|
|
#1
25 de março de 2008, 08:58
| |||
| |||
 Cavalo de Tróia Olá, Eu tenho um problema com um Trojan Horse. Mensagem de aviso é 'C: \ windows \ system32 \ crypt32n.dll Trojan Horse BHO.CVX Eu tenho AVG e executar este arquivo identifica o tom que se move o cofre, mas na re-inicialização é lá novamente. Eu tentei apagar o arquivo do Windows que falhou. Tentei renomeá-lo em janelas (com vista para excluí-la) que falhou. Tentei voltar atrás e voltar a definir o meu PC, mas não posso voltar para lá do início do mês e eu já tinha visto isto antes do Natal. Meu PC parece estar ok, mas ainda estou preocupado que eu tenho um vírus! Há alguma coisa que eu posso fazer? Ajuda muito apreciada atenciosamente Ian A |
|
#2
25. De março de 2008, 10:47
| |||
| |||
Cavalo de Tróia Bem-vindo ao CJ.
__________________  |
|
#3
25. De março de 2008, 14:33
| |||
| |||
| Cavalo de Tróia Oi Evil Fantansy Eu tentei isso no começo do mês aqui está o log. Esperamos isso significa algo para você Meus dedos são atravessados Ta Ian A StartupList relatório, 05/03/2008, 14:49:42 StartupList versão: 1.52.2 Começar a partir de: C: \ Documents and Settings \ Iana \ Desktop \ HijackThis.EXE Detectado: Windows XP SP2 (WinNT 5/01/2600) Detectado: Internet Explorer v7.00 (7.00.6000.16608) * Utilizar opções predefinidas * Incluindo os vazios e desinteressantes seções * Afixação raramente importante seções ==========================================\u0 Executando processos: C: \ WINDOWS \ System32 \ smss.exe C: \ WINDOWS \ system32 \ winlogon.exe C: \ WINDOWS \ system32 \ Services.exe C: \ WINDOWS \ system32 \ lsass.exe C: \ WINDOWS \ system32 \ Ati2evxx.exe C: \ WINDOWS \ system32 \ svchost.exe C: \ WINDOWS \ System32 \ svchost.exe C: \ WINDOWS \ system32 \ brsvc01a.exe C: \ WINDOWS \ system32 \ spoolsv.exe C: \ WINDOWS \ system32 \ brss01a.exe C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7/5 \ guard.exe C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe C: \ Program Files \ TOSHIBA \ ConfigFree \ CFSvcs.exe C: \ WINDOWS \ system32 \ svchost.exe C: \ WINDOWS \ System32 \ svchost.exe C: \ WINDOWS \ system32 \ Ati2evxx.exe C: \ WINDOWS \ Explorer.EXE C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe C: \ Program Files \ Toshiba \ Windows Utilities \ Hotkey.exe C: \ WINDOWS \ system32 \ TPSMain.exe C: \ Program Files \ Synaptics \ SynTP \ Toshiba.exe C: \ Program Files \ TOSHIBA \ ConfigFree \ NDSTray.exe C: \ WINDOWS \ system32 \ TPSBattM.exe C: \ Program Files \ TOSHIBA \ TOSHIBA Zoom Utility \ SmoothView.exe C: \ Program Files \ TOSHIBA \ Touch e Launch \ PadExe.exe C: \ WINDOWS \ System32 \ DLA \ DLACTRLW.EXE C: \ Program Files \ TOSHIBA \ ConfigFree \ CFSServ.exe C: \ Program Files \ Atheros \ ACU.exe C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe C: \ Program Files \ QuickTime \ qttask.exe C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7/5 \ avgas.exe C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe C: \ Program Files \ TOSHIBA \ ConfigFree \ CFXFER.exe C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ jusched.exe C: \ Program Files \ ScanSoft \ OmniPageSE2.0 \ OpwareSE2.exe C: \ Program Files \ TOSHIBA \ TOSCDSPD \ toscdspd.exe C: \ WINDOWS \ system32 \ ctfmon.exe C: \ Program Files \ Messenger \ msmsgs.exe C: \ Program Files \ FinePixViewer \ QuickDCF.exe C: \ Documents and Settings \ Iana \ Desktop \ HijackThis.exe -------------------------------------------------- Listagem de inicialização pastas: Shell pastas Startup: [C: \ Documents and Settings \ Iana \ Menu Iniciar \ Programas \ Inicializar] * Nenhum arquivo * Shell pastas AltStartup: * Folder not found * User shell pastas Startup: * Folder not found * User shell pastas AltStartup: * Folder not found * Shell pastas Startup comum: [C: \ Documents and Settings \ All Users \ Menu Iniciar \ Programas \ Inicializar] Exif Launcher.lnk = C: \ Program Files \ FinePixViewer \ QuickDCF.exe Microsoft Office.lnk = C: \ Arquivos de Programas \ Microsoft Office \ Office \ OSA9.exe Shell pastas Comum AltStartup: * Folder not found * User shell pastas Startup comum: * Folder not found * User shell pastas Comum Inicialização Alternativo: * Folder not found * -------------------------------------------------- Verificando o Windows NT UserInit: [HKLM \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon] UserInit = C: \ WINDOWS \ system32 \ userinit.exe, [HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Win logon] * Tecla Registro não encontrado * [HKCU \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon] * Valor do Registro não encontrado * [HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Win logon] * Tecla Registro não encontrado * -------------------------------------------------- Autorun entradas de registo: HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run SynTPEnh = C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe Toshiba Hotkey Utility = "C: \ Program Files \ Toshiba \ Windows Utilities \ Hotkey.exe" / lang en TPSMain = TPSMain.exe NDSTray.exe = NDSTray.exe SmoothView = C: \ Program Files \ TOSHIBA \ TOSHIBA Zoom Utility \ SmoothView.exe PadTouch = C: \ Program Files \ TOSHIBA \ Touch e Launch \ PadExe.exe DLA = C: \ WINDOWS \ System32 \ DLA \ DLACTRLW.EXE CFSServ.exe = CFSServ.exe-NoClient REGSHAVE = C: \ Program Files \ REGSHAVE \ REGSHAVE.EXE / AUTORUN ACU = "C: \ Program Files \ Atheros \ ACU.exe"-nogui TkBellExe = "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot QuickTime Task = "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime ! AVG Anti-Spyware = "C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7/5 \ avgas.exe" / minimizada AVG7_CC = C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / STARTUP SunJavaUpdateSched = "C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ jusched.exe" Salestart = "C: \ Program Files \ Common Files \ AVSystemCare \ bm.exe" dm = http://avsystemcare.com; ad = http://avsystemcare.com Adobe Reader Speed Launcher = "C: \ Arquivos de Programas \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe" OpwareSE2 = "C: \ Program Files \ ScanSoft \ OmniPageSE2.0 \ OpwareSE2.exe" OPSE lembrete = "C: \ Program Files \ ScanSoft \ OmniPageSE2.0 \ EregEng \ Ereg.exe"-r "C: \ Program Files \ ScanSoft \ OmniPageSE2.0 \ EregEng \ ereg.ini" -------------------------------------------------- Autorun entradas de registo: HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run Depois * Não valores encontrados * -------------------------------------------------- Autorun entradas de registo: HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run OnceEx * Não valores encontrados * -------------------------------------------------- Autorun entradas de registo: HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run Services * Não valores encontrados * -------------------------------------------------- Autorun entradas de registo: HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run ServicesOnce * Não valores encontrados * -------------------------------------------------- Autorun entradas de registo: HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run TOSCDSPD = C: \ Program Files \ TOSHIBA \ TOSCDSPD \ toscdspd.exe ctfmon.exe = C: \ WINDOWS \ system32 \ ctfmon.exe PnPUI Registrator = C: \ Program Files \ Common Files \ Sitecom Shared \ PnP Universal Installer \ PnPUIReg.exe-s MSMSGS = "C: \ Program Files \ Messenger \ msmsgs.exe" / background -------------------------------------------------- Autorun entradas de registo: HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run Depois * Não valores encontrados * -------------------------------------------------- Autorun entradas de registo: HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run OnceEx * Não valores encontrados * -------------------------------------------------- Autorun entradas de registo: HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run Services * Não valores encontrados * -------------------------------------------------- Autorun entradas de registo: HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run ServicesOnce * Não valores encontrados * -------------------------------------------------- Autorun entradas de registo: HKLM \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Run * Tecla Registro não encontrado * -------------------------------------------------- Autorun entradas de registo: HKCU \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Run * Tecla Registro não encontrado * -------------------------------------------------- Autorun entradas em subchaves de registo: HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run [OptionalComponents] = -------------------------------------------------- Autorun entradas em subchaves de registo: HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run Depois [Setup] * Não valores encontrados * -------------------------------------------------- Autorun entradas em subchaves de registo: HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run OnceEx * Não subchaves encontrado * -------------------------------------------------- Autorun entradas em subchaves de registo: HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run Services * Não subchaves encontrado * -------------------------------------------------- Autorun entradas em subchaves de registo: HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run ServicesOnce * Não subchaves encontrado * -------------------------------------------------- Autorun entradas em subchaves de registo: HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run * Não subchaves encontrado * -------------------------------------------------- Autorun entradas em subchaves de registo: HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run Depois [configuração] * Não valores encontrados * -------------------------------------------------- Autorun entradas em subchaves de registo: HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run OnceEx * Não subchaves encontrado * -------------------------------------------------- Autorun entradas em subchaves de registo: HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run Services * Não subchaves encontrado * -------------------------------------------------- Autorun entradas em subchaves de registo: HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run ServicesOnce * Não subchaves encontrado * -------------------------------------------------- Autorun entradas em subchaves de registo: HKLM \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Run * Tecla Registro não encontrado * -------------------------------------------------- Autorun entradas em subchaves de registo: HKCU \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Run * Tecla Registro não encontrado * -------------------------------------------------- Associação de arquivos de entrada. EXE: HKEY_CLASSES_ROOT \ exefile \ shell \ open \ command (Default) = "% 1"% * -------------------------------------------------- Associação de arquivos de entrada. COM: HKEY_CLASSES_ROOT \ comfile \ shell \ open \ command (Default) = "% 1"% * -------------------------------------------------- Associação de arquivos de entrada. MTD: HKEY_CLASSES_ROOT \ batfile \ shell \ open \ command (Default) = "% 1"% * -------------------------------------------------- Associação de arquivos de entrada. PIF: HKEY_CLASSES_ROOT \ piffile \ shell \ open \ command (Default) = "% 1"% * -------------------------------------------------- Associação de arquivos de entrada. SCR: HKEY_CLASSES_ROOT \ scrfile \ shell \ open \ command (Default) = "% 1" / S -------------------------------------------------- Associação de arquivos de entrada. HTA: HKEY_CLASSES_ROOT \ htafile \ shell \ open \ command (Default) = C: \ WINDOWS \ system32 \ Mshta.exe "% 1"% * -------------------------------------------------- Associação de arquivos de entrada. TXT: HKEY_CLASSES_ROOT \ NetLog.Document \ shell \ open \ vírgula nd (Default) = C: \ EPICOM ~ 1/02 \ EPICom2.02 \ EPICOM ~ 1.EXE / DDE -------------------------------------------------- Enumerando Active Setup stub caminhos: HKLM \ Software \ Microsoft \ Active Setup \ Installed Components (* = Desativado por HKCU twin) [<(12d0ed0d-0ee0-4f90-8827-78cefb8f4988)] * StubPath = C: \ WINDOWS \ system32 \ ieudinit.exe [> (22d6f312-b0f6-11d0-94ab-0080c74c7e95)] StubPath = C: \ WINDOWS \ inf \ Unregmp2.exe / ShowWMP [> (26923b43-4d38-484f-9b9e-de460746276c)] * StubPath = C: \ WINDOWS \ system32 \ ie4uinit.exe-UserIconConfig [> (881dd1c5-3dcf-431b-b061-f3f88e8be88a)] * StubPath =% systemroot% \ system32 \ Shmgrate.exe OCInstallUserConfigOE [(2C7339CF-2B09-4501-B3F3-F3508C9228ED)] * StubPath =% SystemRoot% \ system32 \ regsvr32.exe / s / n / i: / UserInstall% SystemRoot% \ system32 \ themeui.dll [(44BBA840-CC51-11CF-AAFA-00AA00B6015C)] * StubPath = "% ProgramFiles% \ Outlook Express \ setup50.exe" / APP: OE / CHAMADORA: WINNT / user / install [(7790769C-0471-11d2-AF11-00C04FA35D02)] * StubPath = "% ProgramFiles% \ Outlook Express \ setup50.exe" / APP: WAB / CHAMADORA: WINNT / user / install [(89820200-ECBD-11cf-8B85-00AA005B4340)] * StubPath = regsvr32.exe / s / n / i: U shell32.dll [(89820200-ECBD-11cf-8B85-00AA005B4383)] * StubPath = C: \ WINDOWS \ system32 \ ie4uinit.exe-BaseSettings -------------------------------------------------- Enumerando ICQ Agent Autostart apps: HKCU \ Software \ mirabilis \ ICQ \ Agent \ Apps * Tecla Registro não encontrado * -------------------------------------------------- Carga / Executar chaves de C: \ WINDOWS \ WIN.INI: load =* INI secção não encontrado * run =* INI secção não encontrado * Carga / chaves Run do registo: HKLM \ .. \ Windows NT \ CurrentVersion \ WinLogon: load =* Registry valor não encontrado * HKLM \ .. \ Windows NT \ CurrentVersion \ WinLogon: run =* Registry valor não encontrado * HKLM \ .. \ Windows \ CurrentVersion \ WinLogon: load =* Registry Key não encontrado * HKLM \ .. \ Windows \ CurrentVersion \ WinLogon: run =* Registry Key não encontrado * HKCU \ .. \ Windows NT \ CurrentVersion \ WinLogon: load =* Registry valor não encontrado * HKCU \ .. \ Windows NT \ CurrentVersion \ WinLogon: run =* Registry valor não encontrado * HKCU \ .. \ Windows \ CurrentVersion \ WinLogon: load =* Registry Key não encontrado * HKCU \ .. \ Windows \ CurrentVersion \ WinLogon: run =* Registry Key não encontrado * HKCU \ .. \ Windows NT \ CurrentVersion \ Windows: load = HKCU \ .. \ Windows NT \ CurrentVersion \ Windows: run =* Registry valor não encontrado * HKLM \ .. \ Windows NT \ CurrentVersion \ Windows: load =* Registry valor não encontrado * HKLM \ .. \ Windows NT \ CurrentVersion \ Windows: run =* Registry valor não encontrado * HKLM \ .. \ Windows NT \ CurrentVersion \ Windows: AppInit_DLLs = -------------------------------------------------- Shell & screensaver tecla de C: \ WINDOWS \ SYSTEM.INI: Shell =* INI secção não encontrado * SCRNSAVE.EXE =* INI secção não encontrado * drivers =* INI secção não encontrado * Shell & screensaver chave de registo: Shell = Explorer.exe SCRNSAVE.EXE = C: \ WINDOWS \ system32 \ Logon.scr drivers =* Registry valor não encontrado * Políticas Shell chave: HKCU \ .. \ Policies: Shell =* Registry valor não encontrado * HKLM \ .. \ Policies: Shell =* Registry valor não encontrado * -------------------------------------------------- Verificando EXPLORER.EXE instances: C: \ WINDOWS \ Explorer.exe: PRESENT! C: \ Explorer.exe: não apresentar C: \ WINDOWS \ Explorer \ Explorer.exe: não apresentar C: \ WINDOWS \ System \ Explorer.exe: não apresentar C: \ WINDOWS \ System32 \ Explorer.exe: não apresentar C: \ WINDOWS \ Command \ Explorer.exe: não apresentar C: \ WINDOWS \ Fonts \ Explorer.exe: não apresentar -------------------------------------------------- Verificado para superhidden extensões: . lnk: HIDDEN! (arrow overlay: yes) . pif: HIDDEN! (arrow overlay: yes) . exe: não oculta . com: não oculta . morcego: não oculta . hta: não oculta . scr: não oculta . shs: HIDDEN! . shb: HIDDEN! . vbs: não oculta . vbe: não oculta . wsh: não oculta . scf: HIDDEN! (arrow overlay: NO!) . url: HIDDEN! (arrow overlay: yes) . js: não oculta . jse: não oculta -------------------------------------------------- Verificando REGEDIT.EXE integridade: - Regedit.exe encontrados em C: \ WINDOWS -. Reg abrir comando é normal (regedit.exe% 1) - Nome da empresa OK: 'Microsoft Corporation' - Original filename OK: 'REGEDIT.EXE " - File description: 'Registry Editor' Secretaria