• Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   13-02-2016

      Prezados membros do Clube do Hardware,

      Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:
        Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas ao formulário abaixo:    Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Entre para seguir isso  
Seguidores 0
Metaliun

BackDoor

9 posts neste tópico

Não sei o q fazer, de um tempo pra cá, meu pc começou a ficar lento principalmente em jogos e tb quando tento abrir um aplicativo demora muito pra abrir e as vezes nem abre principalmente quando tento abrir a AVG 7 na parte de teste(só abre uma vez logo quando ligo o pc).

eu usei o Avg pra examina o pc e mostrou q tinha 2 CAVALO DE TROIA BACKDOOR nesses arquivos:

c:WINDOWS\SYSTEM32 WINKEY.DLL

c:WINDOWS\SYSTEM32 WININV.DLL

O avg fala q desisnfecou o virus nesses arquivos mas quando desligo e ligo o pc e examino o pc ,de novo aparece esses virus, ja tentei deletar esses arquivos mas sempre volta quando desligo e ligo o pc.

o q eu faço???

Compartilhar este post


Link para o post
Compartilhar em outros sites

Faça um log do HijackThis e cole-o na resposta para te ajudarmos melhor.

PS: Faça apenas o log e não marque nenhuma entrada no HijackThis se você não tem absoluta certeza do que está fazendo, pois ele detecta várias entradas legítimas do sistema que não devem ser removidas.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Postado Originalmente por FallenHawk@15 dez 2004, 12:53

Faça um log do HijackThis e cole-o na resposta para te ajudarmos melhor.

PS: Faça apenas o log e não marque nenhuma entrada no HijackThis se você não tem absoluta certeza do que está fazendo, pois ele detecta várias entradas legítimas do sistema que não devem ser removidas.

apareceu isso:

ogfile of HijackThis v1.99.0

Scan saved at 19:22:39, on 15/12/2004

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\MSTask.exe

C:\WINDOWS\system32\stisvc.exe

C:\WINDOWS\System32\WBEM\WinMgmt.exe

C:\Arquivos de programas\Speedy\WrOS.EXE

C:\WINDOWS\system32\mspmspsv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.exe

C:\WINDOWS\services.exe

C:\WINDOWS\system32\pctspk.exe

C:\Arquivos de programas\Speedy\winpppoverethernet.exe

C:\Arquivos de programas\Kazaa Lite K++\KazaaLite.kpp

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\system32\internat.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\arquivos de programas\babylon\Babylon.exe

C:\WINDOWS\NCLAUNCH.EXe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\ARQUIV~1\LAVASOFT\AD-AWA~1\AD-AWARE.EXE

C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.metal-archives.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchwww.com/bar.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: PK IE Plugin - {1E1B2879-88FF-11D3-8D96-D7ACAC95951A} - (no file)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [a-winpoet-service] "C:\Arquivos de programas\Speedy\winpppoverethernet.exe"

O4 - HKLM\..\Run: [KAZAA] "C:\Arquivos de programas\Kazaa Lite K++\kpp.exe" "C:\Arquivos de programas\Kazaa Lite K++\KazaaLite.kpp" /SYSTRAY

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [AVG7_EMC] C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O4 - HKCU\..\Run: [internat.exe] internat.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [babylon Translator] C:\arquivos de programas\babylon\Babylon.exe

O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE

O4 - Global User Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Arquivos de programas\ICQLite\ICQLite.exe

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Arquivos de programas\ICQLite\ICQLite.exe

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\WINDOWS\System32\shdocvw.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab

O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} (EGEGAUTH Class) - http://akamai.downloadv3.com/binaries/P2EC...UTH_1015_EN.cab

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php...11a0351cafa03db

O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab

O16 - DPF: {2E3C3651-B19C-4DD9-A979-901EC3E930AF} (ssh2 Class) - https://wwwss.bradesco.com.br/ib2k1/scpsssh2.cab

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab

O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_EN.cab

O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab

O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} - http://www.shizmoo.com/activex/web665.cab

