Ir ao conteúdo
  • Cadastre-se
Entre para seguir isso  
Lapate

ME AJUDEM SOU INICIANTE

Recommended Posts

Fala galera gostaria de saber se alguém pode me ajudar

acessei o astalavista e peguei esse maldito spyware.. alguém sabe como tiro ele.. pois não quero formatar meu micro....

aparece esta tela no meu fundo de tela...

<div class='bbimg'>%7Boption%7Dhttp://img351.imageshack.us/img351/5464/imagem9gm.jpg' border='0' alt='Imagem postada pelo usuário' /></div>

PS.: Já usei:

Microsoft Antispyware

porque Remove

Spyware Doctor

Spyboot

AVG antivirus

e não adiantou nada...

Alguém pode me ajudar???

abraços a todos

Compartilhar este post


Link para o post
Compartilhar em outros sites
Postado Originalmente por Bucketheadkrz@07 de janeiro de 2006, 18:33

Baixe o HijackThis. Faça um log e cole na resposta.

ok....segue abaixo o log

Logfile of HijackThis v1.99.1

Scan saved at 18:50:40, on 7/1/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\TBridge\FLATBED.EXE

C:\WINDOWS\Mixer.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Arquivos de programas\Iomega\DriveIcons\ImgIcon.exe

C:\Arquivos de programas\Discador Terra\tdd.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\Arquivos de programas\Microsoft AntiSpyware\gcasServ.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Iomega\AutoDisk\AD2KClient.exe

C:\Arquivos de programas\Spyware Doctor\swdoctor.exe

C:\Arquivos de programas\Microsoft AntiSpyware\gcasDtServ.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\WINDOWS\system32\crypserv.exe

C:\ARQUIV~1\Iomega\System32\ActivityDisk.exe

C:\Arquivos de programas\Norton Utilities\NPROTECT.EXE

C:\Arquivos de programas\Spyware Doctor\sdhelp.exe

C:\Arquivos de programas\Speed Disk\nopdb.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe

C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe

C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe

C:\WINDOWS\system32\wuauclt.exe

C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

F3 - REG:win.ini: load=C:\TBridge\FLATBED.EXE

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\ARQUIV~1\SPYWAR~1\tools\iesdsg.dll

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\ARQUIV~1\SPYWAR~1\tools\iesdpb.dll

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [AVG7_EMC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

O4 - HKLM\..\Run: [iomega Startup Options] C:\Arquivos de programas\Iomega\Common\ImgStart.exe

O4 - HKLM\..\Run: [iomega Drive Icons] C:\Arquivos de programas\Iomega\DriveIcons\ImgIcon.exe

O4 - HKLM\..\Run: [tdd] "C:\Arquivos de programas\Discador Terra\tdd.exe" -F

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [gcasServ] "C:\Arquivos de programas\Microsoft AntiSpyware\gcasServ.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [iomega Active Disk] C:\Arquivos de programas\Iomega\AutoDisk\AD2KClient.exe

O4 - HKCU\..\Run: [popbanner] C:\Arquivos de programas\POPDiscador\POPDiscador.exe --banner

O4 - HKCU\..\Run: [NBJ] "C:\Arquivos de programas\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [spyware Doctor] "C:\Arquivos de programas\Spyware Doctor\swdoctor.exe" /Q

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\ARQUIV~1\SPYWAR~1\tools\iesdpb.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{62AAED65-F5AB-4314-97D6-1A6BC4305FC8}: NameServer = 200.222.0.34 200.202.193.75

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: Iomega Activity Disk2 - Iomega Corporation - C:\ARQUIV~1\Iomega\System32\ActivityDisk.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Arquivos de programas\Norton Utilities\NPROTECT.EXE

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Arquivos de programas\Spyware Doctor\sdhelp.exe

O23 - Service: Speed Disk service - Symantec Corporation - C:\Arquivos de programas\Speed Disk\nopdb.exe

obrigado pela ajuda...

Compartilhar este post


Link para o post
Compartilhar em outros sites

depois de passar o scan...

Detected Disinfected

Virus 0 0

Spyware 19 0

Hacking Tools and

potentially unwanted

tools 1 0

Dialers 0 0

Security Risks 0 0

Suspicious files 0 0

Incident Status Location

Adware:adware/adsmart Not disinfected C:\WINDOWS\SYSTEM32\vx.tll

Adware:adware/beehappyy Not disinfected C:\boot.inx

Adware:adware/antivirus-gold Not disinfected C:\WINDOWS\desktop.html

Adware:adware/secure32 Not disinfected C:\WINDOWS\secure32.html

Adware:adware/isearch Not disinfected C:\WINDOWS\tool2.exe

Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Nando\Cookies\nando@adopt.hbmediapro[2].txt

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Nando\Cookies\nando@doubleclick[2].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Nando\Cookies\nando@google.com[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Nando\Cookies\nando@ig.com[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Nando\Cookies\nando@terra.com[1].txt

Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Nando\Cookies\nando@toplist[1].txt

Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Nando\Cookies\nando@z1.adserver[1].txt

Adware:Adware/IST.YourSiteBar Not disinfected C:\Documents and Settings\Nando\Configurações locais\Temporary Internet Files\Content.IE5\2WQ1OKWS\CA6FOLER.HTM

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Nando\Cookies\nando@google.com[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Nando\Cookies\nando@ig.com[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Nando\Cookies\nando@terra.com[1].txt

Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Nando\Cookies\nando@toplist[1].txt

Adware:Adware/MediaTickets Not disinfected C:\Documents and Settings\Nando\Desktop\Nando\Programas\phptriadsetup2-11.exe

Potentially unwanted tool:Application/PerfectKeylog.D Not disinfected C:\Program Files\BPK\bpk.chm

Adware:Adware/SpySheriff Not disinfected C:\Program Files\SpySheriff\Uninstall.exe

Incident Status Location

Adware:adware/adsmart Not disinfected C:\WINDOWS\SYSTEM32\vx.tll

Adware:adware/beehappyy Not disinfected C:\boot.inx

Adware:adware/antivirus-gold Not disinfected C:\WINDOWS\desktop.html

Adware:adware/secure32 Not disinfected C:\WINDOWS\secure32.html

Adware:adware/isearch Not disinfected C:\WINDOWS\tool2.exe

Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Nando\Cookies\nando@adopt.hbmediapro[2].txt

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Nando\Cookies\nando@doubleclick[2].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Nando\Cookies\nando@google.com[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Nando\Cookies\nando@ig.com[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Nando\Cookies\nando@terra.com[1].txt

Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Nando\Cookies\nando@toplist[1].txt

Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Nando\Cookies\nando@z1.adserver[1].txt

Adware:Adware/IST.YourSiteBar Not disinfected C:\Documents and Settings\Nando\Configurações locais\Temporary Internet Files\Content.IE5\2WQ1OKWS\CA6FOLER.HTM

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Nando\Cookies\nando@google.com[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Nando\Cookies\nando@ig.com[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Nando\Cookies\nando@terra.com[1].txt

Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Nando\Cookies\nando@toplist[1].txt

Adware:Adware/MediaTickets Not disinfected C:\Documents and Settings\Nando\Desktop\Nando\Programas\phptriadsetup2-11.exe

Potentially unwanted tool:Application/PerfectKeylog.D Not disinfected C:\Program Files\BPK\bpk.chm

Adware:Adware/SpySheriff Not disinfected C:\Program Files\SpySheriff\Uninstall.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

mas não tem esses programas lá...

se me recordo eu desistalei eles ontem...

