Virus Alert!

Vasco January 31, 2009 at 13:16:51
Specs: Windows XP
help me...I did what you asked... I have the same problem with the Virus alert..need help

StartupList report, 31-01-2009, 21:10:44
StartupList version: 1.52.2
Started from : C:\Documents and Settings\Administrador\Ambiente de trabalho\HiJackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Programas\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Programas\Mozilla Firefox\firefox.exe
C:\Programas\Microsoft Office\Office12\WINWORD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrador\Ambiente de trabalho\HiJackThis.exe

---------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Arranque]
*No files*

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Menu Iniciar\Programas\Arranque]
*No files*

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

---------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

---------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

---------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

---------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

---------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

---------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

---------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

*No values found*

---------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

---------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

---------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

---------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

---------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

---------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

---------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
=

---------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

---------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

---------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

---------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

---------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

---------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

---------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

---------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

---------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

---------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

---------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

---------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

---------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

---------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

---------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

---------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

---------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*

---------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

---------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

---------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

---------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

---------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

---------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

---------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

---------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Editor de registo'

Registry check passed

---------------------

Enumerating Browser Helper Objects:

*No BHO's found*

---------------------

Enumerating Task Scheduler jobs:

1-Click Maintenance.job

---------------------

Enumerating Download Program Files:

[Checkers Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\msgrchkr.dll
CODEBASE = http://messenger.zone.msn.com/binar...

[YInstStarter Class]
InProcServer32 = C:\PROGRA~1\Yahoo!\Common\yinsthelper.dll
CODEBASE = C:\Programas\Yahoo!\Common\yinsthelper.dll

[WUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\wuweb.dll
CODEBASE = http://www.update.microsoft.com/win...

[MUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\muweb.dll
CODEBASE = http://www.update.microsoft.com/mic...

[{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}]
CODEBASE = http://fpdownload.macromedia.com/ge...

[MSN Games - Installer]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\ZIntro.ocx
CODEBASE = http://messenger.zone.msn.com/binar...

[MessengerStatsClient Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll
CODEBASE = http://messenger.zone.msn.com/binar...

[Minesweeper Flags Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MineSweeper.dll
CODEBASE = http://messenger.zone.msn.com/binar...

[GoPetsWeb Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\GOPETS~1.OCX
CODEBASE = https://secure.gopetslive.com/dev/GoPetsWeb.cab

---------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\mswsock.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\rsvpsp.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll

---------------------

Enumerating Windows NT/2000/XP services

Controlador ACPI da Microsoft: system32\DRIVERS\ACPI.sys (system)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD: \SystemRoot\System32\drivers\afd.sys (system)
Alerta: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)
Serviço de gateway de camada de aplicação: %SystemRoot%\System32\alg.exe (manual start)
Gestão de aplicações: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Controlador de média assíncrono de RAS: system32\DRIVERS\asyncmac.sys (manual start)
Controlador de disco rígido IDE/ESDI padrão: system32\DRIVERS\atapi.sys (system)
ATM - protocolo para cliente ARP: system32\DRIVERS\atmarpc.sys (manual start)
Áudio do Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Controladores de stub de áudio: system32\DRIVERS\audstub.sys (manual start)
Serviço de transferência inteligente em fundo: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Browser de computador: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Descodificador de captura fechada: system32\DRIVERS\CCDECODE.sys (manual start)
Controlador de CD-ROM: system32\DRIVERS\cdrom.sys (system)
Serviço de indexação
: %SystemRoot%\system32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
C-Media High Definition Audio Interface: system32\drivers\cmudax.sys (manual start)
Aplicação de sistema COM+: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Serviços criptográficos: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
DCOM - Lançador de processo de servidor: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
Cliente DHCP: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Controlador de disco: system32\DRIVERS\disk.sys (system)
Serviço administrativo de gestão de discos lógicos: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
Controlador do gestor de disco lógico: System32\drivers\dmio.sys (system)
dmload: System32\drivers\dmload.sys (system)
Gestor de discos lógicos: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft - sintetizador Kernel DSL: system32\drivers\DMusic.sys (manual start)
Cliente DNS: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
Microsoft Kernel DRM Descrambler Filter: system32\drivers\drmkaud.sys (manual start)
EAMON: system32\DRIVERS\eamon.sys (autostart)
easdrv: system32\DRIVERS\easdrv.sys (system)
Eset HTTP Server: "C:\Programas\ESET\ESET NOD32 Antivirus\EHttpSrv.exe" (manual start)
Eset Service: "C:\Programas\ESET\ESET NOD32 Antivirus\ekrn.exe" (autostart)
epfwtdir: system32\DRIVERS\epfwtdir.sys (system)
Serviço de relato de erros: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Registo de eventos: %SystemRoot%\system32\services.exe (autostart)
Sistema de eventos do COM+: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start)
Compatibilidade de 'Mudança rápida de utilizador': %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Controlador de disquete: system32\DRIVERS\fdc.sys (manual start)
Controlador de unidades de disquetes: system32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\DRIVERS\fltMgr.sys (system)
Controlador do gestor de volume: system32\DRIVERS\ftdisk.sys (system)
Classificador de pacotes genérico: system32\DRIVERS\msgpc.sys (manual start)
Controlador de Função de UAA da Microsoft para o Serviço de High Definition Audio: system32\drivers\HdAudio.sys (manual start)
Controlador de Barramento UAA da Microsoft para High Definition Audio: system32\DRIVERS\HDAudBus.sys (manual start)
Ajuda e suporte: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Acesso a dispositivos de interface humana: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
HTTP: System32\Drivers\HTTP.sys (manual start)
SSL de HTTP: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
Teclado i8042 e controlador de porta de rato PS/2: system32\DRIVERS\i8042prt.sys (system)
Controlador de filtro de gravação de CD: system32\DRIVERS\imapi.sys (system)
Serviço COM de gravação de CD de IMAPI: C:\WINDOWS\system32\imapi.exe (manual start)
IntelIde: system32\DRIVERS\intelide.sys (system)
Controlador de processador Intel: system32\DRIVERS\intelppm.sys (system)
Controlador de IPv6 do Firewall do Windows: system32\DRIVERS\Ip6Fw.sys (manual start)
Controlador de filtração de tráfego IP: system32\DRIVERS\ipfltdrv.sys (manual start)
Controlador de túnel IP-em-IP: system32\DRIVERS\ipinip.sys (manual start)
Tradutor de endereços de rede IP: system32\DRIVERS\ipnat.sys (manual start)
Controlador IPSEC: system32\DRIVERS\ipsec.sys (system)
Protocolo IrDA: system32\DRIVERS\irda.sys (autostart)
Serviço enumerador IR: system32\DRIVERS\irenum.sys (manual start)
Monitor de infravermelhos: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Controlador de infravermelhos série da Microsoft: system32\DRIVERS\irsir.sys (manual start)
Controlador de barramento PnP ISA/EISA: system32\DRIVERS\isapnp.sys (system)
Controlador de classe de teclado: system32\DRIVERS\kbdclass.sys (system)
Microsoft - misturador de áudio Kernel Wave: system32\drivers\kmixer.sys (manual start)
Servidor: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Estação de trabalho: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Programa auxiliar TCP/IP NetBIOS: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Logitech USB Monitor Filter: system32\drivers\lvusbsta.sys (manual start)
