk2: "" (manual start)
Iomega App Services: "C:\PROGRA~1\Iomega\System32\AppServices.exe" (manual
start)
Controlador de IPv6 do Firewall do Windows: system32\drivers\ip6fw.sys (manual
start)
Controlador de filtra��o de tr�fego IP: System32\DRIVERS\ipfltdrv.sys (manual
start)
Controlador de t�nel IP-em-IP: System32\DRIVERS\ipinip.sys (manual start)
Tradutor de endere�os de rede IP: System32\DRIVERS\ipnat.sys (manual start)
iPod Service: C:\Programas\iPod\bin\iPodService.exe (manual start)
Controlador IPSEC: System32\DRIVERS\ipsec.sys (system)
Servi�o enumerador IR: System32\DRIVERS\irenum.sys (manual start)
Controlador de barramento PnP ISA/EISA: System32\DRIVERS\isapnp.sys (system)
Controlador de classe de teclado: System32\DRIVERS\kbdclass.sys (system)
Microsoft - misturador de �udio Kernel Wave: system32\drivers\kmixer.sys
(manual start)
Servidor: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Esta��o de trabalho: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Programa auxiliar TCP/IP NetBIOS: %SystemRoot%\System32\svchost.exe -k
LocalService (autostart)
Machine Debug Manager: "C:\Programas\Ficheiros comuns\Microsoft
Shared\VS7Debug\mdm.exe" (autostart)
Mensageiro: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Partilha remota do ambiente de trabalho do NetMeeting:
C:\WINDOWS\System32\mnmsrvc.exe (manual start)
Controlador de classe de rato: System32\DRIVERS\mouclass.sys (system)
mraid35x: System32\DRIVERS\mraid35x.sys (system)
Redireccionador de cliente WebDav: System32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
DTC (Coordenador de transac��es distribu�das): C:\WINDOWS\System32\msdtc.exe
(manual start)
Windows Installer: C:\WINDOWS\System32\msiexec.exe /V (manual start)
Proxy da Microsoft para servi�os de fluxo: system32\drivers\MSKSSRV.sys (manual
start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Proxy da Microsoft para gest�o de qualidade de fluxo:
system32\drivers\MSPQM.sys (manual start)
Controlador BIOS Microsoft System Management: System32\DRIVERS\mssmbios.sys
(manual start)
Conversor da Microsoft para fluxos Tee/Sink-to-Sink: system32\drivers\MSTEE.sys
(manual start)
Microsoft - controlador MPU-401 MIDI UART: system32\drivers\msmpu401.sys
(manual start)
MySQL: C:\mysql\bin\mysqld-max-nt MySQL (disabled)
NABTS/FEC VBI Codec: System32\DRIVERS\NABTSFEC.sys (manual start)
NAVAP: \??\C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAP.sys (manual start)
NAVAPEL: \??\C:\Programas\Symantec_Client_Security\Symantec
AntiVirus\NAVAPEL.SYS (autostart)
NAVENG: \??\C:\PROGRA~1\FICHEI~1\SYMANT~1\VIRUSD~1\20040728.003\NAVENG.sys
(manual start)
NAVEX15: \??\C:\PROGRA~1\FICHEI~1\SYMANT~1\VIRUSD~1\20040728.003\NAVEX15.sys
(manual start)
Liga��o de TV/V�deo Microsoft: System32\DRIVERS\NdisIP.sys (manual start)
Controlador TAPI NDIS de acesso remoto: System32\DRIVERS\ndistapi.sys (manual
start)
Protocolo E/S de modo de utilizador NDIS: System32\DRIVERS\ndisuio.sys (manual
start)
Controlador WAN NDIS de acesso remoto: System32\DRIVERS\ndiswan.sys (manual
start)
Interface de NetBIOS: System32\DRIVERS\netbios.sys (system)
NetBT: System32\DRIVERS\netbt.sys (system)
Rede DDE: %SystemRoot%\system32\netdde.exe (disabled)
Rede DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
In�cio de sess�o de rede: %SystemRoot%\System32\lsass.exe (autostart)
Liga��es de rede: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Identifica��o da localiza��o na rede (NLA): %SystemRoot%\System32\svchost.exe
-k netsvcs (manual start)
NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
Armazenamento amov�vel: %SystemRoot%\system32\svchost.exe -k netsvcs (manual
start)
nv: System32\DRIVERS\nv4_mini.sys (manual start)
nv4: System32\DRIVERS\nv4.sys (manual start)
NVIDIA Display Driver Service: %SystemRoot%\System32\nvsvc32.exe (autostart)
Controlador de filtra��o de tr�fego IPX: System32\DRIVERS\nwlnkflt.sys (manual
start)
Controlador de reencaminhamento de tr�fego IPX: System32\DRIVERS\nwlnkfwd.sys
(manual start)
Controlador de processador Intel PentiumIII: System32\DRIVERS\p3.sys (system)