??

Compartilhar este post


Link para o post
Compartilhar em outros sites

retirei um monte de registros inválidos referente a esses programas mas nada....

ainda está com a tela.....

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe o Ewido. Instale e atualize-o.

Entre em modo de segurança e rode o Ewido. Salve o relatório do scan.

Reinicie o computador.

Cole o resultado do scan do Ewido aqui.

Abra o HijackThis e clique em "Open the Misc Tools Section" e marque as duas caixas ao lado do botão "Generate Startup List Log" e depois clique no mesmo. Cole o log que surgir aqui.

Compartilhar este post


Link para o post
Compartilhar em outros sites

---------------------------------------------------------

ewido anti-malware - Relatório de verificação

---------------------------------------------------------

+ Criado em: 22:43:06, 7/1/2006

+ Relatório-Checksum: 5C0A371E

+ Resultado da verificação:

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Folders\ibm00002.dll -> Logger.Agent.jl : Limpo com backup

C:\Arquivos de programas\Discador Terra\tdd.exe -> Heuristic.Win32.Dialer : Limpo com backup

C:\Arquivos de programas\POPDiscador\PopDiscador.exe -> Heuristic.Win32.Dialer : Limpo com backup

C:\boot.inx -> Downloader.Tibs.bn : Limpo com backup

C:\Documents and Settings\Nando\Configurações locais\Temp\is-9HCN9.tmp\SaveNowInst.exe/SaveNow.exe -> Adware.SaveNow : Limpo com backup

C:\Documents and Settings\Nando\Configurações locais\Temp\is-9HCN9.tmp\SaveNowInst.exe/Uninst.exe -> Adware.SaveNow : Limpo com backup

C:\Documents and Settings\Nando\Configurações locais\Temp\is-9HCN9.tmp\SaveNowInst.exe/SaveNow.exe -> Adware.SaveNow : Limpo com backup

C:\Documents and Settings\Nando\Configurações locais\Temp\is-9HCN9.tmp\SaveNowInst.exe/Uninst.exe -> Adware.SaveNow : Limpo com backup

C:\Documents and Settings\Nando\Cookies\nando@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Limpo com backup

C:\Documents and Settings\Nando\Cookies\nando@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Limpo com backup

C:\Program Files\SpySheriff\Uninstall.exe -> Adware.SpySheriff : Limpo com backup

C:\RECYCLER\NPROTECT\00035421.DLL -> Logger.Agent.jl : Limpo com backup

C:\WINDOWS\tool2.exe -> Not-A-Virus.Hoax.Win32.Renos.al : Limpo com backup

::Fim do Relatório

StartupList report, 7/1/2006, 22:53:09

StartupList version: 1.52.2

Started from : C:\HijackThis\HijackThis.EXE

Detected: Windows XP SP2 (WinNT 5.01.2600)

Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)

* Using default options

* Including empty and uninteresting sections

* Showing rarely important sections

==================================================

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\TBridge\FLATBED.EXE

C:\WINDOWS\Mixer.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Arquivos de programas\Iomega\DriveIcons\ImgIcon.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Iomega\AutoDisk\AD2KClient.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\WINDOWS\system32\crypserv.exe

C:\Arquivos de programas\ewido anti-malware\ewidoctrl.exe

C:\Arquivos de programas\ewido anti-malware\ewidoguard.exe

C:\ARQUIV~1\Iomega\System32\ActivityDisk.exe

C:\Arquivos de programas\Norton Utilities\NPROTECT.EXE

C:\Arquivos de programas\Speed Disk\nopdb.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\HijackThis\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:

[C:\Documents and Settings\Nando\Menu Iniciar\Programas\Inicializar]

*No files*

Shell folders AltStartup:

*Folder not found*

User shell folders Startup:

*Folder not found*

User shell folders AltStartup:

*Folder not found*

Shell folders Common Startup:

[C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar]

*No files*

Shell folders Common AltStartup:

*Folder not found*

User shell folders Common Startup:

*Folder not found*

User shell folders Alternate Common Startup:

*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]

*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

C-Media Mixer = Mixer.exe /startup

NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

nwiz = nwiz.exe /install

AVG7_CC = C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

AVG7_EMC = C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

Iomega Startup Options = C:\Arquivos de programas\Iomega\Common\ImgStart.exe

Iomega Drive Icons = C:\Arquivos de programas\Iomega\DriveIcons\ImgIcon.exe

iTunesHelper = "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

RemoteControl = "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

InCD = C:\Arquivos de programas\Ahead\InCD\InCD.exe

NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe

MSMSGS = "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

Iomega Active Disk = C:\Arquivos de programas\Iomega\AutoDisk\AD2KClient.exe

popbanner = C:\Arquivos de programas\POPDiscador\POPDiscador.exe --banner

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]

*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

File association entry for .EXE:

HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:

HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:

HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:

HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:

HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:

HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\System32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:

HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:

HKLM\Software\Microsoft\Active Setup\Installed Components

(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]

StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *

StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *

StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *

StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mswmp.inf,PerUserStub

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *

StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *

StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *

StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *

StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *

StubPath = %SystemRoot%\system32\ie4uinit.exe

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:

HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*

run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

HKCU\..\Windows NT\CurrentVersion\Windows: load=C:\TBridge\FLATBED.EXE

HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*

SCRNSAVE.EXE=*INI section not found*

drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=explorer.exe

SCRNSAVE.EXE=

drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*

HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present

C:\WINDOWS\Explorer\Explorer.exe: not present

C:\WINDOWS\System\Explorer.exe: not present

C:\WINDOWS\System32\Explorer.exe: not present

C:\WINDOWS\Command\Explorer.exe: not present

C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)

.pif: HIDDEN! (arrow overlay: yes)

.exe: not hidden

.com: not hidden

.bat: not hidden

.hta: not hidden

.scr: not hidden

.shs: HIDDEN!

.shb: HIDDEN!

.vbs: not hidden

.vbe: not hidden

.wsh: not hidden

.scf: HIDDEN! (arrow overlay: NO!)

