Logo Hardware.com.br
luciano veneziano
luciano vene... Novo Membro Registrado
5 Mensagens 0 Curtidas

Vírus na rede toda

#1 Por luciano vene... 02/05/2010 - 22:43
Boa srs.

Tenho uma rede hibrida, windows xp e vista (30 maquinas).

Um servidor de aplicação e banco de dados 1 é win 2000 SP4 e 1 Win 2003 SP2.

Estava desde 2009 sem atualizar o antivirus. Estou administrando esta rede há dois meses, sendo assim tenho instalado nestes servidores o kaspersky mais atual.

Após instalação do antivirus, começaram a "pipocar" os vírus.

Nem o atualizacao do windows funciona mais.

Pessoal, por favor, preciso muito de ajuda.

O Katspersky pegou os seguintes virus:

* backdoor.win32.poison.hvm
* adware.win32.admoke.cbt
* virus type_win32
* multipacked.multi.generic

Já deixei rolando a noite toda o boot scan da kaspersky mas os virus voltaram a aparecer.

Segue abaixo o resumo do meu hijack:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:19:41, on 02/05/2010
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP2 (6.00.3790.3959)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
F:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Servers MP4\avp.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Firebird\Firebird_2_0\bin\fb_inet_server.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\tssdis.exe
F:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Servers MP4\avp.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
F:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe
F:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Servers MP4\avp.exe
C:\WINDOWS\system32\ctfmon.exe
f:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
F:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe
F:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Servers MP4\avp.exe
C:\WINDOWS\explorer.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
F:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe
F:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe
F:\Arquivos de programas\LogMeIn\x86\RaMaint.exe
C:\Documents and Settings\Acesys\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://iesetup.dll/hardAdmin.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = ftp://ftp.aceweb.com.br/
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - f:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "F:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [AVP] "F:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Servers MP4\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cdoosoft] C:\DOCUME~1\Acesys\CONFIG~1\Temp\1\herss.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] f:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - f:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - f:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O15 - ESC Trusted Zone: http://pop.acesys.com.br
O15 - ESC Trusted Zone: http://www.acesys.com.br
O15 - ESC Trusted Zone: http://get.adobe.com
O15 - ESC Trusted Zone: http://www.adobe.com
O15 - ESC Trusted Zone: http://wwwimages.adobe.com
O15 - ESC Trusted Zone: http://rmd.atdmt.com
O15 - ESC Trusted Zone: http://view.atdmt.com
O15 - ESC Trusted Zone: http://www.avast.com
O15 - ESC Trusted Zone: http://www.bing.com
O15 - ESC Trusted Zone: http://www.bpsolutions.com.br
O15 - ESC Trusted Zone: http://www.cis.com.br
O15 - ESC Trusted Zone: http://support.dell.com
O15 - ESC Trusted Zone: http://www.dlink.com.tw
O15 - ESC Trusted Zone: http://www.docx-converter.com
O15 - ESC Trusted Zone: http://fls.doubleclick.net
O15 - ESC Trusted Zone: http://www.downloadatoz.com
O15 - ESC Trusted Zone: http://w13.easy-share.com
O15 - ESC Trusted Zone: http://w14.easy-share.com
O15 - ESC Trusted Zone: http://www.easy-share.com
O15 - ESC Trusted Zone: http://www.firebird-conference.com
O15 - ESC Trusted Zone: http://www.golddiamondinfo.com.br
O15 - ESC Trusted Zone: http://www.google-analytics.com
O15 - ESC Trusted Zone: http://images.google.com.br
O15 - ESC Trusted Zone: http://maps.google.com.br
O15 - ESC Trusted Zone: http://translate.google.com.br
O15 - ESC Trusted Zone: http://www.google.com.br
O15 - ESC Trusted Zone: http://ajax.googleapis.com
O15 - ESC Trusted Zone: http://www-gm-opensocial.googleusercontent.com
O15 - ESC Trusted Zone: http://pop.grupohidromar.com.br
O15 - ESC Trusted Zone: http://webmail.grupohidromar.com.br
O15 - ESC Trusted Zone: http://www.grupohidromar.com.br
O15 - ESC Trusted Zone: http://*.grupohidromar.com.br
O15 - ESC Trusted Zone: http://www.hidromar.com.br
O15 - ESC Trusted Zone: http://h20000.www2.hp.com
O15 - ESC Trusted Zone: http://www.hxph.com.br
O15 - ESC Trusted Zone: http://www.ieaddons.com
O15 - ESC Trusted Zone: http://searchportal.information.com
O15 - ESC Trusted Zone: http://brazil.kaspersky.com
O15 - ESC Trusted Zone: http://www.kaspersky.com.br
O15 - ESC Trusted Zone: http://locamail.locaweb.com.br
O15 - ESC Trusted Zone: http://painel.locaweb.com.br
O15 - ESC Trusted Zone: http://www.locaweb.com.br
O15 - ESC Trusted Zone: http://www.megaupload.com
O15 - ESC Trusted Zone: http://rad.msn.com
O15 - ESC Trusted Zone: http://runonce.msn.com
O15 - ESC Trusted Zone: http://www.online.com.br
O15 - ESC Trusted Zone: http://www.onlinebrasil.com.br
O15 - ESC Trusted Zone: http://rs99.rapidshare.com
O15 - ESC Trusted Zone: http://www.scopus.com.br
O15 - ESC Trusted Zone: http://www.soft32.com
O15 - ESC Trusted Zone: http://www.tj.sp.gov.br
O15 - ESC Trusted Zone: http://br.sun.com
O15 - ESC Trusted Zone: http://www.superdownload.us
O15 - ESC Trusted Zone: http://searchg.symantec.com
O15 - ESC Trusted Zone: http://www.symantec.com
O15 - ESC Trusted Zone: http://shell.windows.com
O15 - ESC Trusted Zone: http://www.ziggi.com.br
O15 - ESC Trusted Zone: http://*.windowsupdate.com (HKLM)
O15 - ESC Trusted IP range: http://192.168.0.80
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell.com/systemprofiler/SysProExe.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1252691346015
O16 - DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} (DellSystemLite.Scanner) - http://support.dell.com/systemprofiler/DellSystemLite.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{EEDE9EB8-27D2-42CF-B7EE-4502A93F2D21}: NameServer = 200.204.0.10,200.204.0.138,189.38.95.96,72.233.55.28
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - F:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Servers MP4\avp.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Arquivos de programas\Firebird\Firebird_2_0\bin\fb_inet_server.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - F:\Arquivos de programas\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - F:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe
--
End of file - 10678 bytes