Mensageiro: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
Microsoft Office Groove Audit Service: "C:\Programas\Microsoft Office\Office12\GrooveAuditService.exe" (manual start)
Partilha remota do ambiente de trabalho do NetMeeting: C:\WINDOWS\system32\mnmsrvc.exe (manual start)
Controlador de classe de rato: system32\DRIVERS\mouclass.sys (system)
Redireccionador de cliente WebDav: system32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: system32\DRIVERS\mrxsmb.sys (system)
DTC (Coordenador de transacções distribuídas): C:\WINDOWS\system32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
Proxy da Microsoft para serviços de fluxo: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Proxy da Microsoft para gestão de qualidade de fluxo: system32\drivers\MSPQM.sys (manual start)
Controlador BIOS Microsoft System Management: system32\DRIVERS\mssmbios.sys (manual start)
Conversor da Microsoft para fluxos Tee/Sink-to-Sink: system32\drivers\MSTEE.sys (manual start)
NABTS/FEC VBI Codec: system32\DRIVERS\NABTSFEC.sys (manual start)
NBService: C:\Programas\Nero\Nero 7\Nero BackItUp\NBService.exe (manual start)
Ligação de TV/Vídeo Microsoft: system32\DRIVERS\NdisIP.sys (manual start)
Controlador TAPI NDIS de acesso remoto: system32\DRIVERS\ndistapi.sys (manual start)
Protocolo E/S de modo de utilizador NDIS: system32\DRIVERS\ndisuio.sys (manual start)
Controlador WAN NDIS de acesso remoto: system32\DRIVERS\ndiswan.sys (manual start)
Interface de NetBIOS: system32\DRIVERS\netbios.sys (system)
NetBios através de Tcpip: system32\DRIVERS\netbt.sys (system)
Rede DDE: %SystemRoot%\system32\netdde.exe (disabled)
Rede DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Início de sessão de rede: %SystemRoot%\system32\lsass.exe (manual start)
Ligações de rede: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Identificação da localização na rede (NLA): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
NMIndexingService: "C:\Programas\Ficheiros comuns\Ahead\Lib\NMIndexingService.exe" (manual start)
Eset Nod32 Boot: C:\WINDOWS\system32\regedt32.exe /s C:\WINDOWS\nod32fixtemdono.reg (autostart)
NT LM Security Support Provider: %SystemRoot%\system32\lsass.exe (manual start)
Armazenamento amovível: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
nv: system32\DRIVERS\nv4_mini.sys (manual start)
NVIDIA Display Driver Service: %SystemRoot%\system32\nvsvc32.exe (autostart)
Controlador de filtração de tráfego IPX: system32\DRIVERS\nwlnkflt.sys (manual start)
Controlador de reencaminhamento de tráfego IPX: system32\DRIVERS\nwlnkfwd.sys (manual start)
Microsoft Office Diagnostics Service: "C:\Programas\Ficheiros comuns\Microsoft Shared\OFFICE12\ODSERV.EXE" (manual start)
Office Source Engine: "C:\Programas\Ficheiros comuns\Microsoft Shared\Source Engine\OSE.EXE" (manual start)
Controlador de porta paralela: system32\DRIVERS\parport.sys (manual start)
Controlador de barramento PCI: system32\DRIVERS\pci.sys (system)
PCIIde: system32\DRIVERS\pciide.sys (system)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
Serviços IPSEC: %SystemRoot%\system32\lsass.exe (manual start)
WAN Miniport (PPTP): system32\DRIVERS\raspptp.sys (manual start)
Armazenamento protegido: %SystemRoot%\system32\lsass.exe (autostart)
Agendador de pacotes QoS: system32\DRIVERS\psched.sys (manual start)
Controlador de ligações directas por porta paralela: system32\DRIVERS\ptilink.sys (manual start)
Logitech QuickCam Communicate: system32\DRIVERS\LVCM.sys (manual start)
Controlador de ligação automática de acesso remoto: system32\DRIVERS\rasacd.sys (system)
Gestor de ligação automática de acesso remoto: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Miniport WAN (IrDA): system32\DRIVERS\rasirda.sys (manual start)
WAN Miniport (L2TP): system32\DRIVERS\rasl2tp.sys (manual start)
Gestor de ligação de acesso remoto: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Controlador de acesso remoto PPPOE: system32\DRIVERS\raspppoe.sys (manual start)
Paralelo directo: system32\DRIVERS\raspti.sys (manual start)
Rdbss: system32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Controlador de redireccionador de dispositivo de servidor de terminais: system32\DRIVERS\rdpdr.sys (manual start)
Gestor de sessões de ajuda do 'Ambiente de trabalho remoto': C:\WINDOWS\system32\sessmgr.exe (manual start)
Controlador de filtro de reprodução de áudio digital de CD: system32\DRIVERS\redbook.sys (system)
Encaminhamento e acesso remoto: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
Registo remoto: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)
Localizador RPC (Remote Procedure Call): %SystemRoot%\system32\locator.exe (manual start)
Chamada de procedimento remoto (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\system32\rsvp.exe (manual start)
Gestor de contas de segurança: %SystemRoot%\system32\lsass.exe (autostart)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Programador de tarefas: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: system32\DRIVERS\secdrv.sys (manual start)
Início de sessão secundário: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Notificação de evento de sistema: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Controlador de filtro Serenum: system32\DRIVERS\serenum.sys (manual start)