.url: HIDDEN! (arrow overlay: yes)

.js: not hidden

.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS

- .reg open command is normal (regedit.exe %1)

- Company name OK: 'Microsoft Corporation'

- Original filename OK: 'REGEDIT.EXE'

- File description: 'Editor do Registro'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

--------------------------------------------------

Enumerating Task Scheduler jobs:

*No jobs found*

--------------------------------------------------

Enumerating Download Program Files:

[DirectAnimation Java Classes]

CODEBASE = file://C:\WINDOWS\Java\classes\dajava.cab

OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

[Microsoft XML Parser for Java]

CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab

OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

[ActiveScan Installer Class]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll

CODEBASE = http://acs.pandasoftware.com/activescan/as5free/asinst.cab

[shockwave Flash Object]

InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx

CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll

NameSpace #2: C:\WINDOWS\System32\winrnr.dll

NameSpace #3: C:\WINDOWS\System32\mswsock.dll

NameSpace #4: C:\WINDOWS\System32\nwprovau.dll

Protocol #1: C:\WINDOWS\system32\mswsock.dll

Protocol #2: C:\WINDOWS\system32\mswsock.dll

Protocol #3: C:\WINDOWS\system32\mswsock.dll

Protocol #4: C:\WINDOWS\system32\rsvpsp.dll

Protocol #5: C:\WINDOWS\system32\rsvpsp.dll

Protocol #6: C:\WINDOWS\system32\mswsock.dll

Protocol #7: C:\WINDOWS\system32\mswsock.dll

Protocol #8: C:\WINDOWS\system32\mswsock.dll

Protocol #9: C:\WINDOWS\system32\mswsock.dll

Protocol #10: C:\WINDOWS\system32\mswsock.dll

Protocol #11: C:\WINDOWS\system32\mswsock.dll

Protocol #12: C:\WINDOWS\system32\mswsock.dll

Protocol #13: C:\WINDOWS\system32\mswsock.dll

Protocol #14: C:\WINDOWS\system32\mswsock.dll

Protocol #15: C:\WINDOWS\system32\mswsock.dll

Protocol #16: C:\WINDOWS\system32\mswsock.dll

Protocol #17: C:\WINDOWS\system32\mswsock.dll

Protocol #18: C:\WINDOWS\system32\mswsock.dll

Protocol #19: C:\WINDOWS\system32\mswsock.dll

Protocol #20: C:\WINDOWS\system32\mswsock.dll

Protocol #21: C:\WINDOWS\system32\mswsock.dll

Protocol #22: C:\WINDOWS\system32\mswsock.dll

Protocol #23: C:\WINDOWS\system32\mswsock.dll

Protocol #24: C:\WINDOWS\system32\mswsock.dll

Protocol #25: C:\WINDOWS\system32\mswsock.dll

Protocol #26: C:\WINDOWS\system32\mswsock.dll

Protocol #27: C:\WINDOWS\system32\mswsock.dll

Protocol #28: C:\WINDOWS\system32\mswsock.dll

Protocol #29: C:\WINDOWS\system32\mswsock.dll

Protocol #30: C:\WINDOWS\system32\mswsock.dll

Protocol #31: C:\WINDOWS\system32\mswsock.dll

Protocol #32: C:\WINDOWS\system32\mswsock.dll

Protocol #33: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Serviço auxiliar IPv6: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)

Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)

Ambiente de suporte a redes AFD: \SystemRoot\System32\drivers\afd.sys (system)

Alerta: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)

Serviço 'Gateway de camada de aplicativo': %SystemRoot%\System32\alg.exe (manual start)

AMD K7 Processor Driver: System32\DRIVERS\amdk7.sys (system)

Gerenciamento de aplicativo: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

Driver de mídia assíncrona RAS: System32\DRIVERS\asyncmac.sys (manual start)

Controlador de disco rígido padrão IDE/ESDI: System32\DRIVERS\atapi.sys (system)

Protocolo de cliente ATM ARP: System32\DRIVERS\atmarpc.sys (manual start)

Áudio do Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Driver de fragmento de código de áudio: System32\DRIVERS\audstub.sys (manual start)

AVG7 Alert Manager Server: C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe (autostart)

AVG7 Kernel: \SystemRoot\System32\Drivers\avg7core.sys (system)

AVG7 Wrap Driver: \SystemRoot\System32\Drivers\avg7rsw.sys (system)

AVG7 Resident Driver XP: \SystemRoot\System32\Drivers\avg7rsxp.sys (system)

AVG7 Update Service: C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe (autostart)

AVG Network Redirector: \??\C:\WINDOWS\System32\Drivers\avgtdi.sys (autostart)

Serviço de transferência inteligente de plano de fundo: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Localizador de computadores: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Driver de CD-ROM: System32\DRIVERS\cdrom.sys (system)

Serviço de indexação: %SystemRoot%\system32\cisvc.exe (manual start)

Área de armazenamento: %SystemRoot%\system32\clipsrv.exe (disabled)

C-Media PCI Audio Driver (WDM): system32\drivers\cmaudio.sys (manual start)

Aplicativo de sistema COM+: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)

Crypkey License: crypserv.exe (autostart)

Serviços de criptografia: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Inicializador de Processo de Servidor DCOM: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)

Cliente DHCP: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Driver de disco: System32\DRIVERS\disk.sys (system)

Serviço administrativo do gerenciador de disco lógico: %SystemRoot%\System32\dmadmin.exe /com (manual start)

dmboot: System32\drivers\dmboot.sys (disabled)

Logical Disk Manager Driver: System32\drivers\dmio.sys (system)

dmload: System32\drivers\dmload.sys (system)

Gerenciador de discos lógicos: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)

Cliente DNS: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)

Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)

Erro ao informar o serviço: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Log de eventos: %SystemRoot%\system32\services.exe (autostart)

Sistema de eventos COM+: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)

ewido security suite control: C:\Arquivos de programas\ewido anti-malware\ewidoctrl.exe (autostart)

ewido security suite driver: \??\C:\Arquivos de programas\ewido anti-malware\guard.sys (system)

ewido security suite guard: C:\Arquivos de programas\ewido anti-malware\ewidoguard.exe (autostart)

Compatibilidade com 'Troca rápida de usuário': %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Driver de controlador de disquete: System32\DRIVERS\fdc.sys (manual start)

Driver de disquete: System32\DRIVERS\flpydisk.sys (manual start)

FltMgr: system32\drivers\fltmgr.sys (system)

Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)

Enumerador de portas de jogos: system32\DRIVERS\gameenum.sys (manual start)

GEAR CDRom Filter: SYSTEM32\DRIVERS\GEARAspiWDM.sys (manual start)

Classificador genérico de pacotes: System32\DRIVERS\msgpc.sys (manual start)

Ajuda e suporte: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Acesso a dispositivo de interface humana: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)

HTTP: System32\Drivers\HTTP.sys (manual start)

HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)

i386p: \??\C:\WINDOWS\system32\drivers\i386p.sys (system)

Teclado i8042 e driver de porta de mouse PS/2: System32\DRIVERS\i8042prt.sys (system)