verificar passou -------------------------------------------------- Enumerando Browser Helper Objects: (sem nome) - c: \ windows \ system32 \ athcfg11c.dll (file missing) - (51610169-C280-4F36-84AB-82D92ED1F68B) (sem nome) - C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) (sem nome) - c: \ Arquivos de Programas \ Google \ GoogleToolbar1.dll - (AA58ED58-01DD-4d91-8333-CF10577473F7) (sem nome) - C: \ WINDOWS \ system32 \ crypt32n.dll - (EA389261-1100-451F-8582-815CAB488AE6) -------------------------------------------------- Enumerando Task Scheduler empregos: AppleSoftwareUpdate.job At1.job O Norton Security Scan.job RegCure Programa Check.job RegCure.job -------------------------------------------------- Enumerando Download Program Files: [Microsoft XML Parser para Java] CODEBASE = file: / / / C: / WINDOWS / Java / classes / xmldso.cab OSD = C: \ WINDOWS \ Downloaded Program Files \ Microsoft XML Parser para Java.osd [iPIX ActiveX Control] InProcServer32 = C: \ WINDOWS \ downlo ~ 1 \ ipixx.ocx CODEBASE = http://www.ipix.com/download/ipixx.cab [Shockwave ActiveX Control] InProcServer32 = C: \ WINDOWS \ system32 \ Macromed \ Director \ SwDir.dll CODEBASE = http://fpdownload.macromedia.com/get...irector/sw.cab [MUWebControl Class] InProcServer32 = C: \ WINDOWS \ system32 \ muweb.dll CODEBASE = http://www.update.microsoft.com/micr...?1197453622703 [Java Plug-in 1.6.0_05] InProcServer32 = C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll CODEBASE = http://javadl-esd.sun.com/update/1.6...ws-i586-jc.cab [(8FFBE65D-2C9C-4669-84BD-5829DC0B603C)] CODEBASE = http://fpdownload.macromedia.com/get.../ultrashim.cab [a-squared Scanner] InProcServer32 = C: \ WINDOWS \ downlo ~ 1 \ asquared.ocx CODEBASE = http://ax.emsisoft.com/asquared.cab [Java Plug-in 1.5.0_06] InProcServer32 = C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll CODEBASE = http://java.sun.com/update/1.5.0/jin...ndows-i586.cab [Java Plug-in 1.5.0_11] InProcServer32 = C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll CODEBASE = http://java.sun.com/update/1.5.0/jin...ndows-i586.cab [Java Plug-in 1.6.0_03] InProcServer32 = C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll CODEBASE = http://java.sun.com/update/1.6.0/jin...ndows-i586.cab [Java Plug-in 1.6.0_05] InProcServer32 = C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll CODEBASE = http://java.sun.com/update/1.6.0/jin...ndows-i586.cab [Java Plug-in 1.6.0_05] InProcServer32 = C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ npjpi160_05.dll CODEBASE = http://java.sun.com/update/1.6.0/jin...ndows-i586.cab [Shockwave Flash Object] InProcServer32 = C: \ WINDOWS \ system32 \ Macromed \ Flash \ Flash9e.ocx CODEBASE = http://fpdownload2.macromedia.com/ge...sh/swflash.cab -------------------------------------------------- Enumera os ficheiros Winsock LSP: NameSpace # 1: C: \ WINDOWS \ System32 \ mswsock.dll NameSpace # 2: C: \ WINDOWS \ System32 \ winrnr.dll NameSpace # 3: C: \ WINDOWS \ System32 \ mswsock.dll NameSpace # 4: C: \ WINDOWS \ System32 \ nwprovau.dll Protocolo n º 1: C: \ WINDOWS \ system32 \ mswsock.dll Protocolo n º 2: C: \ WINDOWS \ system32 \ mswsock.dll Protocolo n º 3: C: \ WINDOWS \ system32 \ mswsock.dll Protocolo n º 4: C: \ WINDOWS \ system32 \ rsvpsp.dll Protocolo n º 5: C: \ WINDOWS \ system32 \ rsvpsp.dll Protocolo n º 6: C: \ WINDOWS \ system32 \ mswsock.dll Protocolo n º 7: C: \ WINDOWS \ system32 \ mswsock.dll Protocolo n º 8: C: \ WINDOWS \ system32 \ mswsock.dll Protocolo # 9: C: \ WINDOWS \ system32 \ mswsock.dll Protocolo n º 10: C: \ WINDOWS \ system32 \ mswsock.dll Protocolo # 11: C: \ WINDOWS \ system32 \ mswsock.dll Protocolo # 12: C: \ WINDOWS \ system32 \ mswsock.dll Protocolo # 13: C: \ WINDOWS \ system32 \ mswsock.dll Protocolo n º 14: C: \ WINDOWS \ system32 \ mswsock.dll Protocolo n º 15: C: \ WINDOWS \ system32 \ mswsock.dll Protocolo # 16: C: \ WINDOWS \ system32 \ mswsock.dll Protocolo # 17: C: \ WINDOWS \ system32 \ mswsock.dll Protocolo # 18: C: \ WINDOWS \ system32 \ mswsock.dll Protocolo # 19: C: \ WINDOWS \ system32 \ mswsock.dll Protocolo # 20: C: \ WINDOWS \ system32 \ mswsock.dll Protocolo # 21: C: \ WINDOWS \ system32 \ mswsock.dll Protocolo # 22: C: \ WINDOWS \ system32 \ mswsock.dll Protocolo # 23: C: \ WINDOWS \ system32 \ mswsock.dll Protocolo # 24: C: \ WINDOWS \ system32 \ mswsock.dll -------------------------------------------------- Enumera os serviços Windows NT/2000/XP Microsoft ACPI Driver: system32 \ DRIVERS \ Acpi.sys (sistema) Microsoft Embedded Controller Driver: system32 \ DRIVERS \ ACPIEC.sys (sistema) Atheros Configuration Service: C: \ WINDOWS \ system32 \ acs.exe (automático) Microsoft Kernel Acoustic Echo Canceller: system32 \ drivers \ aec.sys (manual start) AFD: \ SystemRoot \ System32 \ drivers \ Afd.sys (sistema) Alerta:% SystemRoot% \ system32 \ svchost.exe-k LocalService (deficientes) Application Layer Gateway Service:% SystemRoot% \ System32 \ alg.exe (manual start) Application Management:% SystemRoot% \ system32 \ svchost.exe-k netsvcs (manual start) Atheros Wireless Network Adapter Service: system32 \ DRIVERS \ ar5211.sys (manual start) ASP.NET Estado Service:% SystemRoot% \ Microsoft.NET \ Framework \ v1.1.4322 \ asp net_state.exe (manual start) RAS assíncrona Media Driver: system32 \ DRIVERS \ asyncmac.sys (manual start) Standard IDE / ESDI Hard Disk Controller: system32 \ DRIVERS \ atapi.sys (sistema) Ati HotKey Poller:% SystemRoot% \ system32 \ Ati2evxx.exe (automático) ati2mtag: system32 \ DRIVERS \ ati2mtag.sys (manual start) Cliente protocolo ATM ARP: system32 \ DRIVERS \ atmarpc.sys (manual start) Áudio do Windows:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (automático) Audio Stub Driver: system32 \ DRIVERS \ audstub.sys (manual start) AVG Anti-Spyware Driver: \? \ C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7/5 \ guard.sys (sistema) AVG Anti-Spyware Guard: C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7/5 \ guard.exe (automático) AVG7 Alert Manager Server: C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe (automático) AVG7 Kernel: \ SystemRoot \ System32 \ Drivers \ avg7core.sys (sistema) AVG7 Wrap Driver: \ SystemRoot \ System32 \ Drivers \ avg7rsw.sys (sistema) AVG7 Resident Driver XP: \ SystemRoot \ System32 \ Drivers \ avg7rsxp.sys (sistema) AVG7 Update Service: C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe (automático) AVG Anti-Spyware Clean Driver: System32 \ DRIVERS \ AvgAsCln.sys (sistema) AVG7 Clean Driver: \ SystemRoot \ System32 \ Drivers \ avgclean.sys (sistema) Background Intelligent Transfer Service:% SystemRoot% \ system32 \ svchost.exe-k netsvcs (automático) Acesso 32bits INT15 rotina: system32 \ drivers \ BoiHwSetup.sys (manual start) BrSplService: C: \ WINDOWS \ system32 \ brsvc01a.exe (automático) Computer Browser:% SystemRoot% \ system32 \ svchost.exe-k netsvcs (automático) Logical Disk Manager Monitor:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (automático) Conexant AMC 3D Ambiental Audio: system32 \ drivers \ camc6aud.sys (manual start) CAMCHALA: system32 \ drivers \ camc6hal.sys (manual start) CD-ROM Driver: system32 \ DRIVERS \ cdrom.sys (sistema) ConfigFree Service: C: \ Program Files \ TOSHIBA \ ConfigFree \ CFSvcs.exe (automático) Serviço de indexação:% SystemRoot% \ system32 \ cisvc.exe (manual start) ClipBook:% SystemRoot% \ system32 \ clipsrv.exe (deficientes) Microsoft ACPI Control Method Battery Driver: system32 \ DRIVERS \ CmBatt.sys (manual start) Microsoft Composite Battery Driver: system32 \ DRIVERS \ compbatt.sys (sistema) COM + System Application: C: \ WINDOWS \ system32 \ Dllhost.exe / Processid: (02D4B3F1-FD88-11D1-960D-00805FC79235) (manual start) Cryptographic Services:% SystemRoot% \ system32 \ svchost.exe-k netsvcs (automático) Processo de Servidor DCOM Lançador:% SystemRoot% \ system32 \ Svchost-k DcomLaunch (automático) Cliente DHCP:% SystemRoot% \ system32 \ svchost.exe-k netsvcs (automático) Disk Driver: system32 \ DRIVERS \ Disk.sys (sistema) DLABOIOM: System32 \ DLA \ DLABOIOM.SYS (automático) DLACDBHM: System32 \ Drivers \ DLACDBHM.SYS (sistema) DLADResN: System32 \ DLA \ DLADResN.SYS (automático) DLAIFS_M: System32 \ DLA \ DLAIFS_M.SYS (automático) DLAOPIOM: System32 \ DLA \ DLAOPIOM.SYS (automático) DLAPoolM: System32 \ DLA \ DLAPoolM.SYS (automático) DLARTL_N: System32 \ Drivers \ DLARTL_N.SYS (sistema) DLAUDFAM: System32 \ DLA \ DLAUDFAM.SYS (automático) DLAUDF_M: System32 \ DLA \ DLAUDF_M.SYS (automático) Logical Disk Manager Administrative Service:% SystemRoot% \ System32 \ Dmadmin.exe / com.br (manual start) dmboot: System32 \ drivers \ dmboot.sys (deficientes) Logical Disk Manager Driver: System32 \ drivers \ dmio.sys (sistema) dmload: System32 \ drivers \ dmload.sys (sistema) Logical Disk Manager:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (automático) Microsoft Kernel DLS Syntheiszer: system32 \ drivers \ DMusic.sys (manual start) Driver NDIS DNINDIS5 Protocolo: \? \ C: \ PROGRA ~ 1 \ Belkin \ Belkin ~ 1.11G \ DNINDIS5.SYS (manual start) Cliente DNS:% SystemRoot% \ system32 \ svchost.exe-k NetworkService (automático) Microsoft Kernel DRM Audio Descrambler: system32 \ drivers \ drmkaud.sys (manual start) DRVMCDB: System32 \ Drivers \ DRVMCDB.SYS (sistema) DRVNDDM: System32 \ Drivers \ DRVNDDM.SYS (automático) Error Reporting Service:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (automático) Log de eventos:% SystemRoot% \ system32 \ Services.exe (automático) Sistema de Eventos COM +: C: \ WINDOWS \ system32 \ svchost.exe-k netsvcs (manual start) Troca Rápida de Usuário Compatibilidade:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (manual start) FltMgr: system32 \ DRIVERS \ fltMgr.sys (sistema) Volume Manager Driver: system32 \ DRIVERS \ Ftdisk.sys (sistema) Generic Packet classifier: system32 \ DRIVERS \ msgpc.sys (manual start) Driver NDIS GTNDIS5 Protocolo: \? \ C: \ WINDOWS \ system32 \ GTNDIS5.SYS (manual start) Google Updater Service: "C: \ Arquivos de Programas \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe" (manual start) Ajuda e suporte:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (automático) Human Interface Device Access:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (deficientes) Microsoft HID Class Driver: system32 \ DRIVERS \ hidusb.sys (manual start) hlkvythd: system32 \ drivers \ vzrpdamf.dat (sistema) HSFHWATI: system32 \ DRIVERS \ HSFHWATI.sys (manual start) HSF_DPV: system32 \ DRIVERS \ HSF_DPV.sys (manual start) HTTP: System32 \ Drivers \ HTTP.sys (manual start) HTTP SSL:% SystemRoot% \ System32 \ svchost.exe-k HTTPFilter (manual start) i8042 e Teclado PS / 2 Mouse Port Driver: system32 \ DRIVERS \ i8042prt.sys (sistema) InstallDriver Table Manager: "C: \ Program Files \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe" (manual start) CD-Burning Filter Driver: system32 \ DRIVERS \ Imapi.sys (sistema) IMAPI CD-Burning COM Service: C: \ WINDOWS \ system32 \ Imapi.exe (manual start) Processador Intel Driver: system32 \ DRIVERS \ Intelppm.sys (sistema) IPv6 do Firewall do Windows Driver: system32 \ DRIVERS \ Ip6fw.sys (manual start) IP Traffic Filter Driver: system32 \ DRIVERS \ ipfltdrv.sys (manual start) IP in IP Tunnel Driver: system32 \ DRIVERS \ ipinip.sys (manual start) IP Network Address Translator: system32 \ DRIVERS \ Ipnat.sys (manual start) IPSEC driver: system32 \ DRIVERS \ Ipsec.sys (sistema) IR Enumerator Service: system32 \ DRIVERS \ irenum.sys (manual start) PnP ISA / EISA Bus Driver: system32 \ DRIVERS \ Isapnp.sys (sistema) IVI ASPI Shell: system32 \ drivers \ iviaspi.sys (manual start) Keyboard Class Driver: system32 \ DRIVERS \ Kbdclass.sys (sistema) Microsoft Kernel Wave Audio Mixer: system32 \ drivers \ Kmixer.sys (manual start) Servidor:% SystemRoot% \ system32 \ svchost.exe-k netsvcs (automático) Workstation:% SystemRoot% \ system32 \ svchost.exe-k netsvcs (automático) TCP / IP NetBIOS Helper:% SystemRoot% \ system32 \ svchost.exe-k LocalService (automático) mdmxsdk: system32 \ DRIVERS \ mdmxsdk.sys (automático) Mensageiro:% SystemRoot% \ system32 \ svchost.exe-k netsvcs (deficientes) NetMeeting Remote Desktop Sharing: C: \ WINDOWS \ system32 \ mnmsrvc.exe (manual start) Mouse Class Driver: system32 \ DRIVERS \ mouclass.sys (sistema) Mouse HID Driver: system32 \ DRIVERS \ mouhid.sys (manual start) WebDav Client Redirector: system32 \ DRIVERS \ mrxdav.sys (manual start) MRXSmb: system32 \ DRIVERS \ Mrxsmb.sys (sistema) Distributed Transaction Coordinator: C: \ WINDOWS \ system32 \ msdtc.exe (manual start) Windows Installer: C: \ WINDOWS \ system32 \ msiexec.exe / V (manual start) Microsoft Streaming Service Proxy: system32 \ drivers \ MSKSSRV.sys (manual start) Microsoft Streaming Clock Proxy: system32 \ drivers \ MSPCLOCK.sys (manual start) Microsoft Streaming Quality Manager Proxy: system32 \ drivers \ MSPQM.sys (manual start) Microsoft System Management BIOS Driver: system32 \ DRIVERS \ mssmbios.sys (manual start) Remote Access NDIS TAPI Driver: system32 \ DRIVERS \ ndistapi.sys (manual start) UserMode NDIS I / O protocolo: system32 \ DRIVERS \ Ndisuio.sys (manual start) Remote Access NDIS WAN Driver: system32 \ DRIVERS \ Ndiswan.sys (manual start) Interface NetBIOS: system32 \ DRIVERS \ netbios.sys (sistema) NetBIOS sobre Tcpip: system32 \ DRIVERS \ Netbt.sys (sistema) DDE de rede:% SystemRoot% \ system32 \ netdde.exe (deficientes) Rede DDE DSDM:% SystemRoot% \ system32 \ netdde.exe (deficientes) TOSHIBA Network Device UserMode I / O protocolo: system32 \ DRIVERS \ netdevio.sys (automático) Net Logon:% SystemRoot% \ system32 \ lsass.exe (automático) Conexões de Rede:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (manual start) Rede Local Awareness (NLA):% SystemRoot% \ system32 \ svchost.exe-k netsvcs (manual start) NT LM Security Support Provider:% SystemRoot% \ system32 \ lsass.exe (manual start) Armazenamento removível:% SystemRoot% \ system32 \ svchost.exe-k netsvcs (manual start) Client Service for NetWare:% SystemRoot% \ system32 \ svchost.exe-k netsvcs (automático) IPX Traffic Filter Driver: system32 \ DRIVERS \ nwlnkflt.sys (manual start) IPX Traffic Forwarder Driver: system32 \ DRIVERS \ nwlnkfwd.sys (manual start) NWLink IPX / SPX / NetBIOS Compatible Transport Protocol: system32 \ DRIVERS \ Nwlnkipx.sys (automático) NWLink NetBIOS: system32 \ DRIVERS \ nwlnknb.sys (automático) NWLink SPX / SPXII Protocolo: system32 \ DRIVERS \ nwlnkspx.sys (automático) NetWare Rdr: system32 \ DRIVERS \ nwrdr.sys (manual start) Office Source Engine: "C: \ Program Files \ Common Files \ Microsoft Shared \ Source Engine \ Ose.exe" (manual start) PCI Bus Driver: system32 \ DRIVERS \ pci.sys (system) PCIIde: system32 \ DRIVERS \ pciide.sys (sistema) Pcmcia: system32 \ DRIVERS \ Pcmcia.sys (sistema) Padus ASPI Shell: system32 \ drivers \ pfc.sys (manual start) Plug and Play:% SystemRoot% \ system32 \ Services.exe (automático) Serviços IPSEC:% SystemRoot% \ system32 \ lsass.exe (automático) WAN Miniport (PPTP): system32 \ DRIVERS \ Raspptp.sys (manual start) Armazenamento protegido:% SystemRoot% \ system32 \ lsass.exe (automático) Agendador de pacotes QoS: system32 \ DRIVERS \ psched.sys (manual start) Paralelo Link direto Driver: system32 \ DRIVERS \ ptilink.sys (manual start) PxHelp20: System32 \ Drivers \ PxHelp20.sys (sistema) Quanta HotKey Keyboard Filter Driver: system32 \ drivers \ qkbfiltr.sys (manual start) Quanta HotKey Mouse Filter Driver: system32 \ drivers \ qmofiltr.sys (manual start) Remote Access Auto Connection Driver: system32 \ DRIVERS \ rasacd.sys (sistema) Remote Access Auto Connection Manager:% SystemRoot% \ system32 \ svchost.exe-k netsvcs (manual start) WAN Miniport (L2TP): system32 \ DRIVERS \ rasl2tp.sys (manual start) Remote Access Connection Manager:% SystemRoot% \ system32 \ svchost.exe-k netsvcs (manual start) Acesso remoto PPPOE Driver: system32 \ DRIVERS \ raspppoe.sys (manual start) Paralelo direto: system32 \ DRIVERS \ raspti.sys (manual start) Rdbss: system32 \ DRIVERS \ Rdbss.sys (sistema) RDPCDD: System32 \ DRIVERS \ RDPCDD.sys (sistema) Terminal Server Device Redirector Driver: system32 \ DRIVERS \ rdpdr.sys (manual start) Remote Desktop Help Session Manager: C: \ WINDOWS \ system32 \ Sessmgr.exe (manual start) CD Digital Audio Playback Filter Driver: system32 \ DRIVERS \ Redbook.sys (sistema) Roteamento e acesso remoto:% SystemRoot% \ system32 \ svchost.exe-k netsvcs (deficientes) Registro remoto:% SystemRoot% \ system32 \ svchost.exe-k LocalService (automático) Chamada de procedimento remoto (RPC) Localizador:% SystemRoot% \ System32 \ Locator.exe (manual start) Chamada de procedimento remoto (RPC):% SystemRoot% \ system32 \ Svchost-k rpcss (automático) QoS RSVP:% SystemRoot% \ system32 \ Rsvp.exe (manual start) Belkin Wireless RT2500 Driver: system32 \ DRIVERS \ RT61.sys (manual start) Realtek 10/100/1000 NIC Família em todos um NDIS XP Driver: system32 \ DRIVERS \ Rtlnicxp.sys (manual start) Realtek RTL8139 (A / B / C)-based PCI Fast Ethernet Adapter NT Driver: system32 \ DRIVERS \ RTL8139.SYS (manual start) Gerenciador de contas de segurança:% SystemRoot% \ system32 \ lsass.exe (automático) Smart Card:% SystemRoot% \ System32 \ SCardSvr.exe (manual start) Agendador de tarefas:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (automático) Secdrv: system32 \ DRIVERS \ secdrv.sys (manual start) Secondary Logon:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (automático) Notificação de eventos do sistema:% SystemRoot% \ system32 \ svchost.exe-k netsvcs (automático) Sitecom Serial port driver: system32 \ DRIVERS \ ser2pl.sys (manual start) Serenum Filter Driver: system32 \ DRIVERS \ serenum.sys (manual start) Alta Capacidade de disquete: system32 \ DRIVERS \ sfloppy.sys (manual start) Firewall do Windows / Partilha de ligação à Internet (ICS):% SystemRoot% \ system32 \ svchost.exe-k netsvcs (automático) Shell Hardware Detection:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (automático) Microsoft Kernel Audio Splitter: system32 \ drivers \ Splitter.sys (manual start) Print Spooler:% SystemRoot% \ system32 \ spoolsv.exe (automático) System Restore Filter Driver: system32 \ DRIVERS \ sr.sys (sistema) System Restore Service:% SystemRoot% \ system32 \ svchost.exe-k netsvcs (automático) Srv: system32 \ Drivers \ Srv.sys (manual start) SSDP Discovery Service:% SystemRoot% \ system32 \ svchost.exe-k LocalService (manual start) Still Serial Digital Camera Driver: system32 \ DRIVERS \ serscan.sys (manual start) Windows Image Acquisition (WIA):% SystemRoot% \ system32 \ svchost.exe-k imgsvc (automático) Software Bus Driver: system32 \ DRIVERS \ swenum.sys (manual start) Microsoft Kernel GS Wavetable Synthesizer: system32 \ drivers \ swmidi.sys (manual start) MS Software Shadow Copy Provider: C: \ WINDOWS \ system32 \ Dllhost.exe / Processid: (6C222AAE-7AD3-43BE-AC4B-02239FF8DEC6) (manual start) Synaptics Touchpad Driver: system32 \ DRIVERS \ SynTP.sys (manual start) Microsoft Kernel System Audio Device: system32 \ drivers \ Sysaudio.sys (manual start) Logs e alertas de desempenho:% SystemRoot% \ system32 \ Smlogsvc.exe (manual start) Telefonia:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (manual start) O protocolo TCP / IP Driver: system32 \ DRIVERS \ tcpip.sys (system) Terminal Device Driver: system32 \ DRIVERS \ termdd.sys (sistema) Serviços de terminal:% SystemRoot% \ System32 \ Svchost-k DComLaunch (manual start) Temas:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (automático) Telnet: C: \ WINDOWS \ system32 \ tlntsvr.exe (deficientes) tmcomm: \? \ C: \ WINDOWS \ system32 \ drivers \ tmcomm.sys (automático) Distributed Link Tracking Cliente:% SystemRoot% \ system32 \ svchost.exe-k netsvcs (automático) Microcode Update Driver: system32 \ DRIVERS \ update.sys (manual start) Universal Plug and Play Device Host:% SystemRoot% \ system32 \ svchost.exe-k LocalService (manual start) Uninterruptible Power Supply:% SystemRoot% \ System32 \ Ups.exe (manual start) Microsoft USB Generic Parent Driver: system32 \ DRIVERS \ Usbccgp.sys (manual start) Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32 \ DRIVERS \ Usbehci.sys (manual start) USB2 Enabled Hub: system32 \ DRIVERS \ usbhub.sys (manual start) Microsoft USB Open Host Controller Miniport Driver: system32 \ DRIVERS \ Usbohci.sys (manual start) Microsoft USB PRINTER Class: system32 \ DRIVERS \ Usbprint.sys (manual start) USB Scanner Driver: system32 \ DRIVERS \ usbscan.sys (manual start) USB Mass Storage Driver: system32 \ DRIVERS \ USBSTOR.SYS (manual start) Linksys Wireless-G USB Network Adapter com SpeedBooster Driver v2: system32 \ DRIVERS \ usb8023.sys (manual start) VgaSave: \ SystemRoot \ System32 \ drivers \ Vga.sys (sistema) Volume Shadow Copy:% SystemRoot% \ System32 \ Vssvc.exe (manual start) A Hora do Windows:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (automático) Acesso Remoto IP ARP Driver: system32 \ DRIVERS \ wanarp.sys (manual start) Windows CE USB Serial Host Driver: system32 \ DRIVERS \ wceusbsh.sys (manual start) Microsoft WINMM WDM Audio Compatibility Driver: system32 \ drivers \ Wdmaud.sys (manual start) WebClient:% SystemRoot% \ system32 \ svchost.exe-k LocalService (automático) winachsf: system32 \ DRIVERS \ HSF_CNXT.sys (manual start) Instrumentação de Gerenciamento do Windows:% systemroot% \ system32 \ svchost.exe-k netsvcs (automático) Portable Media Serial Number Service:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (manual start) Windows Management Instrumentation Driver Extensions:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (manual start) Adaptador de desempenho WMI: C: \ WINDOWS \ system32 \ wbem \ wmiapsrv.exe (manual start) Windows Media Player Network Sharing Service: "C: \ Arquivos de Programas \ Windows Media Player \ WMPNetwk.exe" (manual start) Windows Socket 2,0 Não-IFS Support Service Provider Ambiente: \ SystemRoot \ System32 \ drivers \ ws2ifsl.sys (deficientes) Centro de Segurança:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (automático) Atualizações Automáticas:% systemroot% \ system32 \ svchost.exe-k netsvcs (automático) Windows Driver Foundation - User-mode Driver Framework Platform Driver: system32 \ DRIVERS \ Wudfpf.sys (manual start) Windows Driver Foundation - User-mode Driver Framework Reflector: system32 \ DRIVERS \ wudfrd.sys (manual start) Windows Driver Foundation - User-mode Driver Framework:% SystemRoot% \ system32 \ svchost.exe-k WudfServiceGroup (manual start) Configuração zero sem fio:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (automático) Network Provisioning Service:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (manual start) -------------------------------------------------- Enumerando Windows NT logon / logoff scripts: * Não definido para executar scripts * Windows NT checkdisk comando: BootExecute = autocheck autochk * Windows NT 'Wininit.ini': PendingFileRenameOperations: * valor do Registro não encontrado * -------------------------------------------------- Enumerando ShellServiceObjectDelayLoad itens: PostBootReminder: C: \ WINDOWS \ system32 \ shell32.dll CDBurn: C: \ WINDOWS \ system32 \ shell32.dll WebCheck: C: \ WINDOWS \ system32 \ Webcheck.dll Systray: C: \ WINDOWS \ system32 \ stobject.dll UPnPMonitor: C: \ WINDOWS \ system32 \ upnpui.dll WPDShServiceObj: C: \ WINDOWS \ system32 \ WPDShServiceObj.dll -------------------------------------------------- Autorun entradas de registo: HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ pol icies \ Explorer \ Run * Não valores encontrados * -------------------------------------------------- Autorun entradas de registo: HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ pol icies \ Explorer \ Run * Não valores encontrados * -------------------------------------------------- Fim do relatório, 38242 bytes Relatório gerada em 0,266 segundo Opções da linha de comandos: / verbose - para acrescentar mais informações sobre cada secção / completa - a inclusão de secções vazias e sem malícia dados / pleno - a inclusão de vários pontos importantes raramente - / force9x - a inclusão de Win9x-iniciantes só mesmo se estiver executando em WinNT / forcent - WinNT, de incluir apenas iniciantes, mesmo rodando em Win9x / forceall - a inclusão de todos os Win9x e WinNT iniciantes, independentemente da plataforma / história - a lista versão história só |
|
#4
25 de março de 2008, 14:47
| |||
| |||
| Cavalo de Tróia Thats uma lista de inicialização HJT que é útil, mas eu preciso de o principal exame. Abrir e selecione o HJT Faça um sistema de digitalizar e salvar um arquivo de log botão. Post que a log por favor.