Controlador de porta série: system32\DRIVERS\serial.sys (system)
Firewall do Windows/Partilha de ligação à Internet (ICS): %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Detecção de hadrware da shell: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
BDA Slip De-Framer: system32\DRIVERS\SLIP.sys (manual start)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Spooler de impressão: %SystemRoot%\system32\spoolsv.exe (autostart)
Controlador do filtro de restauro do sistema: system32\DRIVERS\sr.sys (system)
Serviço de 'Restauro do sistema': %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Srv: system32\DRIVERS\srv.sys (manual start)
Serviço de identificação SSDP: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (autostart)
BDA IPSink: system32\DRIVERS\StreamIP.sys (manual start)
Controlador de barramento por software: system32\DRIVERS\swenum.sys (manual start)
Microsoft - sintetizador Kernel GS Wavetable: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{665144E6-0E32-4B2F-A035-EC255CE4B3F8} (manual start)
Microsoft - dispositivo de áudio do kernel do sistema: system32\drivers\sysaudio.sys (manual start)
Alertas e registos de desempenho: %SystemRoot%\system32\smlogsvc.exe (manual start)
Dispositivos telefónicos: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Controlador do protocolo TCP/IP: system32\DRIVERS\tcpip.sys (system)
Controlador de dispositivo de terminal: system32\DRIVERS\termdd.sys (system)
Serviços de terminal: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Temas: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Telnet: C:\WINDOWS\system32\tlntsvr.exe (disabled)
Cliente de Distributed Link Tracking: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
TuneUp Drive Defrag Service: %SystemRoot%\System32\TuneUpDefragService.exe (manual start)
TuneUp Program Statistics Service: %SystemRoot%\System32\TUProgSt.exe (autostart)
Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart)
Controlador de actualização microcódigo: system32\DRIVERS\update.sys (manual start)
Anfitrião de dispositivos Universal Plug and Play: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
Fonte de alimentação ininterrupta: %SystemRoot%\System32\ups.exe (manual start)
Controlador de áudio USB (WDM): system32\drivers\usbaudio.sys (manual start)
Microsoft USB Generic Parent Driver: system32\DRIVERS\usbccgp.sys (manual start)
Microsoft USB 2.0 - controlador Miniport de anfitrião melhorado: system32\DRIVERS\usbehci.sys (manual start)
Concentrador activado por USB2: system32\DRIVERS\usbhub.sys (manual start)
Controlador de armazenamento de massa USB: system32\DRIVERS\USBSTOR.SYS (manual start)
Controlador miniport do controlador Microsoft USB universal: system32\DRIVERS\usbuhci.sys (manual start)
Serviço de Compartilhamento de Pastas Messenger do USN Journal Reader: "C:\Programas\Windows Live\Messenger\usnsvc.exe" (disabled)
TuneUp Theme Extension: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
VgaSave: \SystemRoot\System32\drivers\vga.sys (system)
viamraid: system32\DRIVERS\viamraid.sys (system)
Cópia sombra de volume: %SystemRoot%\System32\vssvc.exe (manual start)
Hora do Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Controlador ARP IP de acesso remoto: system32\DRIVERS\wanarp.sys (manual start)
Microsoft - controlador de compatibilidade áudio WINMM WDM: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
WMI (Instrumento de gestão do Windows): %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Windows Live Setup Service: "C:\Programas\Windows Live\installer\WLSetupSvc.exe" (manual start)
Serviço do número de série de leitores de multimédia portáteis: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Extens. contr. da Windows Management Instrumentation: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Adaptador de desempenho WMI: C:\WINDOWS\system32\wbem\wmiapsrv.exe (manual start)
Centro de segurança: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
World Standard Teletext Codec: system32\DRIVERS\WSTCODEC.SYS (manual start)
Actualizações automáticas: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Configuração zero sem fios: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Serviço de fornecimento de rede: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller: system32\DRIVERS\yk51x86.sys (manual start)


---------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

---------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll

---------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

---------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

---------------------

End of report, 33.286 bytes
Report generated in 0,141 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


See More: Virus Alert!

Report •


#1
January 31, 2009 at 14:19:31
You did what WHO asked in regard to WHAT? Hijack This logs are not permitted to be posted on this site unless they are requested. Your post may be deleted.

"So won’t you give this man his wings
What a shame
To have to beg you to see
We’re not all the same
What a shame" - Shinedown


Report •
Related Solutions


Ask Question