Driver de filtro de criação de CDs: System32\DRIVERS\imapi.sys (system)

IMAPI CD-Burning COM Service: C:\WINDOWS\System32\imapi.exe (manual start)

InCDPass: System32\DRIVERS\InCDPass.sys (system)

InCD Helper: C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe (autostart)

IntelC51: system32\DRIVERS\IntelC51.sys (manual start)

Intel® 537 Data Fax Voice V.92 Modem: system32\DRIVERS\IntelC52.sys (manual start)

IntelC53: system32\DRIVERS\IntelC53.sys (manual start)

Iomega Devices Disk Filter Services: System32\DRIVERS\iomdisk.sys (system)

Iomega Activity Disk2: "C:\ARQUIV~1\Iomega\System32\ActivityDisk.exe" (autostart)

Driver de IPv6 do Firewall do Windows: system32\drivers\ip6fw.sys (manual start)

Driver de filtro de tráfego IP: System32\DRIVERS\ipfltdrv.sys (manual start)

Driver de encapsulamento IP em IP: System32\DRIVERS\ipinip.sys (manual start)

Conversor de endereços de rede IP: System32\DRIVERS\ipnat.sys (manual start)

iPod Service: "C:\Arquivos de programas\iPod\bin\iPodService.exe" (manual start)

Driver IPSEC: System32\DRIVERS\ipsec.sys (system)

Serviço enumerador IR: System32\DRIVERS\irenum.sys (manual start)

PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)

Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)

Dritek Keyboard Filter Driver: System32\Drivers\KBFiltr.SYS (autostart)

Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)

Servidor: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Estação de trabalho: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Auxiliar NetBIOS TCP/IP: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)

Mensageiro: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)

Compartilhamento remoto da área de trabalho do NetMeeting

: C:\WINDOWS\System32\mnmsrvc.exe (manual start)

Dispositivo de filtro de fluxo unimodem: system32\drivers\MODEMCSA.sys (manual start)

Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)

Redirecionador do cliente WebDav: System32\DRIVERS\mrxdav.sys (manual start)

MRXSMB: System32\DRIVERS\mrxsmb.sys (system)

Coordenador de transações distribuídas: C:\WINDOWS\System32\msdtc.exe (manual start)

Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)

Proxy de serviço de fluxo contínuo Microsoft: system32\drivers\MSKSSRV.sys (manual start)

Proxy do relógio de fluxo contínuo Microsoft: system32\drivers\MSPCLOCK.sys (manual start)

Proxy de gerenciador de qualidade de fluxo contínuo Microsoft: system32\drivers\MSPQM.sys (manual start)

Driver de BIOS de Gerenciamento de Sistema Microsoft: System32\DRIVERS\mssmbios.sys (manual start)

Driver TAPI NDIS de acesso remoto: System32\DRIVERS\ndistapi.sys (manual start)

Protocolo de modo de usuário E/S em dispositivos NDIS: System32\DRIVERS\ndisuio.sys (manual start)

Driver de rede remota NDIS de acesso remoto: System32\DRIVERS\ndiswan.sys (manual start)

Interface NetBIOS: System32\DRIVERS\netbios.sys (system)

NetBios em Tcpip: System32\DRIVERS\netbt.sys (system)

DDE de rede: %SystemRoot%\system32\netdde.exe (disabled)

DSDM de DDE de rede: %SystemRoot%\system32\netdde.exe (disabled)

Logon de rede: %SystemRoot%\System32\lsass.exe (manual start)

Conexões de rede: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

NetworkX: \SystemRoot\system32\ckldrv.sys (system)

Reconhecimento de local da rede (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Driver de monitor de rede: system32\DRIVERS\NMnt.sys (manual start)

Norton Unerase Protection Driver: \??\C:\WINDOWS\system32\Drivers\NPDRIVER.SYS (manual start)

Norton Unerase Protection: C:\Arquivos de programas\Norton Utilities\NPROTECT.EXE (autostart)

Fornecedor de suporte de segurança NT LM: %SystemRoot%\System32\lsass.exe (manual start)

Armazenamento removível: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

nv: System32\DRIVERS\nv4_mini.sys (manual start)

NVIDIA Driver Helper Service: %SystemRoot%\system32\nvsvc32.exe (autostart)

Driver de filtro de tráfego IPX: System32\DRIVERS\nwlnkflt.sys (manual start)

Driver encaminhador de tráfego IPX: System32\DRIVERS\nwlnkfwd.sys (manual start)

NWLink IPX/SPX/NetBIOS Protocolo de transporte compatível: system32\DRIVERS\nwlnkipx.sys (autostart)

NWLink NetBIOS: system32\DRIVERS\nwlnknb.sys (autostart)

Protocolo NWLink SPX/SPXII: system32\DRIVERS\nwlnkspx.sys (autostart)

Agente SAP: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Parallel port driver: System32\DRIVERS\parport.sys (manual start)

PCI Bus Driver: System32\DRIVERS\pci.sys (system)

PCIIde: System32\DRIVERS\pciide.sys (system)

Padus ASPI Shell: system32\drivers\pfc.sys (manual start)

Plug and Play: %SystemRoot%\system32\services.exe (autostart)

Serviços IPSEC: %SystemRoot%\System32\lsass.exe (autostart)

Iomega Parallel Port Legacy Filter Driver: system32\DRIVERS\ppa3.sys (system)

Miniporta de rede remota (PPTP): System32\DRIVERS\raspptp.sys (manual start)

Armazenamento protegido: %SystemRoot%\system32\lsass.exe (autostart)

Agendador de pacotes QoS: System32\DRIVERS\psched.sys (manual start)

Driver de link paralelo direto: System32\DRIVERS\ptilink.sys (manual start)

Driver de conexão automática de acesso remoto: System32\DRIVERS\rasacd.sys (system)

Gerenciador de conexão de acesso remoto automático: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Miniporta de rede remota (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)

Gerenciador de conexão de acesso remoto: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Driver PPPOE de acesso remoto: System32\DRIVERS\raspppoe.sys (manual start)

Paralelo direto: System32\DRIVERS\raspti.sys (manual start)

Rdbss: System32\DRIVERS\rdbss.sys (system)

RDPCDD: System32\DRIVERS\RDPCDD.sys (system)

Driver redirecionador de dispositivos doTerminal Server: System32\DRIVERS\rdpdr.sys (manual start)

Gerenciador de sessão de ajuda de área de trabalho remota: C:\WINDOWS\system32\sessmgr.exe (manual start)

Driver de filtro de reprodução de áudio digital de CD: System32\DRIVERS\redbook.sys (system)

Roteamento e acesso remoto: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)

Registro remoto: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)

Microsoft Legacy Modem Driver: System32\Drivers\RootMdm.sys (manual start)

Alocador Remote Procedure Call (RPC): %SystemRoot%\System32\locator.exe (manual start)

Chama de procedimento remoto (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)

QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)

Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver: System32\DRIVERS\RTL8139.SYS (manual start)

Gerenciador de contas de segurança: %SystemRoot%\system32\lsass.exe (autostart)

Cartão inteligente: %SystemRoot%\System32\SCardSvr.exe (manual start)

Agendador de tarefas: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Secdrv: System32\DRIVERS\secdrv.sys (manual start)

Logon secundário: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Notificação de eventos de sistema: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)

Serial port driver: System32\DRIVERS\serial.sys (system)

Firewall do Windows/Compartilhamento de Conexão com a Internet (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Detecção do hardware do shell: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

SiS AGP Filter: System32\DRIVERS\sisagp.sys (system)

Sony USB Filter Driver (SONYPVU1): system32\DRIVERS\SONYPVU1.SYS (manual start)

Speed Disk service: C:\Arquivos de programas\Speed Disk\nopdb.exe (autostart)

Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)

Spooler de impressão: %SystemRoot%\system32\spoolsv.exe (autostart)

Driver de filtro de restauração do sistema: \SystemRoot\System32\DRIVERS\sr.sys (disabled)

Serviço de restauração do sistema: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Srv: System32\DRIVERS\srv.sys (manual start)

Serviço de descoberta SSDP: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)

Assistente de aquisição de imagens do Windows (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (manual start)

Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)

Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)

MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{5320AB21-6A9D-454F-832F-A32FBA4C2646} (manual start)

SymEvent: \??\C:\Arquivos de programas\Symantec\SYMEVENT.SYS (manual start)

Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)

Logs e alertas de desempenho: %SystemRoot%\system32\smlogsvc.exe (manual start)

Telefonia: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Driver de protocolo TCP/IP: System32\DRIVERS\tcpip.sys (system)

Microsoft IPv6 Protocol Driver: system32\DRIVERS\tcpip6.sys (system)

Driver de dispositivo de terminal: System32\DRIVERS\termdd.sys (system)

Serviços de terminal: %SystemRoot%\System32\svchost -k DComLaunch (manual start)

Temas: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Telnet: C:\WINDOWS\System32\tlntsvr.exe (disabled)

Cliente de rastreamento de link distribuído: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Microsoft Tun Miniport Adapter Driver: system32\DRIVERS\tunmp.sys (manual start)

Microcode Update Driver: System32\DRIVERS\update.sys (manual start)

Host de dispositivo Plug and Play universal: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)

Sistema de alimentação ininterrupta: %SystemRoot%\System32\ups.exe (manual start)

USB2 Enabled Hub: System32\DRIVERS\usbhub.sys (manual start)

Microsoft USB Open Host Controller Miniport Driver: System32\DRIVERS\usbohci.sys (manual start)

USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)

Controlador de vídeo VGA.: \SystemRoot\System32\drivers\vga.sys (system)

Cópia de volume em memória: %SystemRoot%\System32\vssvc.exe (manual start)

Horário do Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Driver ARP IP de acesso remoto: System32\DRIVERS\wanarp.sys (manual start)

Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)

Cliente da Web: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)

Testador de instrumentação de gerenciam. do Windows: %systemroot%\system32\svchost.exe -k netsvcs (autostart)

Serviço de Número de Série de Mídia Portátil: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Extensões de driver de instrum. gerenc. do Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Adaptador de desempenho WMI: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)

Central de Segurança: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Atualizações automáticas: %systemRoot%\System32\svchost.exe -k netsvcs (autostart)

Configuração zero sem fio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Serviço de Configuração de Rede: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:

*No scripts set to run*

Windows NT checkdisk command:

BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':

PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll

CDBurn: C:\WINDOWS\system32\SHELL32.dll

WebCheck: C:\WINDOWS\System32\webcheck.dll

SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

End of report, 34.885 bytes

Report generated in 0,188 seconds

Command line options:

/verbose - to add additional info on each section

/complete - to include empty sections and unsuspicious data

/full - to include several rarely-important sections

/force9x - to include Win9x-only startups even if running on WinNT

/forcent - to include WinNT-only startups even if running on Win9x

/forceall - to include all Win9x and WinNT startups, regardless of platform

/history - to list version history only

Compartilhar este post


Link para o post
Compartilhar em outros sites

Abra o bloco de notas e cole o que está dentro do quote:

@echo off

sc config i386p start= disabled

sc stop i386p

sc delete i386p

attrib -s -r C:\WINDOWS\system32\drivers\i386p.sys

del C:\WINDOWS\system32\drivers\i386p.sys

Salve o arquivo com o nome de remove.bat e execute-o.

Reinicie o PC em modo de segurança.

Rode o Ewido e salve o relatório do scan.

Reinicie o computador.

Cole o resultado do scan do Ewido junto com um novo log do Startup List (com as duas caixas marcadas).

Compartilhar este post


Link para o post
Compartilhar em outros sites

---------------------------------------------------------

ewido anti-malware - Relatório de verificação

---------------------------------------------------------

+ Criado em: 01:26:56, 8/1/2006

+ Relatório-Checksum: 6355782E

+ Resultado da verificação:

C:\Arquivos de programas\Discador Terra\tdd.exe -> Heuristic.Win32.Dialer : Ignorado

C:\RECYCLER\NPROTECT\00035839.exe -> Heuristic.Win32.Dialer : Ignorado

C:\Documents and Settings\Nando\Cookies\nando@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Limpo com backup

::Fim do Relatório

StartupList report, 8/1/2006, 01:29:42

StartupList version: 1.52.2

Started from : C:\HijackThis\HijackThis.EXE

Detected: Windows XP SP2 (WinNT 5.01.2600)

Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)

* Using default options

* Including empty and uninteresting sections

* Showing rarely important sections

==================================================

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\TBridge\FLATBED.EXE

C:\WINDOWS\Mixer.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Arquivos de programas\Iomega\DriveIcons\ImgIcon.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\Arquivos de programas\Discador Terra\tdd.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Iomega\AutoDisk\AD2KClient.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\WINDOWS\system32\crypserv.exe

C:\Arquivos de programas\ewido anti-malware\ewidoctrl.exe

C:\Arquivos de programas\ewido anti-malware\ewidoguard.exe

C:\ARQUIV~1\Iomega\System32\ActivityDisk.exe

C:\Arquivos de programas\Norton Utilities\NPROTECT.EXE

C:\Arquivos de programas\Speed Disk\nopdb.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wuauclt.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:

[C:\Documents and Settings\Nando\Menu Iniciar\Programas\Inicializar]

*No files*

Shell folders AltStartup:

*Folder not found*

User shell folders Startup:

*Folder not found*

User shell folders AltStartup:

*Folder not found*

Shell folders Common Startup:

[C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar]

*No files*

Shell folders Common AltStartup:

*Folder not found*

User shell folders Common Startup:

*Folder not found*

User shell folders Alternate Common Startup:

*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]