__________________ |
|
#5
27 de março de 2008, 12:47
| |||
| |||
| Cavalo de Tróia Oi, Desculpe se me parecem lentos em responder, mas eu estou tendo dificuldade em salvar a varredura! Fui a correr HJT 'Faça um sistema de digitalizar e salvar um arquivo de log, mas quando se tenta abrir um arquivo de log ele falhar. A única maneira de eu poder ver de fornecer esta informação é, se eu salvar uma cópia do ecrã, mas a postagem que ele será um grande arquivo que você acha que esta é uma boa idéia ou há alguma outra coisa que posso tentar? Atenciosamente Ian A |
|
#6
27 de março de 2008, 12:58
| |||
| |||
| Cavalo de Tróia Experimente esta vez e post os logs a partir dele. Baixar Deckard's System Scanner (DSS) para o seu Desktop. Nota: Você deve estar autenticado para uma conta com privilégios de administrador.
O que vai fazer DSS:
__________________ |
|
#7
28 de março de 2008, 14:41
| |||
| |||
| Cavalo de Tróia Oi Eu acho que deve ser! Tenho tentado ir para o link quente Deckards scanner, mas eu não posso encontrar o dss.exe. Deckards pede-me a registar-se para um outro site um fórum semelhante ao que já estou em Explicar Ian |
|
#8
28 mar 2008, 14:46
| |||
| |||
| Cavalo de Tróia Use este link. http://www.techsupportforum.com/sect...eckard/dss.exe
__________________ |
|
#9
7. De abril de 2008, 00:56
| |||
| |||
| Cavalo de Tróia Olá, Desculpe se algum dia uma vez que fui para trás, mas eu fui longe Eu já consegui fazer o exame e aqui estão os resultados System Restore ------------------------------------------------ -------------- Criado com sucesso um Deckard's System Scanner Restore Point. - Últimos 5 Restaurar Ponto (s) -- 49: 2008-04-07 07:50:49 UTC - RP160 - Deckard's System Scanner Restore Point 48: 2008-04-07 06:07:59 UTC - RP159 - Sistema Checkpoint 47: 2008-04-01 17:50:42 UTC - RP158 - Sistema Checkpoint 46: 2008-03-28 20:48:03 UTC - RP157 - Installed SUPERAntiSpyware Free Edition 45: 2008-03-28 19:02:25 UTC - RP156 - Sistema Checkpoint - Primeiro Restore Point -- 1: 2008-01-04 07:54:54 UTC - RP112 - Sistema Checkpoint Backup de registro colmeias. Realizada em Limpeza de Disco. Percentagem de Memória em uso: 76% (mais de 75%). Memória física total: 447 MiB (512 MiB recommended). - HijackThis (run como iana.exe) ---------------------------------------- -------- Logfile da Trend Micro HijackThis v2.0.2 Scan guardado em 08:52:30, em 07/04/2008 Plataforma: Windows XP SP2 (WinNT 5/01/2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Executando processos: C: \ WINDOWS \ System32 \ smss.exe C: \ WINDOWS \ system32 \ winlogon.exe C: \ WINDOWS \ system32 \ Services.exe C: \ WINDOWS \ system32 \ lsass.exe C: \ WINDOWS \ system32 \ Ati2evxx.exe C: \ WINDOWS \ system32 \ svchost.exe C: \ WINDOWS \ System32 \ svchost.exe C: \ WINDOWS \ system32 \ brsvc01a.exe C: \ WINDOWS \ system32 \ spoolsv.exe C: \ WINDOWS \ system32 \ brss01a.exe C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7/5 \ guard.exe C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe C: \ Program Files \ TOSHIBA \ ConfigFree \ CFSvcs.exe C: \ WINDOWS \ system32 \ svchost.exe C: \ WINDOWS \ System32 \ svchost.exe C: \ WINDOWS \ system32 \ Ati2evxx.exe C: \ WINDOWS \ Explorer.EXE C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe C: \ Program Files \ Toshiba \ Windows Utilities \ Hotkey.exe C: \ WINDOWS \ system32 \ TPSMain.exe C: \ Program Files \ Synaptics \ SynTP \ Toshiba.exe C: \ Program Files \ TOSHIBA \ ConfigFree \ NDSTray.exe C: \ Program Files \ TOSHIBA \ TOSHIBA Zoom Utility \ SmoothView.exe C: \ Program Files \ TOSHIBA \ Touch e Launch \ PadExe.exe C: \ WINDOWS \ System32 \ DLA \ DLACTRLW.EXE C: \ Program Files \ TOSHIBA \ ConfigFree \ CFSServ.exe C: \ Program Files \ Atheros \ ACU.exe C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe C: \ Program Files \ QuickTime \ qttask.exe C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7/5 \ avgas.exe C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ jusched.exe C: \ Program Files \ ScanSoft \ OmniPageSE2.0 \ OpwareSE2.exe C: \ Program Files \ TOSHIBA \ TOSCDSPD \ toscdspd.exe C: \ WINDOWS \ system32 \ ctfmon.exe C: \ Program Files \ Messenger \ msmsgs.exe C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe C: \ WINDOWS \ system32 \ TPSBattM.exe C: \ Program Files \ FinePixViewer \ QuickDCF.exe C: \ Program Files \ TOSHIBA \ ConfigFree \ CFXFER.exe C: \ Arquivos de Programas \ Internet Explorer \ iexplore.exe C: \ Arquivos de Programas \ Adobe \ Acrobat 6.0 \ Reader \ AcroRd32.exe C: \ WINDOWS \ system32 \ WISPTIS.EXE C: \ Documents and Settings \ Iana \ Configurações locais \ Temporary Internet Files \ Content.IE5 \ EL9EICW6 \ dss [1]. Exe C: \ PROGRA ~ 1 \ TRENDM ~ 1 \ hijack ~ 1 \ iana.exe R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.google.co.uk/ R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, SearchAssistant = R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, CustomizeSearch = R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyServer = flotechsvr: 8080 O2 - BHO: AcroIEHlprObj Class - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Arquivos de Programas \ Adobe \ Acrobat 6.0 \ Reader \ ActiveX \ AcroIEHelper.dll O2 - BHO: (no name) - (51610169-C280-4F36-84AB-82D92ED1F68B) - c: \ windows \ system32 \ athcfg11c.dll (arquivo ausente) O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - c: \ Arquivos de Programas \ Google \ GoogleToolbar1.dll O2 - BHO: (no name) - (EA389261-1100-451F-8582-815CAB488AE6) - C: \ WINDOWS \ system32 \ crypt32n.dll O3 - Toolbar: & Google - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - c: \ Arquivos de Programas \ Google \ GoogleToolbar1.dll O4 - HKLM \ .. \ Run: [SynTPEnh] C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe O4 - HKLM \ .. \ Run: [Toshiba Hotkey Utility] "C: \ Program Files \ Toshiba \ Windows Utilities \ Hotkey.exe" / lang en O4 - HKLM \ .. \ Run: [TPSMain] TPSMain.exe O4 - HKLM \ .. \ Run: [NDSTray.exe] NDSTray.exe O4 - HKLM \ .. \ Run: [SmoothView] C: \ Program Files \ TOSHIBA \ TOSHIBA Zoom Utility \ SmoothView.exe O4 - HKLM \ .. \ Run: [PadTouch] C: \ Program Files \ TOSHIBA \ Touch e Launch \ PadExe.exe O4 - HKLM \ .. \ Run: [DLA] C: \ WINDOWS \ System32 \ DLA \ DLACTRLW.EXE O4 - HKLM \ .. \ Run: [CFSServ.exe] CFSServ.exe-NoClient O4 - HKLM \ .. \ Run: [REGSHAVE] C: \ Program Files \ REGSHAVE \ REGSHAVE.EXE / AUTORUN O4 - HKLM \ .. \ Run: [ACU] "C: \ Program Files \ Atheros \ ACU.exe"-nogui O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime O4 - HKLM \ .. \ Run: [! AVG Anti-Spyware] "C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7/5 \ avgas.exe" / minimizada O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / STARTUP O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ jusched.exe" O4 - HKLM \ .. \ Run: [OpwareSE2] "C: \ Program Files \ ScanSoft \ OmniPageSE2.0 \ OpwareSE2.exe" O4 - HKLM \ .. \ Run: [OPSE reminder] "C: \ Program Files \ ScanSoft \ OmniPageSE2.0 \ EregEng \ Ereg.exe"-r "C: \ Program Files \ ScanSoft \ OmniPageSE2.0 \ EregEng \ ereg . ini " O4 - HKCU \ .. \ Run: [TOSCDSPD] C: \ Program Files \ TOSHIBA \ TOSCDSPD \ toscdspd.exe O4 - HKCU \ .. \ Run: [ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe O4 - HKCU \ .. \ Run: [PnPUI Registrator] C: \ Program Files \ Common Files \ Sitecom Shared \ PnP Universal Installer \ PnPUIReg.exe-s O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Program