O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GINPOKER Class) - http://200.189.188.245/g_bin_eng/poker_2_0_0_14.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab

O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partner...fz4/install.cab

O16 - DPF: {DA4EB021-5F1C-11D4-B006-00104B98E2C7} (McAfee Clinic Installer Control) - http://download.mcafee.com/molbin/shared/MInstall.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab30149.cab

O16 - DPF: {FE1A240F-B247-4E06-A600-30E28F5AF3A0} - http://toolbar2.i-lookup.com/toolbar2/windec32.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{1C94CEA6-2E07-4A36-83A4-B106FF04D5CF}: NameServer = 200.204.0.10 200.204.0.138

O17 - HKLM\System\CS1\Services\Tcpip\..\{1C94CEA6-2E07-4A36-83A4-B106FF04D5CF}: NameServer = 200.204.0.10 200.204.0.138

O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: Serviço administrativo do gerenciador de disco lógico - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe

O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: WinPPPoverEthernet - iVasion, a Routerware Company - C:\Arquivos de programas\Speedy\WrOS.EXE

Compartilhar este post


Link para o post
Compartilhar em outros sites

Você está infectado com o Backdoor.Prorat e o AVG não está conseguindo, por alguma razão, detectar o verdadeiro problema.

Abra o HijackThis e clique em Config, depois em Misc Tools. Marque as duas caixas próximas ao botão "Generate Startuplist Log" e então clique no botão. Ele gerará um log. Cole esse log na resposta.

Configure o Windows para ver todos os arquivos e procure o arquivo C:\WINDOWS\system32\fservice.exe. Se você encontrá-lo, reinicie o computador no Modo de Segurança e mova-o para uma pasta nova, como C:\Lixo.

Após isso, marque a seguinte entrada no Hijackthis:

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe

E então reinicie o computador.

PS: Se você não encontrar o arquivo, faça somente o log do Startuplist.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Postado Originalmente por FallenHawk@15 dez 2004, 23:35

Você está infectado com o Backdoor.Prorat e o AVG não está conseguindo, por alguma razão, detectar o verdadeiro problema.

Abra o HijackThis e clique em Config, depois em Misc Tools. Marque as duas caixas próximas ao botão "Generate Startuplist Log" e então clique no botão. Ele gerará um log. Cole esse log na resposta.

Configure o Windows para ver todos os arquivos e procure o arquivo C:\WINDOWS\system32\fservice.exe. Se você encontrá-lo, reinicie o computador no Modo de Segurança e mova-o para uma pasta nova, como C:\Lixo.

Após isso, marque a seguinte entrada no Hijackthis:

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe

E então reinicie o computador.

PS: Se você não encontrar o arquivo, faça somente o log do Startuplist.

em relação ao 2 passo em achei o arquivo mas na hora de marca a entrada F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe eu marquei e cliquei em FIX CHEKED, TA CERTO?

Compartilhar este post


Link para o post
Compartilhar em outros sites

TA ai o startuplist:

StartupList report, 16/12/2004, 08:41:12

StartupList version: 1.52.2

Started from : C:\HijackThis\HijackThis.EXE

Detected: Windows 2000 SP4 (WinNT 5.00.2195)

Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)

* Using default options

* Including empty and uninteresting sections

* Showing rarely important sections

==================================================

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\MSTask.exe

C:\WINDOWS\system32\stisvc.exe

C:\WINDOWS\System32\WBEM\WinMgmt.exe

C:\Arquivos de programas\Speedy\WrOS.EXE

C:\WINDOWS\system32\mspmspsv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.exe

C:\WINDOWS\services.exe

C:\WINDOWS\system32\pctspk.exe

C:\Arquivos de programas\Speedy\winpppoverethernet.exe

C:\Arquivos de programas\Kazaa Lite K++\KazaaLite.kpp

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\system32\internat.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\NCLAUNCH.EXe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\HijackThis\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:

[C:\WINDOWS\Menu Iniciar\Programas\Iniciar]