*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

C-Media Mixer = Mixer.exe /startup

NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

nwiz = nwiz.exe /install

AVG7_CC = C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

AVG7_EMC = C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

Iomega Startup Options = C:\Arquivos de programas\Iomega\Common\ImgStart.exe

Iomega Drive Icons = C:\Arquivos de programas\Iomega\DriveIcons\ImgIcon.exe

iTunesHelper = "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

RemoteControl = "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

InCD = C:\Arquivos de programas\Ahead\InCD\InCD.exe

NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe

tdd = "C:\Arquivos de programas\Discador Terra\tdd.exe" -F

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe

MSMSGS = "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

Iomega Active Disk = C:\Arquivos de programas\Iomega\AutoDisk\AD2KClient.exe

popbanner = C:\Arquivos de programas\POPDiscador\POPDiscador.exe --banner

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]

*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

File association entry for .EXE:

HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:

HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:

HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:

HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:

HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:

HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\System32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:

HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:

HKLM\Software\Microsoft\Active Setup\Installed Components

(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]

StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *

StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *

StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *

StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mswmp.inf,PerUserStub

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *

StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *

StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *

StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *

StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *

StubPath = %SystemRoot%\system32\ie4uinit.exe

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:

HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*

run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

HKCU\..\Windows NT\CurrentVersion\Windows: load=C:\TBridge\FLATBED.EXE

HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*

SCRNSAVE.EXE=*INI section not found*

drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=explorer.exe

SCRNSAVE.EXE=

drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*

HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present

C:\WINDOWS\Explorer\Explorer.exe: not present

C:\WINDOWS\System\Explorer.exe: not present

C:\WINDOWS\System32\Explorer.exe: not present

C:\WINDOWS\Command\Explorer.exe: not present

C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)

.pif: HIDDEN! (arrow overlay: yes)

.exe: not hidden

.com: not hidden

.bat: not hidden

.hta: not hidden

.scr: not hidden

.shs: HIDDEN!

.shb: HIDDEN!

.vbs: not hidden

.vbe: not hidden

.wsh: not hidden

.scf: HIDDEN! (arrow overlay: NO!)

.url: HIDDEN! (arrow overlay: yes)

.js: not hidden

.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS

- .reg open command is normal (regedit.exe %1)

- Company name OK: 'Microsoft Corporation'

- Original filename OK: 'REGEDIT.EXE'

- File description: 'Editor do Registro'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

--------------------------------------------------

Enumerating Task Scheduler jobs:

*No jobs found*

--------------------------------------------------

Enumerating Download Program Files:

[DirectAnimation Java Classes]

CODEBASE = file://C:\WINDOWS\Java\classes\dajava.cab

OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

[Microsoft XML Parser for Java]

CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab

OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

[ActiveScan Installer Class]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll

CODEBASE = http://acs.pandasoftware.com/activescan/as5free/asinst.cab

[shockwave Flash Object]

InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx

CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll

NameSpace #2: C:\WINDOWS\System32\winrnr.dll

NameSpace #3: C:\WINDOWS\System32\mswsock.dll

NameSpace #4: C:\WINDOWS\System32\nwprovau.dll

Protocol #1: C:\WINDOWS\system32\mswsock.dll

Protocol #2: C:\WINDOWS\system32\mswsock.dll

Protocol #3: C:\WINDOWS\system32\mswsock.dll

Protocol #4: C:\WINDOWS\system32\rsvpsp.dll

Protocol #5: C:\WINDOWS\system32\rsvpsp.dll

Protocol #6: C:\WINDOWS\system32\mswsock.dll

Protocol #7: C:\WINDOWS\system32\mswsock.dll

Protocol #8: C:\WINDOWS\system32\mswsock.dll

Protocol #9: C:\WINDOWS\system32\mswsock.dll

Protocol #10: C:\WINDOWS\system32\mswsock.dll

Protocol #11: C:\WINDOWS\system32\mswsock.dll

Protocol #12: C:\WINDOWS\system32\mswsock.dll

Protocol #13: C:\WINDOWS\system32\mswsock.dll

Protocol #14: C:\WINDOWS\system32\mswsock.dll

Protocol #15: C:\WINDOWS\system32\mswsock.dll

Protocol #16: C:\WINDOWS\system32\mswsock.dll

Protocol #17: C:\WINDOWS\system32\mswsock.dll

Protocol #18: C:\WINDOWS\system32\mswsock.dll

Protocol #19: C:\WINDOWS\system32\mswsock.dll

Protocol #20: C:\WINDOWS\system32\mswsock.dll

Protocol #21: C:\WINDOWS\system32\mswsock.dll

Protocol #22: C:\WINDOWS\system32\mswsock.dll

Protocol #23: C:\WINDOWS\system32\mswsock.dll

Protocol #24: C:\WINDOWS\system32\mswsock.dll

Protocol #25: C:\WINDOWS\system32\mswsock.dll

Protocol #26: C:\WINDOWS\system32\mswsock.dll

Protocol #27: C:\WINDOWS\system32\mswsock.dll

Protocol #28: C:\WINDOWS\system32\mswsock.dll

Protocol #29: C:\WINDOWS\system32\mswsock.dll

Protocol #30: C:\WINDOWS\system32\mswsock.dll

Protocol #31: C:\WINDOWS\system32\mswsock.dll

Protocol #32: C:\WINDOWS\system32\mswsock.dll

Protocol #33: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Serviço auxiliar IPv6: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)

Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)

Ambiente de suporte a redes AFD: \SystemRoot\System32\drivers\afd.sys (system)

Alerta: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)

Serviço 'Gateway de camada de aplicativo': %SystemRoot%\System32\alg.exe (manual start)

AMD K7 Processor Driver: System32\DRIVERS\amdk7.sys (system)

Gerenciamento de aplicativo: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

Driver de mídia assíncrona RAS: System32\DRIVERS\asyncmac.sys (manual start)

Controlador de disco rígido padrão IDE/ESDI: System32\DRIVERS\atapi.sys (system)

Protocolo de cliente ATM ARP: System32\DRIVERS\atmarpc.sys (manual start)

Áudio do Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Driver de fragmento de código de áudio: System32\DRIVERS\audstub.sys (manual start)

AVG7 Alert Manager Server: C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe (autostart)

AVG7 Kernel: \SystemRoot\System32\Drivers\avg7core.sys (system)

AVG7 Wrap Driver: \SystemRoot\System32\Drivers\avg7rsw.sys (system)

AVG7 Resident Driver XP: \SystemRoot\System32\Drivers\avg7rsxp.sys (system)

AVG7 Update Service: C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe (autostart)

AVG Network Redirector: \??\C:\WINDOWS\System32\Drivers\avgtdi.sys (autostart)

Serviço de transferência inteligente de plano de fundo: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Localizador de computadores: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Driver de CD-ROM: System32\DRIVERS\cdrom.sys (system)

Serviço de indexação: %SystemRoot%\system32\cisvc.exe (manual start)