Controlador de porta paralela: System32\DRIVERS\parport.sys (manual start)
Controlador de barramento PCI: System32\DRIVERS\pci.sys (system)
PCIIde: System32\DRIVERS\pciide.sys (system)
Video Blaster WebCam 5 (WDM): System32\DRIVERS\PD100Vid.sys (manual start)
perc2: System32\DRIVERS\perc2.sys (system)
perc2hib: System32\DRIVERS\perc2hib.sys (system)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
Servi�os IPSEC: %SystemRoot%\System32\lsass.exe (manual start)
Controlador de filtro Legacy de porta paralela da Iomega:
System32\DRIVERS\ppa3.sys (system)
WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Controlador do processador: System32\DRIVERS\processr.sys (system)
Armazenamento protegido: %SystemRoot%\system32\lsass.exe (autostart)
Controlador de liga��es directas por porta paralela:
System32\DRIVERS\ptilink.sys (manual start)
ql1080: System32\DRIVERS\ql1080.sys (system)
Ql10wnt: System32\DRIVERS\ql10wnt.sys (system)
ql12160: System32\DRIVERS\ql12160.sys (system)
ql1240: System32\DRIVERS\ql1240.sys (system)
ql1280: System32\DRIVERS\ql1280.sys (system)
Controlador de liga��o autom�tica de acesso remoto: System32\DRIVERS\rasacd.sys
(system)
Gestor de liga��o autom�tica de acesso remoto:
%SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Gestor de liga��o de acesso remoto: %SystemRoot%\System32\svchost.exe -k
netsvcs (autostart)
Controlador de acesso remoto PPPOE: System32\DRIVERS\raspppoe.sys (manual start)
Paralelo directo: System32\DRIVERS\raspti.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Controlador de redireccionador de dispositivo de servidor de terminais:
System32\DRIVERS\rdpdr.sys (manual start)
Gestor de sess�es de ajuda do 'Ambiente de trabalho remoto':
C:\WINDOWS\system32\sessmgr.exe (manual start)
Controlador de filtro de reprodu��o de �udio digital de CD:
System32\DRIVERS\redbook.sys (system)
Encaminhamento e acesso remoto: %SystemRoot%\System32\svchost.exe -k netsvcs
(disabled)
Registo remoto: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)
Microsoft Legacy Modem Driver: System32\Drivers\RootMdm.sys (manual start)
Localizador RPC (Remote Procedure Call): %SystemRoot%\System32\locator.exe
(autostart)
Chamada de procedimento remoto (RPC): %SystemRoot%\system32\svchost -k rpcss
(autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
Controlador NT de placa Fast Ethernet baseada na Realtek RTL8139(A/B/C):
System32\DRIVERS\RTL8139.SYS (manual start)
600 CU Still Image Device Service: system32\drivers\usbscan.sys (manual start)
Gestor de contas de seguran�a: %SystemRoot%\system32\lsass.exe (autostart)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (disabled)
Programador de tarefas: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: System32\DRIVERS\secdrv.sys (manual start)
In�cio de sess�o secund�rio: %SystemRoot%\System32\svchost.exe -k netsvcs
(autostart)
Notifica��o de evento de sistema: %SystemRoot%\system32\svchost.exe -k netsvcs
(autostart)
Controlador de filtro Serenum: System32\DRIVERS\serenum.sys (manual start)
Controlador de porta s�rie: System32\DRIVERS\serial.sys (system)
Firewall do Windows/Partilha de liga��o � Internet (ICS):
%SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Detec��o de hadrware da shell: %SystemRoot%\System32\svchost.exe -k netsvcs
(autostart)
Filtro de barramento SIS AGP: System32\DRIVERS\sisagp.sys (system)
BDA Slip De-Framer: System32\DRIVERS\SLIP.sys (manual start)
Borland Socket Server: C:\Programas\Borland Socket Server\scktsrvc.exe
(disabled)
Sony USB Filter Driver (SONYPVU1): System32\DRIVERS\SONYPVU1.SYS (manual start)
Sparrow: System32\DRIVERS\sparrow.sys (system)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Spooler de impress�o: %SystemRoot%\system32\spoolsv.exe (autostart)
Controlador do filtro de restauro do sistema: System32\DRIVERS\sr.sys (system)
Servi�o de 'Restauro do sistema': %SystemRoot%\System32\svchost.exe -k netsvcs
(autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
Servi�o de identifica��o SSDP: %SystemRoot%\System32\svchost.exe -k