Files \ Messenger \ msmsgs.exe" / background O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'LOCAL SERVICE') O4 - HKUS \ S-1-5-20 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'NETWORK SERVICE') O4 - HKUS \ S-1-5-18 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'SYSTEM') O4 - HKUS \. DEFAULT \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'Default user') O4 - Global Startup: Exif Launcher.lnk = C: \ Program Files \ FinePixViewer \ QuickDCF.exe O4 - Global Startup: Microsoft Office.lnk = C: \ Arquivos de Programas \ Microsoft Office \ Office \ OSA9.exe O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ MI05E6 ~ 1 \ OFFICE11 \ REFIEBAR.DLL O9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe O10 - Unknown file em Winsock LSP: c: \ windows \ system32 \ nwprovau.dll O14 - IERESET.INF: START_PAGE_URL = http://companyweb O16 - DPF: (11260943-421B-11D0-8EAC-0000C07D88CF) (iPIX ActiveX Control) -- http://www.ipix.com/download/ipixx.cab O16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl Class) -- http://www.update.microsoft.com/micr...?1197453622703 O16 - DPF: (8AD9C840-044E-11D1-B3E9-00805F499D93) (Java Runtime Environment 1.6.0) -- http://javadl-esd.sun.com/update/1.6...ws-i586-jc.cab O16 - DPF: (BB21F850-63F4-4EC9-BF9D-565BD30C9AE9) (a-squared Scanner) -- http://ax.emsisoft.com/asquared.cab O16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab O17 - HKLM \ System \ CCS \ Services \ Tcpip \ Parameters: Domain = flotech.local O17 - HKLM \ Software \ .. \ Telephony: DomainName = flotech.local O17 - HKLM \ System \ CCS \ Services \ Tcpip \ .. \ (3C838800-1126-48EC-8092-81CB4BD5BA88): NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM \ System \ CS1 \ Services \ Tcpip \ Parameters: Domain = flotech.local O17 - HKLM \ System \ CS1 \ Services \ Tcpip \ Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM \ System \ CS1 \ Services \ Tcpip \ .. \ (3C838800-1126-48EC-8092-81CB4BD5BA88): NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM \ System \ CS3 \ Services \ Tcpip \ Parameters: Domain = flotech.local O17 - HKLM \ System \ CS3 \ Services \ Tcpip \ Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM \ System \ CS3 \ Services \ Tcpip \ .. \ (3C838800-1126-48EC-8092-81CB4BD5BA88): NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM \ System \ CCS \ Services \ Tcpip \ Parameters: NameServer = 208.67.220.220,208.67.222.222 O20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll O20 - Winlogon Notify: detcdzqc - athcfg11c.dll (arquivo ausente) O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C: \ WINDOWS \ system32 \ acs.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C: \ WINDOWS \ system32 \ Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - Grisoft sro - C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7/5 \ guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C: \ WINDOWS \ system32 \ brsvc01a.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C: \ Program Files \ TOSHIBA \ ConfigFree \ CFSvcs.exe O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe -- Fim do processo - 9862 bytes - Fixed HijackThis Entradas (C: \ PROGRA ~ 1 \ TRENDM ~ 1 \ hijack ~ 1 \ backups \) ----------- backup-20071217-070814-188 O4 - HKLM \ .. \ Run: [\ \ WKS-216 \ EPSON Stylus C46 Series] C: \ WINDOWS \ system32 \ spool \ DRIVERS \ W32X86 \ 3 \ E_S4I0T 1.EXE / P33 "\ \ WKS-216 \ EPSON Stylus C46 Series "/ O6" USB002 "/ M" Stylus C46 " backup-20071217-071110-763 O16 - DPF: (935F9B04-0C7B-4454-A391-348C54AD7ADD) (Jolly Bear Games Player) -- http://games.bigfishgames.com/en_big...GamePlayer.cab backup-20071219-071455-100 O20 - Winlogon Notify: detcdzqc - C: \ WINDOWS \ SYSTEM32 \ athcfg11c.dll backup-20071219-071455-320 O4 - Global Startup: EPSON Status Monitor 3 Environment Check (3). lnk = C: \ WINDOWS \ system32 \ spool \ drivers \ w32x86 \ 3 \ E_SRCV0 3.EXE backup-20071219-071455-780 O2 - BHO: (no name) - (EA389261-1100-451F-8582-815CAB488AE6) - C: \ WINDOWS \ system32 \ crypt32n.dll backup-20080327-194111-931 O2 - BHO: (no name) - (51610169-C280-4F36-84AB-82D92ED1F68B) - c: \ windows \ system32 \ athcfg11c.dll (arquivo ausente) backup-20080327-194139-797 O2 - BHO: (no name) - (EA389261-1100-451F-8582-815CAB488AE6) - C: \ WINDOWS \ system32 \ crypt32n.dll backup-20080327-194247-663 O2 - BHO: (no name) - (EA389261-1100-451F-8582-815CAB488AE6) - C: \ WINDOWS \ system32 \ crypt32n.dll - Arquivo Associações ---------------------------------------------- ------------- . txt - NetLog.Document - DefaultIcon - C: \ EPICOM ~ 1/02 \ EPICom2.02 \ EPICOM ~ 1.EXE, 8 . txt - NetLog.Document - shell \ open \ command - C: \ EPICOM ~ 1/02 \ EPICom2.02 \ EPICOM ~ 1.EXE / DDE - Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 hlkvythd - c: \ windows \ system32 \ drivers \ vzrpdamf.dat R1 SASDIFSV - C: \ Program Files \ SUPERAntiSpyware \ sasdifsv.sys R1 SASKUTIL - C: \ Program Files \ SUPERAntiSpyware \ saskutil.sys R2 MASPINT - c: \ windows \ system32 \ drivers \ maspint.sys <Not Verified; MicroStaff Co.,Ltd.; Aspi32 Driver para WinNT> R2 mdmxsdk - c: \ windows \ system32 \ drivers \ mdmxsdk.sys <Not Verified; Conexant; diagnóstico Interface> R2 Netdevio (TOSHIBA Network Device UserMode I / O Protocolo) - c: \ windows \ system32 \ drivers \ netdevio.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Network Device UserMode I/O protocol> R3 AR5211 (Atheros Wireless Network Adapter Service) - c: \ windows \ system32 \ drivers \ ar5211.sys <Not Verified; Atheros Communications, Inc.; Atheros AR5001 Wireless Network Adapter> R3 BoiHwsetup (Acesso 32bits rotina INT15) - c: \ windows \ system32 \ drivers \ boihwsetup.sys <Not Verified; Quanta Computer Corp; Toshiba HwSetup driver> R3 CAMCAUD (Conexant AMC 3D Ambiental Audio) - c: \ windows \ system32 \ drivers \ camc6aud.sys <Not Verified; Conexant Systems Inc.; Conexant Audio driver> R3 CAMCHALA - c: \ windows \ system32 \ drivers \ camc6hal.sys <Not Verified; Conexant Systems Inc.; Conexant AmcHal driver> R3 HSF_DPV - c: \ windows \ system32 \ drivers \ hsf_dpv.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem driver> R3 HSFHWATI - c: \ windows \ system32 \ drivers \ hsfhwati.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem driver> R3 Iviaspi (IVI ASPI Shell) - c: \ windows \ system32 \ drivers \ iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell> R3 pfc (padus ASPI Shell) - c: \ windows \ system32 \ drivers \ pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell> R3 qkbfiltr (Quanta HotKey Keyboard Filter Driver) - c: \ windows \ system32 \ drivers \ qkbfiltr.sys <Not Verified; Quanta Computer, Inc.; Quanta HotKey Keyboard Filter driver> R3 qmofiltr (Quanta HotKey Mouse Filter Driver) - c: \ windows \ system32 \ drivers \ qmofiltr.sys <Not Verified; Quanta Computer, Inc.; Quanta Mouse Filtro Dispositivo driver> R3 SASENUM - C: \ Program Files \ SUPERAntiSpyware \ sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware> R3 winachsf - c: \ windows \ system32 \ drivers \ hsf_cnxt.