Área de armazenamento: %SystemRoot%\system32\clipsrv.exe (disabled)

C-Media PCI Audio Driver (WDM): system32\drivers\cmaudio.sys (manual start)

Aplicativo de sistema COM+: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)

Crypkey License: crypserv.exe (autostart)

Serviços de criptografia: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Inicializador de Processo de Servidor DCOM: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)

Cliente DHCP: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Driver de disco: System32\DRIVERS\disk.sys (system)

Serviço administrativo do gerenciador de disco lógico: %SystemRoot%\System32\dmadmin.exe /com (manual start)

dmboot: System32\drivers\dmboot.sys (disabled)

Logical Disk Manager Driver: System32\drivers\dmio.sys (system)

dmload: System32\drivers\dmload.sys (system)

Gerenciador de discos lógicos: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)

Cliente DNS: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)

Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)

Erro ao informar o serviço: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Log de eventos: %SystemRoot%\system32\services.exe (autostart)

Sistema de eventos COM+: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)

ewido security suite control: C:\Arquivos de programas\ewido anti-malware\ewidoctrl.exe (autostart)

ewido security suite driver: \??\C:\Arquivos de programas\ewido anti-malware\guard.sys (system)

ewido security suite guard: C:\Arquivos de programas\ewido anti-malware\ewidoguard.exe (autostart)

Compatibilidade com 'Troca rápida de usuário': %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Driver de controlador de disquete: System32\DRIVERS\fdc.sys (manual start)

Driver de disquete: System32\DRIVERS\flpydisk.sys (manual start)

FltMgr: system32\drivers\fltmgr.sys (system)

Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)

Enumerador de portas de jogos: system32\DRIVERS\gameenum.sys (manual start)

GEAR CDRom Filter: SYSTEM32\DRIVERS\GEARAspiWDM.sys (manual start)

Classificador genérico de pacotes: System32\DRIVERS\msgpc.sys (manual start)

Ajuda e suporte: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Acesso a dispositivo de interface humana: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)

HTTP: System32\Drivers\HTTP.sys (manual start)

HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)

Teclado i8042 e driver de porta de mouse PS/2: System32\DRIVERS\i8042prt.sys (system)

Driver de filtro de criação de CDs: System32\DRIVERS\imapi.sys (system)

IMAPI CD-Burning COM Service: C:\WINDOWS\System32\imapi.exe (manual start)

InCDPass: System32\DRIVERS\InCDPass.sys (system)

InCD Helper: C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe (autostart)

IntelC51: system32\DRIVERS\IntelC51.sys (manual start)

Intel® 537 Data Fax Voice V.92 Modem: system32\DRIVERS\IntelC52.sys (manual start)

IntelC53: system32\DRIVERS\IntelC53.sys (manual start)

Iomega Devices Disk Filter Services: System32\DRIVERS\iomdisk.sys (system)

Iomega Activity Disk2: "C:\ARQUIV~1\Iomega\System32\ActivityDisk.exe" (autostart)

Driver de IPv6 do Firewall do Windows: system32\drivers\ip6fw.sys (manual start)

Driver de filtro de tráfego IP: System32\DRIVERS\ipfltdrv.sys (manual start)

Driver de encapsulamento IP em IP: System32\DRIVERS\ipinip.sys (manual start)

Conversor de endereços de rede IP: System32\DRIVERS\ipnat.sys (manual start)

iPod Service: "C:\Arquivos de programas\iPod\bin\iPodService.exe" (manual start)

Driver IPSEC: System32\DRIVERS\ipsec.sys (system)

Serviço enumerador IR: System32\DRIVERS\irenum.sys (manual start)

PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)

Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)

Dritek Keyboard Filter Driver: System32\Drivers\KBFiltr.SYS (autostart)

Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)

Servidor: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Estação de trabalho: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Auxiliar NetBIOS TCP/IP: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)

Mensageiro: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)

Compartilhamento remoto da área de trabalho do NetMeeting

: C:\WINDOWS\System32\mnmsrvc.exe (manual start)

Dispositivo de filtro de fluxo unimodem: system32\drivers\MODEMCSA.sys (manual start)

Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)

Redirecionador do cliente WebDav: System32\DRIVERS\mrxdav.sys (manual start)

MRXSMB: System32\DRIVERS\mrxsmb.sys (system)

Coordenador de transações distribuídas: C:\WINDOWS\System32\msdtc.exe (manual start)

Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)

Proxy de serviço de fluxo contínuo Microsoft: system32\drivers\MSKSSRV.sys (manual start)

Proxy do relógio de fluxo contínuo Microsoft: system32\drivers\MSPCLOCK.sys (manual start)

Proxy de gerenciador de qualidade de fluxo contínuo Microsoft: system32\drivers\MSPQM.sys (manual start)

Driver de BIOS de Gerenciamento de Sistema Microsoft: System32\DRIVERS\mssmbios.sys (manual start)

Driver TAPI NDIS de acesso remoto: System32\DRIVERS\ndistapi.sys (manual start)

Protocolo de modo de usuário E/S em dispositivos NDIS: System32\DRIVERS\ndisuio.sys (manual start)

Driver de rede remota NDIS de acesso remoto: System32\DRIVERS\ndiswan.sys (manual start)

Interface NetBIOS: System32\DRIVERS\netbios.sys (system)

NetBios em Tcpip: System32\DRIVERS\netbt.sys (system)

DDE de rede: %SystemRoot%\system32\netdde.exe (disabled)

DSDM de DDE de rede: %SystemRoot%\system32\netdde.exe (disabled)

Logon de rede: %SystemRoot%\System32\lsass.exe (manual start)

Conexões de rede: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

NetworkX: \SystemRoot\system32\ckldrv.sys (system)

Reconhecimento de local da rede (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Driver de monitor de rede: system32\DRIVERS\NMnt.sys (manual start)

Norton Unerase Protection Driver: \??\C:\WINDOWS\system32\Drivers\NPDRIVER.SYS (manual start)

Norton Unerase Protection: C:\Arquivos de programas\Norton Utilities\NPROTECT.EXE (autostart)

Fornecedor de suporte de segurança NT LM: %SystemRoot%\System32\lsass.exe (manual start)

Armazenamento removível: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

nv: System32\DRIVERS\nv4_mini.sys (manual start)

NVIDIA Driver Helper Service: %SystemRoot%\system32\nvsvc32.exe (autostart)

Driver de filtro de tráfego IPX: System32\DRIVERS\nwlnkflt.sys (manual start)

Driver encaminhador de tráfego IPX: System32\DRIVERS\nwlnkfwd.sys (manual start)

NWLink IPX/SPX/NetBIOS Protocolo de transporte compatível: system32\DRIVERS\nwlnkipx.sys (autostart)

NWLink NetBIOS: system32\DRIVERS\nwlnknb.sys (autostart)

Protocolo NWLink SPX/SPXII: system32\DRIVERS\nwlnkspx.sys (autostart)