*No files*

Shell folders AltStartup:

*Folder not found*

User shell folders Startup:

[C:\WINDOWS\Menu Iniciar\Programas\Iniciar]

*No files*

User shell folders AltStartup:

*Folder not found*

Shell folders Common Startup:

[C:\WINDOWS\All Users\Menu Iniciar\Programas\Iniciar]

Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE

Shell folders Common AltStartup:

*Folder not found*

User shell folders Common Startup:

[C:\WINDOWS\All Users\Menu Iniciar\Programas\Iniciar]

Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE

User shell folders Alternate Common Startup:

*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]

*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

PCTVOICE = pctspk.exe

a-winpoet-service = "C:\Arquivos de programas\Speedy\winpppoverethernet.exe"

KAZAA = "C:\Arquivos de programas\Kazaa Lite K++\kpp.exe" "C:\Arquivos de programas\Kazaa Lite K++\KazaaLite.kpp" /SYSTRAY

NeroCheck = C:\WINDOWS\system32\NeroCheck.exe

SystemTray = SysTray.Exe

NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

nwiz = nwiz.exe /install

NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

AVG7_CC = C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

AVG7_EMC = C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

internat.exe = internat.exe

MsnMsgr = "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

Babylon Translator = C:\arquivos de programas\babylon\Babylon.exe

NCLaunch = C:\WINDOWS\NCLAUNCH.EXe

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

File association entry for .EXE:

HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:

HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:

HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:

HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:

HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:

HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\System32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:

HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:

HKLM\Software\Microsoft\Active Setup\Installed Components

(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]

StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *

StubPath = "C:\WINDOWS\System32\shmgrate.exe" OCInstallUserConfigIE

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *

StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *

StubPath = "C:\WINDOWS\System32\shmgrate.exe" OCInstallUserConfigOE

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *

StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{5Y99AE78-58TT-11dW-BE53-Y67078979Y}]

StubPath = C:\WINDOWS\system\sservice.exe

[{6A5110B5-E14B-4268-A065-EF89FF33C325}] *

StubPath = regsvr32.exe /s /n /i:"S 2 true 3 true 4 true 5 true 6 true 7 true" initpki.dll

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *

StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *

StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *

StubPath = %SystemRoot%\System32\ie4uinit.exe

[{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *

StubPath = %SystemRoot%\System32\updcrl.exe -e -u %SystemRoot%\System32\verisignpub1.crl

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:

HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*

run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

HKCU\..\Windows NT\CurrentVersion\Windows: load=

HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*

SCRNSAVE.EXE=*INI section not found*

drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe

SCRNSAVE.EXE=*Registry value not found*

drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*

HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present

C:\WINDOWS\Explorer\Explorer.exe: not present

C:\WINDOWS\System\Explorer.exe: not present

C:\WINDOWS\System32\Explorer.exe: not present

C:\WINDOWS\Command\Explorer.exe: not present

C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)

.pif: HIDDEN! (arrow overlay: yes)

.exe: not hidden

.com: not hidden

.bat: not hidden

.hta: not hidden

.scr: not hidden

.shs: HIDDEN!

.shb: HIDDEN!

.vbs: not hidden

.vbe: not hidden

.wsh: not hidden

.scf: HIDDEN! (arrow overlay: NO!)

.url: HIDDEN! (arrow overlay: yes)

.js: not hidden

.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS

- .reg open command is normal (regedit.exe %1)

- Company name OK: 'Microsoft Corporation'

- Original filename OK: 'REGEDIT.EXE'

- File description: 'Editor do Registro'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

(no name) - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}

G-Buster Browser Defense - C:\WINDOWS\Downloaded Program Files\gbieh.dll - {C41A1C0E-EA6C-11D4-B1B8-444553540000}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Aplicativo de ajuste.job

Spybot - Search & Destroy - Scheduled Task.job

--------------------------------------------------

Enumerating Download Program Files:

[DirectAnimation Java Classes]