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem driver> S3 DNINDIS5 (DNINDIS5 NDIS Protocolo Driver) - c: \ progra ~ 1 \ Belkin \ Belkin ~ 1.11g \ dnindis5.sys (arquivo ausente) S3 GTNDIS5 (GTNDIS5 NDIS Protocolo Driver) - c: \ windows \ system32 \ gtndis5.sys (arquivo ausente) S3 RT61 (RT2500 Belkin Wireless Driver) - c: \ windows \ system32 \ drivers \ rt61.sys (arquivo ausente) S3 Ser2pl (Sitecom Serial port driver) - c: \ windows \ system32 \ drivers \ ser2pl.sys <Not Verified; Prolific Technology Inc.; Prolific USB-to-Serial Ponte Cable> S3 wceusbsh (Windows CE USB Serial Host Driver) - c: \ windows \ system32 \ drivers \ wceusbsh.sys <Not Verified; Microsoft Windows CE Corporation; USB Serial Host driver> - Serviços: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 CFSvcs (ConfigFree Service) - C: \ Program Files \ Toshiba \ configfree \ cfsvcs.exe <Not Verified; TOSHIBA CORPORATION; ConfigFree(TM)> S2 ACS (Atheros Configuration Service) - c: \ windows \ system32 \ acs.exe - Device Manager: Disabled -------------------------------------------- -------- Não deficientes dispositivos encontrados. - Tarefas agendadas ---------------------------------------------- --------------- 2008-04-07 06:48:40 436 - a ------ C: \ WINDOWS \ Tasks \ RegCure Program Check.job 2008-04-04 12:33:04 438 - a ------ C: \ WINDOWS \ Tasks \ At1.job 2008-03-15 17:25:00 284 - a ------ C: \ WINDOWS \ Tasks \ AppleSoftwareUpdate.job 2008-01-31 16:37:13 370 - a ------ C: \ WINDOWS \ Tasks \ RegCure.job - Arquivos criados entre 2008/03/07 e 2008/04/07 ----------------------------- 2008-03-28 21:48:16 0 d -------- C: \ Documents and Settings \ All Users \ Application Data \ SUPERAntiSpyware.com 2008-03-28 21:48:05 0 d -------- C: \ Program Files \ SUPERAntiSpyware 2008-03-28 21:48:05 0 d -------- C: \ Documents and Settings \ Iana \ Application Data \ SUPERAntiSpyware.com 2008-03-28 21:47:28 0 d -------- C: \ Program Files \ Common Files \ Wise Installation Wizard - Relatório Find3M ---------------------------------------------- ----------------- 2008-04-07 06:51:23 0 d -------- C: \ Documents and Settings \ Iana \ Application Data \ AVG7 2008-04-04 16:30:58 0 d -------- C: \ Program Files \ Hansa52Client 2008-04-04 15:41:49 0 d -------- C: \ Documents and Settings \ Iana \ Application Data \ AdobeUM 2008-03-28 21:47:28 0 d -------- C: \ Arquivos de Programas \ Arquivos Comuns 2008-03-25 10:03:27 0 d -------- C: \ Program Files \ Common Files \ Adobe 2008-03-25 09:31:28 0 d -------- C: \ Program Files \ Common Files \ Symantec Shared 2008-03-05 15:04:08 0 d -------- C: \ Program Files \ Canon 2008-03-05 11:57:28 0 d -------- C: \ Program Files \ Java 2008-02-25 09:26:29 0 d -------- C: \ Documents and Settings \ Iana \ Application Data \ ScanSoft 2008-02-25 09:26:26 0 d -------- C: \ Program Files \ Common Files \ ScanSoft Shared 2008-02-25 09:25:40 0 d -------- C: \ Program Files \ ScanSoft 2008-02-25 08:32:09 0 d -------- C: \ Program Files \ Google 2008-02-21 18:33:48 0 d -------- C: \ Program Files \ MumbleJumble 2008-02-21 18:10:04 0 d -------- C: \ Program Files \ Mahjong Deluxe 2008-02-21 12:06:28 0 d -------- C: \ Program Files \ RogueRemover GRÁTIS 2008-02-21 12:04:40 0 d -------- C: \ Program Files \ As Muralhas de Jericó 2008-02-21 12:04:31 0 d -------- C: \ Program Files \ HP Creative Idea CD 2008-02-21 12:04:11 0 d -------- C: \ Program Files \ XviD 2008-02-21 12:03:54 0 d -------- C: \ Program Files \ RegCure 2008-02-21 12:02:55 0 d -------- C: \ Program Files \ Remoção Man 2008-02-21 12:02:55 0 d -------- C: \ Program Files \ Polarkubes 2008-02-21 12:01:40 0 d -------- C: \ Program Files \ PopCap Games 2008-02-18 19:38:17 16 - a ------ C: \ WINDOWS \ popcinfot.dat 2008-02-18 19:19:59 0 - a ------ C: \ WINDOWS \ popcreg.dat 2008-02-11 17:53:24 0 d -------- C: \ Program Files \ IDIGICON Limited 2008-01-21 18:36:58 1024 - a ------ C: \ WINDOWS \ jericho_game_ra.dat - Registro Dump ---------------------------------------------- ----------------- * Nota * entradas vazias & legit entradas padrão não são mostrados [HKEY_LOCAL_MACHINE \ ~ \ Browser Helper Objects \ (51610169-C280-4F36-84AB-82D92ED1F68B)] [HKEY_LOCAL_MACHINE \ ~ \ Browser Helper Objects \ (EA389261-1100-451F-8582-815CAB488AE6)] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "SynTPEnh" = "C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe" [17/12/2005 00:32] "Toshiba Hotkey Utility" = "C: \ Program Files \ Toshiba \ Windows Utilities \ Hotkey.exe" [28/01/2006 05:13] "TPSMain" = "TPSMain.exe" [08/02/2006 16:02 C: \ WINDOWS \ system32 \ TPSMain.exe] "NDSTray.exe" = "NDSTray.exe" [] "SmoothView" = "C: \ Program Files \ TOSHIBA \ TOSHIBA Zoom Utility \ SmoothView.exe" [12/05/2005 11:31] "PadTouch" = "C: \ Program Files \ TOSHIBA \ Touch e Launch \ PadExe.exe" [21/12/2005 14:52] "DLA" = "C: \ WINDOWS \ System32 \ DLA \ DLACTRLW.EXE" [06/10/2005 06:20] "CFSServ.exe" = "CFSServ.exe" [] "REGSHAVE" = "C: \ Program Files \ REGSHAVE \ REGSHAVE.exe" [04/02/2002 23:32] "ACU" = "C: \ Program Files \ Atheros \ ACU.exe" [11/07/2005 16:04] "TkBellExe" = "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe" [04/03/2007 17:39] "QuickTime Task" = "C: \ Program Files \ QuickTime \ qttask.exe" [01/09/2006 16:57] "! AVG Anti-Spyware" = "C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7/5 \ avgas.exe" [11/06/2007 10:25] "AVG7_CC" = "C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe" [02/01/2008 12:20] "SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ jusched.exe" [22/02/2008 05:25] "OpwareSE2" = "C: \ Program Files \ ScanSoft \ OmniPageSE2.0 \ OpwareSE2.exe" [08/05/2003 12:00] "OPSE lembrete" = "C: \ Program Files \ ScanSoft \ OmniPageSE2.0 \ EregEng \ Ereg.exe" [07/07/2003 10:29] "RegistryMechanic" = "" [] [HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ actuais ntVersion \ Run] "TOSCDSPD" = "C: \ Program Files \ TOSHIBA \ TOSCDSPD \ toscdspd.exe" [11/04/2005 12:26] "ctfmon.exe" = "C: \ WINDOWS \ system32 \ ctfmon.exe" [04/08/2004 14:00] "PnPUI Registrator" = "C: \ Program Files \ Common Files \ Sitecom Shared \ PnP Universal Installer \ PnPUIReg.exe" [22/11/2004 21:04] "MSMSGS" = "C: \ Program Files \ Messenger \ msmsgs.exe" [13/10/2004 17:24] "SUPERAntiSpyware" = "C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe" [27/02/2007 12:39] C: \ Documents and Settings \ All Users \ Menu Iniciar \ Programas \ Startup \ Exif Launcher.lnk - C: \ Program Files \ FinePixViewer \ QuickDCF.exe [09/01/2002 22:53:14] Microsoft Office.lnk - C: \ Arquivos de Programas \ Microsoft Office \ Office \ OSA9.exe [21/01/2000 09:15:54] [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ actuais ntversion \ policies \ system] "DisableRegistryTools" = 0 (0x0) [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entversion \ policies \ Explorer] "NoWelcomeScreen" = 1 (0x1) [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ ShellExecuteHooks] "(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL [20/12/2006 13:55 77.824] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ notificar \! SASWinLogon] C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll 27/02/2007 12:39 282624 C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ notificar \ detcdzqc] athcfg11c.dll [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ contro l \ lsa] "Authentication Packages" = MSV1_0 nwprovau HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Svchost - NetSvcs buznlwxw [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ actuais ntversion \ explorer \ mountpoints2 \ (a2fd87dd-a192-11dc-b600-0016e375ed46)] AutoRun \ command-E: \ LaunchU3.exe - Fim do Deckard's System Scanner: terminado em 2008/04/07 08:53:08 ------------ Esperança tudo isto faz sentido para você Atenciosamente Iana |