Agente SAP: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Parallel port driver: System32\DRIVERS\parport.sys (manual start)

PCI Bus Driver: System32\DRIVERS\pci.sys (system)

PCIIde: System32\DRIVERS\pciide.sys (system)

Padus ASPI Shell: system32\drivers\pfc.sys (manual start)

Plug and Play: %SystemRoot%\system32\services.exe (autostart)

Serviços IPSEC: %SystemRoot%\System32\lsass.exe (autostart)

Iomega Parallel Port Legacy Filter Driver: system32\DRIVERS\ppa3.sys (system)

Miniporta de rede remota (PPTP): System32\DRIVERS\raspptp.sys (manual start)

Armazenamento protegido: %SystemRoot%\system32\lsass.exe (autostart)

Agendador de pacotes QoS: System32\DRIVERS\psched.sys (manual start)

Driver de link paralelo direto: System32\DRIVERS\ptilink.sys (manual start)

Driver de conexão automática de acesso remoto: System32\DRIVERS\rasacd.sys (system)

Gerenciador de conexão de acesso remoto automático: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Miniporta de rede remota (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)

Gerenciador de conexão de acesso remoto: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Driver PPPOE de acesso remoto: System32\DRIVERS\raspppoe.sys (manual start)

Paralelo direto: System32\DRIVERS\raspti.sys (manual start)

Rdbss: System32\DRIVERS\rdbss.sys (system)

RDPCDD: System32\DRIVERS\RDPCDD.sys (system)

Driver redirecionador de dispositivos doTerminal Server: System32\DRIVERS\rdpdr.sys (manual start)

Gerenciador de sessão de ajuda de área de trabalho remota: C:\WINDOWS\system32\sessmgr.exe (manual start)

Driver de filtro de reprodução de áudio digital de CD: System32\DRIVERS\redbook.sys (system)

Roteamento e acesso remoto: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)

Registro remoto: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)

Microsoft Legacy Modem Driver: System32\Drivers\RootMdm.sys (manual start)

Alocador Remote Procedure Call (RPC): %SystemRoot%\System32\locator.exe (manual start)

Chama de procedimento remoto (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)

QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)

Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver: System32\DRIVERS\RTL8139.SYS (manual start)

Gerenciador de contas de segurança: %SystemRoot%\system32\lsass.exe (autostart)

Cartão inteligente: %SystemRoot%\System32\SCardSvr.exe (manual start)

Agendador de tarefas: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Secdrv: System32\DRIVERS\secdrv.sys (manual start)

Logon secundário: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Notificação de eventos de sistema: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)

Serial port driver: System32\DRIVERS\serial.sys (system)

Firewall do Windows/Compartilhamento de Conexão com a Internet (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Detecção do hardware do shell: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

SiS AGP Filter: System32\DRIVERS\sisagp.sys (system)

Sony USB Filter Driver (SONYPVU1): system32\DRIVERS\SONYPVU1.SYS (manual start)

Speed Disk service: C:\Arquivos de programas\Speed Disk\nopdb.exe (autostart)

Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)

Spooler de impressão: %SystemRoot%\system32\spoolsv.exe (autostart)

Driver de filtro de restauração do sistema: System32\DRIVERS\sr.sys (system)

Serviço de restauração do sistema: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Srv: System32\DRIVERS\srv.sys (manual start)

Serviço de descoberta SSDP: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)

Assistente de aquisição de imagens do Windows (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (manual start)

Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)

Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)

MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{5320AB21-6A9D-454F-832F-A32FBA4C2646} (manual start)

SymEvent: \??\C:\Arquivos de programas\Symantec\SYMEVENT.SYS (manual start)

Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)

Logs e alertas de desempenho: %SystemRoot%\system32\smlogsvc.exe (manual start)

Telefonia: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Driver de protocolo TCP/IP: System32\DRIVERS\tcpip.sys (system)

Microsoft IPv6 Protocol Driver: system32\DRIVERS\tcpip6.sys (system)

Driver de dispositivo de terminal: System32\DRIVERS\termdd.sys (system)

Serviços de terminal: %SystemRoot%\System32\svchost -k DComLaunch (manual start)

Temas: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Telnet: C:\WINDOWS\System32\tlntsvr.exe (disabled)

Cliente de rastreamento de link distribuído: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Microsoft Tun Miniport Adapter Driver: system32\DRIVERS\tunmp.sys (manual start)

Microcode Update Driver: System32\DRIVERS\update.sys (manual start)

Host de dispositivo Plug and Play universal: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)

Sistema de alimentação ininterrupta: %SystemRoot%\System32\ups.exe (manual start)

USB2 Enabled Hub: System32\DRIVERS\usbhub.sys (manual start)

Microsoft USB Open Host Controller Miniport Driver: System32\DRIVERS\usbohci.sys (manual start)

USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)

Controlador de vídeo VGA.: \SystemRoot\System32\drivers\vga.sys (system)

Cópia de volume em memória: %SystemRoot%\System32\vssvc.exe (manual start)

Horário do Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Driver ARP IP de acesso remoto: System32\DRIVERS\wanarp.sys (manual start)

Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)

Cliente da Web: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)

Testador de instrumentação de gerenciam. do Windows: %systemroot%\system32\svchost.exe -k netsvcs (autostart)

Serviço de Número de Série de Mídia Portátil: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Extensões de driver de instrum. gerenc. do Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Adaptador de desempenho WMI: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)

Central de Segurança: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Atualizações automáticas: %systemRoot%\System32\svchost.exe -k netsvcs (autostart)

Configuração zero sem fio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Serviço de Configuração de Rede: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:

*No scripts set to run*

Windows NT checkdisk command:

BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':

PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll

CDBurn: C:\WINDOWS\system32\SHELL32.dll

WebCheck: C:\WINDOWS\System32\webcheck.dll

SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

End of report, 34.888 bytes

Report generated in 0,188 seconds

Command line options:

/verbose - to add additional info on each section

/complete - to include empty sections and unsuspicious data

/full - to include several rarely-important sections

/force9x - to include Win9x-only startups even if running on WinNT

/forcent - to include WinNT-only startups even if running on Win9x

/forceall - to include all Win9x and WinNT startups, regardless of platform

/history - to list version history only

Compartilhar este post


Link para o post
Compartilhar em outros sites

Usei o Clean Desktop e sumiu a mensagem...

Pergunta: Será que realmente eu estava com um spyware? ou era só a tela ou residuo ??? o meu medo é ter sumido a tela e eu continuar infectados ter somente limpado a tela....

Qual e quantos antispy você usa? e antivirus???são gratis???

eu usava o AVG com o microsoft antispyware..só que expirou o antispyware em 31/12 ai que eu peguei o spyware...

Um grande abraço e obrigado pela ajuda amigo...

tchui

Compartilhar este post


Link para o post
Compartilhar em outros sites
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×