CODEBASE = file://C:\WINDOWS\Java\classes\dajava.cab

OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

[internet Explorer Classes for Java]

[Microsoft XML Parser for Java]

OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

[{00000161-0000-0010-8000-00AA00389B71}]

CODEBASE = http://codecs.microsoft.com/codecs/i386/msaudio.cab

[Checkers Class]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\msgrchkr.dll

CODEBASE = http://messenger.zone.msn.com/binary/msgrchkr.cab

[{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}]

CODEBASE = http://akamai.downloadv3.com/binaries/P2EC...UTH_1015_EN.cab

[shockwave ActiveX Control]

InProcServer32 = C:\WINDOWS\SYSTEM32\Macromed\Director\SwDir.dll

CODEBASE = http://download.macromedia.com/pub/shockwa...director/sw.cab

[CoGSManager Class]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\GSManager.dll

CODEBASE = http://gamingzone.ubisoft.com/dev/packages/GSManager.cab

[Minesweeper Flags Class]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\minesweeper.dll

CODEBASE = http://messenger.zone.msn.com/binary/MineSweeper.cab

[ssh2 Class]

InProcServer32 = C:\WINDOWS\system32\scpsssh2.dll

CODEBASE = https://wwwss.bradesco.com.br/ib2k1/scpsssh2.cab

[{32564D57-0000-0010-8000-00AA00389B71}]

CODEBASE = http://codecs.microsoft.com/codecs/i386/wmv8ax.cab

[{33564D57-0000-0010-8000-00AA00389B71}]

CODEBASE = http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB

[{33564D57-9980-0010-8000-00AA00389B71}]

CODEBASE = http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab

[FilePlanet Download Control Class]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\FilePlanetDownloadCtrl.dll

CODEBASE = http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab

[Office Update Installation Engine]

InProcServer32 = C:\WINDOWS\opuc.dll

CODEBASE = http://office.microsoft.com/officeupdate/content/opuc.cab

[{469C7080-8EC8-43A6-AD97-45848113743C}]

CODEBASE = http://akamai.downloadv3.com/binaries/IA/nethv32_EN.cab

[EARTPatchX Class]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\EARTPX.dll

CODEBASE = http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab

[{58172624-85DD-4482-9E64-02ADCA637E96}]

CODEBASE = http://www.shizmoo.com/activex/web665.cab

[GINPOKER Class]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\poker.dll

CODEBASE = http://200.189.188.245/g_bin_eng/poker_2_0_0_14.cab

[MessengerStatsClient Class]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll

CODEBASE = http://messenger.zone.msn.com/binary/Messe...StatsClient.cab

[update Class]

InProcServer32 = C:\WINDOWS\System32\iuctl.dll

CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/...8055.6184953704

[{AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A}]

CODEBASE = http://install.wildtangent.com/bgn/partner...fz4/install.cab

[shockwave Flash Object]

InProcServer32 = C:\WINDOWS\system32\macromed\flash\Flash.ocx

CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab

[McAfee Clinic Installer Control]

InProcServer32 = C:\WINDOWS\MCBin\shared\minstall.dll

CODEBASE = http://download.mcafee.com/molbin/shared/MInstall.cab

[GbPluginObj Class]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\gbieh.dll

CODEBASE = https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

[MSN Chat Control 4.5]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\MSNChat45.ocx

CODEBASE = http://chat.msn.com/bin/msnchat45.cab

[solitaire Showdown Class]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\solitaireshowdown.dll

CODEBASE = http://messenger.zone.msn.com/binary/Solit...wn.cab30149.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\rnr20.dll

NameSpace #2: C:\WINDOWS\System32\winrnr.dll

Protocol #1: C:\WINDOWS\system32\msafd.dll

Protocol #2: C:\WINDOWS\system32\msafd.dll

Protocol #3: C:\WINDOWS\system32\msafd.dll

Protocol #4: C:\WINDOWS\system32\rsvpsp.dll

Protocol #5: C:\WINDOWS\system32\rsvpsp.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)