LocalService (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc
(autostart)
BDA IPSink: System32\DRIVERS\StreamIP.sys (manual start)
Controlador de barramento por software: System32\DRIVERS\swenum.sys (manual
start)
Microsoft - sintetizador Kernel GS Wavetable: system32\drivers\swmidi.sys
(manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe
/Processid:{9F4E95ED-F4D3-4059-997C-D616948B14CA} (manual start)
symc810: System32\DRIVERS\symc810.sys (system)
symc8xx: System32\DRIVERS\symc8xx.sys (system)
sym_hi: System32\DRIVERS\sym_hi.sys (system)
sym_u3: System32\DRIVERS\sym_u3.sys (system)
Microsoft - dispositivo de �udio do kernel do sistema:
system32\drivers\sysaudio.sys (manual start)
Alertas e registos de desempenho: %SystemRoot%\system32\smlogsvc.exe (autostart)
Dispositivos telef�nicos: %SystemRoot%\System32\svchost.exe -k netsvcs (manual
start)
Controlador do protocolo TCP/IP: System32\DRIVERS\tcpip.sys (system)
Controlador de dispositivo de terminal: System32\DRIVERS\termdd.sys (system)
Servi�os de terminal: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Temas: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Tiger Jet PCI 128K ISDN Adapter: System32\DRIVERS\tjisdn.sys (manual start)
Telnet: C:\WINDOWS\System32\tlntsvr.exe (disabled)
TosIde: System32\DRIVERS\toside.sys (system)
Cliente de Distributed Link Tracking: %SystemRoot%\system32\svchost.exe -k
netsvcs (autostart)
ultra: System32\DRIVERS\ultra.sys (system)
Windows User Mode Driver Framework: C:\WINDOWS\System32\wdfmgr.exe (autostart)
Controlador de actualiza��o microc�digo: System32\DRIVERS\update.sys (manual
start)
Anfitri�o de dispositivos Universal Plug and Play:
%SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Fonte de alimenta��o ininterrupta: %SystemRoot%\System32\ups.exe (disabled)
Concentrador activado por USB2: System32\DRIVERS\usbhub.sys (manual start)
Classe de impressoras USB Microsoft: System32\DRIVERS\usbprint.sys (manual
start)
Controlador de armazenamento de massa USB: System32\DRIVERS\USBSTOR.SYS (manual
start)
Controlador miniport do controlador Microsoft USB universal:
System32\DRIVERS\usbuhci.sys (manual start)
VGA - controlador de visualiza��o.: \SystemRoot\System32\drivers\vga.sys
(system)
Filtro de barramento VIA AGP: System32\DRIVERS\viaagp.sys (system)
ViaIde: System32\DRIVERS\viaide.sys (system)
C�pia sombra de volume: %SystemRoot%\System32\vssvc.exe (disabled)
Hora do Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Controlador ARP IP de acesso remoto: System32\DRIVERS\wanarp.sys (manual start)
Microsoft WDM Virtual Wave Driver (WDM): system32\drivers\wdmaud.sys (manual
start)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
WMI (Instrumento de gest�o do Windows): %systemroot%\system32\svchost.exe -k
netsvcs (autostart)
VNC Server Version 4: "C:\Programas\RealVNC\VNC4\WinVNC4.exe" -service
(autostart)
Servi�o do n�mero de s�rie de leitores de multim�dia port�teis:
%SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Extens. contr. da Windows Management Instrumentation:
%SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Adaptador de desempenho WMI: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual
start)
Centro de seguran�a: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
World Standard Teletext Codec: System32\DRIVERS\WSTCODEC.SYS (manual start)
Actualiza��es autom�ticas: %systemroot%\system32\svchost.exe -k netsvcs
(autostart)
Configura��o zero sem fios: %SystemRoot%\System32\svchost.exe -k netsvcs
(disabled)
Servi�o de fornecimento de rede: %SystemRoot%\System32\svchost.exe -k netsvcs
(manual start)
Iomega Active Disk: "C:\Programas\Iomega\AutoDisk\ADService.exe" (manual start)
--------------------------------------------------
Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*
Windows NT checkdisk command:
BootExecute = autocheck autochk *
Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
*Registry key not found*
--------------------------------------------------
End of report, 38.332 bytes
Report generated in 0,320 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