Ambiente de suporte a redes AFD: \SystemRoot\System32\drivers\afd.sys (autostart)

Gerenciamento de aplicativo: %SystemRoot%\system32\services.exe (manual start)

Driver de mídia assíncrona RAS: System32\DRIVERS\asyncmac.sys (manual start)

Controlador de disco rígido padrão IDE/ESDI: System32\DRIVERS\atapi.sys (system)

Protocolo de cliente ATM ARP: System32\DRIVERS\atmarpc.sys (manual start)

Driver de fragmento de código de áudio: System32\DRIVERS\audstub.sys (manual start)

AVG7 Alert Manager Server: C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe (autostart)

AVG7 Kernel: \SystemRoot\System32\Drivers\avg7core.sys (system)

AVG7 Rezident Driver: \SystemRoot\System32\Drivers\avg7rsnt.sys (system)

AVG7 Wrap Driver: \SystemRoot\System32\Drivers\avg7rsw.sys (system)

AVG7 Update Service: C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe (autostart)

AVG Network Redirector: \??\C:\WINDOWS\System32\Drivers\avgtdi.sys (autostart)

Serviço de transferência inteligente de segundo plano: %SystemRoot%\System32\svchost.exe -k BITSgroup (manual start)

Dual Mode Digital Camera(Video): System32\Drivers\Ca50xav.sys (autostart)

Closed Caption Decoder: system32\DRIVERS\CCDECODE.sys (manual start)

Driver de CD-ROM: System32\DRIVERS\cdrom.sys (system)

Serviço de indexação: C:\WINDOWS\System32\cisvc.exe (manual start)

Área de armazenamento: %SystemRoot%\system32\clipsrv.exe (manual start)

Cliente DHCP: %SystemRoot%\System32\services.exe (autostart)

Driver de disco: System32\DRIVERS\disk.sys (system)

Serviço administrativo do gerenciador de disco lógico: %SystemRoot%\System32\dmadmin.exe /com (manual start)

dmboot: System32\drivers\dmboot.sys (disabled)

Logical Disk Manager Driver: System32\drivers\dmio.sys (system)

dmload: System32\drivers\dmload.sys (system)

Gerenciador de discos lógicos: %SystemRoot%\System32\services.exe (autostart)

Microsoft DirectMusic SW Synth (WDM): system32\drivers\DMusic.sys (manual start)

Cliente DNS: %SystemRoot%\System32\services.exe (autostart)

Log de eventos: %SystemRoot%\system32\services.exe (autostart)

Sistema de eventos do COM+: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)

Serviço de fax: %systemroot%\system32\faxsvc.exe (manual start)

Driver de controlador de disquete: System32\DRIVERS\fdc.sys (manual start)

Driver de disquete: System32\DRIVERS\flpydisk.sys (manual start)

Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)

Game Port Enumerator: System32\DRIVERS\gameenum.sys (manual start)

Classificador genérico de pacotes: System32\DRIVERS\msgpc.sys (manual start)

i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)

Imagedrv: system32\DRIVERS\imagedrv.sys (system)

Driver de filtro de tráfego IP: System32\DRIVERS\ipfltdrv.sys (manual start)

Driver de encapsulamento IP em IP: System32\DRIVERS\ipinip.sys (manual start)

Conversor de endereços de rede IP: System32\DRIVERS\ipnat.sys (manual start)

Driver IPSEC: System32\DRIVERS\ipsec.sys (manual start)

IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)

PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)

Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)

Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)

Servidor: %SystemRoot%\System32\services.exe (autostart)

Serviço auxiliar NetBIOS TCP/IP: %SystemRoot%\System32\services.exe (autostart)

Compartilhamento remoto da área de trabalho do NetMeeting: C:\WINDOWS\System32\mnmsrvc.exe (manual start)

Dispositivo de filtro de fluxo unimodem: system32\drivers\MODEMCSA.sys (manual start)

Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)

BDA MPE Filter: system32\DRIVERS\MPE.sys (manual start)

Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)

Windows Installer: C:\WINDOWS\System32\MsiExec.exe /V (manual start)

Proxy de serviço de fluxo contínuo Microsoft: system32\drivers\MSKSSRV.sys (manual start)

Proxy do relógio de fluxo contínuo Microsoft: system32\drivers\MSPCLOCK.sys (manual start)

Proxy de gerenciador de qualidade de fluxo contínuo Microsoft: system32\drivers\MSPQM.sys (manual start)

Conversor em T entre locais de fluxo contínuo Microsoft: system32\drivers\MSTEE.sys (manual start)

Microsoft MPU-401 MIDI UART Driver: system32\drivers\msmpu401.sys (manual start)

NABTS/FEC VBI Codec: system32\DRIVERS\NABTSFEC.sys (manual start)

Microsoft TV/Video Connection: system32\DRIVERS\NdisIP.sys (manual start)

Driver TAPI NDIS de acesso remoto: System32\DRIVERS\ndistapi.sys (manual start)

Protocolo de modo de usuário E/S em dispositivos NDIS: System32\DRIVERS\ndisuio.sys (manual start)

Driver de rede remota NDIS de acesso remoto: System32\DRIVERS\ndiswan.sys (manual start)

NetBios em Tcpip: System32\DRIVERS\netbt.sys (system)

DDE de rede: %SystemRoot%\system32\netdde.exe (manual start)

DSDM de DDE de rede: %SystemRoot%\system32\netdde.exe (manual start)

NetDetect: \SystemRoot\system32\drivers\netdtect.sys (manual start)

Conexões de rede: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

NPPTNT2: \??\C:\WINDOWS\system32\npptNT2.sys (system)

Upper Class Filter Driver: system32\DRIVERS\NTIDrvr.sys (manual start)

Armazenamento removível: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

nv: system32\DRIVERS\nv4_mini.sys (manual start)

nv4: system32\DRIVERS\nv4.sys (manual start)

NVIDIA Display Driver Service: %SystemRoot%\system32\nvsvc32.exe (autostart)

Driver de filtro de tráfego IPX: System32\DRIVERS\nwlnkflt.sys (manual start)

Driver encaminhador de tráfego IPX: System32\DRIVERS\nwlnkfwd.sys (manual start)

Microsoft USB Open Host Controller Driver: System32\DRIVERS\openhci.sys (manual start)

Parallel class driver: System32\DRIVERS\parallel.sys (manual start)

Parallel port driver: System32\DRIVERS\parport.sys (system)

PCI Bus Driver: System32\DRIVERS\pci.sys (system)

PCIIde: System32\DRIVERS\pciide.sys (system)

Plug and Play: %SystemRoot%\system32\services.exe (autostart)

Agente de diretiva IPSEC: %SystemRoot%\System32\lsass.exe (autostart)

Miniporta de rede remota (PPTP): System32\DRIVERS\raspptp.sys (manual start)

Armazenamento protegido: %SystemRoot%\system32\services.exe (autostart)

Driver de link paralelo direto: System32\DRIVERS\ptilink.sys (manual start)

W2K Pctel Serial Device Driver: System32\DRIVERS\ptserial.sys (manual start)

Driver de conexão automática de acesso remoto: System32\DRIVERS\rasacd.sys (system)

Gerenciador de conexão de acesso remoto automático: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Miniporta de rede remota (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)

Gerenciador de conexão de acesso remoto: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Paralelo direto: System32\DRIVERS\raspti.sys (manual start)

Microsoft Streaming Network Raw Channel Access: system32\drivers\RCA.sys (manual start)

Driver de filtro de reprodução de áudio digital de CD: System32\DRIVERS\redbook.sys (system)

Roteamento e acesso remoto: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)

Serviço de registro remoto: %SystemRoot%\system32\regsvc.exe (autostart)

Chama de procedimento remoto (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)

QoS RSVP: %SystemRoot%\System32\rsvp.exe -s (manual start)

Gerenciador de contas de segurança: %SystemRoot%\system32\lsass.exe (autostart)

Ajuda do cartão inteligente: %SystemRoot%\System32\SCardSvr.exe (manual start)

Cartão inteligente: %SystemRoot%\System32\SCardSvr.exe (manual start)

Agendador de tarefas: %SystemRoot%\system32\MSTask.exe (autostart)

SecDrv: \??\C:\WINDOWS\system32\drivers\SECDRV.SYS (autostart)

Serviço RunAs: %SystemRoot%\system32\services.exe (autostart)

Notificação de eventos de sistema: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)

Serial port driver: System32\DRIVERS\serial.sys (system)

Compartilhamento de conexões à Internet: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)

Service for SiS7018 Driver (WDM): system32\drivers\sis7018.sys (manual start)

SiS AGP Filter: system32\DRIVERS\SISAGPx.sys (system)

SiSide: system32\DRIVERS\siside.sys (system)

sisidex: system32\drivers\sisidex.sys (system)

SiS PCI Fast Ethernet Adapter Driver: System32\DRIVERS\sisnic.sys (manual start)

Add Performance Filter Driver: system32\drivers\sisperf.sys (system)

BDA Slip De-Framer: system32\DRIVERS\SLIP.sys (manual start)

Spooler de impressão: %SystemRoot%\system32\spoolsv.exe (autostart)

Srv: System32\DRIVERS\srv.sys (manual start)

Still Image Service: %systemroot%\system32\stisvc.exe (autostart)

BDA IPSink: system32\DRIVERS\StreamIP.sys (manual start)

Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)

Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)

Microsoft System Audio Device: system32\drivers\sysaudio.sys (manual start)

Logs e alertas de desempenho: %SystemRoot%\system32\smlogsvc.exe (manual start)

Telefonia: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Driver de protocolo TCP/IP: System32\DRIVERS\tcpip.sys (system)

Telnet: %SystemRoot%\system32\tlntsvr.exe (manual start)

Cliente de rastreamento de link distribuído: %SystemRoot%\system32\services.exe (autostart)

Microcode Update Driver: System32\DRIVERS\update.sys (manual start)

Sistema de alimentação ininterrupta: %SystemRoot%\System32\ups.exe (manual start)

Dual Mode Digital Camera(Still): System32\Drivers\Bulk50x.sys (manual start)

DSC Composite USB Device: System32\DRIVERS\usbhub.sys (autostart)

USB Mass Storage Driver: System32\DRIVERS\USBSTOR.SYS (manual start)

User Privilege Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Gerenciador de utilitários: %SystemRoot%\System32\UtilMan.exe (manual start)

PS JoyPad for Win2K: system32\drivers\Dancer.sys (manual start)

VgaSave: \SystemRoot\System32\drivers\vga.sys (system)

W2k Vmodem: System32\DRIVERS\vmodem.sys (system)

W2k Vpctcom: System32\DRIVERS\vpctcom.sys (system)

W2k Vvoice: System32\DRIVERS\vvoice.sys (system)

Horário do Windows: %SystemRoot%\System32\services.exe (manual start)

Driver ARP IP de acesso remoto: System32\DRIVERS\wanarp.sys (manual start)

Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)

Testador de instrumentação de gerenciamento do Windows: %SystemRoot%\System32\WBEM\WinMgmt.exe (autostart)

WinPPPoverEthernet: C:\Arquivos de programas\Speedy\WrOS.EXE (autostart)

WMDM PMSP Service: C:\WINDOWS\system32\mspmspsv.exe (autostart)

Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Extensões de driver de instrum. gerenc. do Windows: %SystemRoot%\system32\Services.exe (manual start)

WrKPoET2000: \??\C:\Arquivos de programas\Speedy\WrKPoET2000.sys (manual start)

iVasion PoET Adapter: System32\DRIVERS\WrKPoETNic2000.sys (manual start)

World Standard Teletext Codec: system32\DRIVERS\WSTCODEC.SYS (manual start)

Atualizações automáticas: %systemroot%\system32\svchost.exe -k wugroup (autostart)

Configuração sem fio: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:

*No scripts set to run*

Windows NT checkdisk command:

BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':

PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

Network.ConnectionTray: C:\WINDOWS\system32\NETSHELL.dll

WebCheck: C:\WINDOWS\System32\webcheck.dll

SysTray: stobject.dll

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

DirectX For Microsoft® Windows = C:\WINDOWS\system32\fservice.exe

--------------------------------------------------

End of report, 32.017 bytes

Report generated in 0,180 seconds

Command line options:

/verbose - to add additional info on each section

/complete - to include empty sections and unsuspicious data

/full - to include several rarely-important sections

/force9x - to include Win9x-only startups even if running on WinNT

/forcent - to include WinNT-only startups even if running on Win9x

/forceall - to include all Win9x and WinNT startups, regardless of platform

/history - to list version history only

Compartilhar este post


Link para o post
Compartilhar em outros sites

Reinicie o computador em Modo de Segurança apertando F8 logo que ligar o computador até aparecer um menu onde você poderá selecionar "Modo Seguro".

PS: Você deve fazer os passos a seguir no Modo de Segurança.

No Modo de Segurança clique em Iniciar -> Executar, digite "regedit" (sem aspas) e clique em OK.

PS: Compare com a atenção as entradas que devem ser removidas!

Abra HKEY_LOCAL_MACHINE, depois Software e então Microsoft.

Abra a chave "Active Setup" e então "Installed Components". Procure por uma chave com o nome:

{5Y99AE78-58TT-11dW-BE53-Y67078979Y}

E apague-a.

Feche as chaves Installed Components e Active Setup. Você deve estar agora em HKLM\Software\Microsoft

Abra a chave "Windows", depois "CurrentVersion", então "Policies", "Explorer" e "Run".

No painel direito apague a propriedade com o o nome "DirectX For Microsoft® Windows".

Feche o regedit.

Abra o HijackThis e marque as seguintes entradas:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchwww.com/bar.html

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php...11a0351cafa03db

O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partner...fz4/install.cab

O16 - DPF: {FE1A240F-B247-4E06-A600-30E28F5AF3A0} - http://toolbar2.i-lookup.com/toolbar2/windec32.cab

Entradas Opcionais (programas que usam memória desnecessariamente)

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE

O4 - Global User Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE

Depoios de marcado, clique em Fix Checked.

PS: A entrada "F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe", pode estar de volta. Se estiver, marque-a também.

Agora vá até o Painel de Controle -> Adicionar/Remover Programas e procure por "WildTangent", "WindUpdates" e "I-lookup Toolbar". Se encontrá-los, remova-os.

Por fim, remova os arquivos:

C:\WINDOWS\system32\fservice.exe

C:\WINDOWS\system\sservice.exe

C:\WINDOWS\SYSTEM32\WINKEY.DLL

C:\WINDOWS\SYSTEM32\WININV.DLL

C:\WINDOWS\Winlogon.exe (note que winlogon.exe na pasta system32 NÃO deve ser removido)

Reinicie o computador normalmente.

Rode um scan online - HouseCall para eliminar qualquer arquivo restante.

Na sua resposta diga se ainda tem os problemas.

PS: O AVG também deve iniciar normalmente agora.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Postado Originalmente por FallenHawk@16 dez 2004, 10:10

Na sua resposta diga se ainda tem os problemas.

PS: O AVG também deve iniciar normalmente agora.

PERFEITO!!!

Meu pc ta bem melhor ,o avg ta fucionando normal e agora não tem nenhum viruS e os jogos não estão mais travanndo agora

valeu FallenHawk

MUITO OBRIGADO

Compartilhar este post


Link para o post
Compartilhar em outros sites

Problema Resolvido!

Caso o autor necessite que o tópico seja reaberto, favor enviar mensagem privada para um dos moderadores dessa área.

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.
Entre para seguir isso  
Seguidores 0