Grato desde já.
windows xp boa rede servidor win srs virus hibrida
Espírita
Espírita Cyber Highlander Registrado
9.6K Mensagens 2.1K Curtidas
#2 Por Espírita
02/05/2010 - 23:39
o Pc relativo ao log acima...Isole ele da Rede..

Faça o download do Malwarebytes:
http://majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

Instale o aplicativo, atualiza-o e efetue uma verificação completa.
Quando terminar o scan., se algum "malware" foi detectado., clique em (Exibir resultado), e depois clique em (remover selecionados).
Abrirá um Relatório automatico, Copia e cole aqui.
As infecções serão enviadas para quarentena., e alguns tipos poderão exigir a reinicialização do sistema.
igoreso
igoreso Super Participante Registrado
704 Mensagens 22 Curtidas
#3 Por igoreso
03/05/2010 - 00:25
Para completar:
Faça o download do TZ-Kill e salve no desktop.
http://www.4shared.com/file/178210310/9141f48e/TZ-Kill_202.html
Reinicie o PC e clique insistentemente F8 (F5 em alguns pcs) até aparecer a tela negra do DOS, escolha a opção Modo seguro e prossiga até sistema iniciar.

- Descompacte o conteúdo da ferramenta para o desktop;
- Execute o arquivo TZ-Kill 2.0.2.exe.
- Abrirá o painel abaixo. Clique no botão Ejecutar e aguarde. É bem rápido.
imagemts8.jpg
- No final aparecerá a mensagem abaixo. Clique em OK para concluir com a ferramenta.
imagembv5.jpg
- Reinicie o computador.

Etapa 2
Plug pen drives, modens 3g etc.. no PC
*Baixe o USBFix e salve-o no desktop.
http://chiquitine.changelog.fr/UsbFix.exe
*Desative temporariamente seu antivírus
*Espete o Pendrive no PC
*Duplo clique em UsbFix
*Tecle P > [ENTER]
*Tecle 1 > [ENTER] e aguarde o término
*Remova o Pendrive
*Cole o relatório criado em C:\UsbFix.txt
observe.pngNão respondo duvidas por MP, e-mail e msn! Use o fórum!

Lord Enigm@
Lord Enigm@ Zerinho Registrado
5K Mensagens 642 Curtidas
#5 Por Lord Enigm@
03/05/2010 - 05:44
Todo o procedimento de desinfecção deverá "necessariamente" ser executado com a rede em down e em todas as máquinas concomitantemente.

Uma empresa desse porte, com esse parque, deverá ter suas diretrizes de segurança da informação redesenhadas e reaplicadas para evitar ou ao menos amenizar o impacto na recidiva.
...

"Se eu ví mais longe, é por estar de pé sobre ombros de gigantes"



.

..:

luciano veneziano
luciano vene... Novo Membro Registrado
5 Mensagens 0 Curtidas
#6 Por luciano vene...
03/05/2010 - 09:04
Muito obrigado pessoal, vou executar o procedimento ainda hoje, após o horário comercial.

Ah, como meu servidor de aplicação e BD estava travado ontem, não foi possível enviar o log do hijack do mesmo. Envio agora abaixo ok? Por favor, se puderem analisar agradeço muito.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 09:01:13, on 3/5/2010
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\termsrv.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\Arquivos de programas\Panda Software\AVNT\PavSrv50.exe
C:\Arquivos de programas\Panda Software\AVNT\AVENGINE.EXE
C:\WINNT\system32\spoolsv.exe
F:\Arquivos de programas\Panda Software\Panda Administrator 3\AdminServer\AdminServer.exe
C:\WINNT\System32\svchost.exe
C:\Arquivos de programas\FIBS 2.0.2\fibs202.exe
C:\Arquivos de programas\Firebird\Firebird_2_0\bin\fb_inet_server.exe
C:\Arquivos de programas\GbPlugin\GbpSv.exe
C:\WINNT\system32\hidserv.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\WINNT\System32\llssrv.exe
C:\Arquivos de programas\Microsoft SQL Server\MSSQL$PADMINISTRATOR\Binn\sqlservr.exe
F:\Arquivos de programas\Panda Software\Panda Administrator 3\Distribution Server\PadFSvr.exe
C:\Arquivos de programas\Panda Software\AVNT\PsCtrlS.exe
F:\Arquivos de programas\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exe
F:\Arquivos de programas\Panda Software\Panda Administrator 3\Scheduler\pavsched.exe
F:\Arquivos de programas\Panda Software\Panda Administrator 3\Pav_Agent\pagentwd.exe
C:\Arquivos de programas\Arquivos comuns\Panda Software\PavShld\pavprsrv.exe
C:\Protheus8\bin\server\mp8srvwin.exe
C:\Arquivos de programas\Panda Software\AVNT\PsImSvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\tlntsvr.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Arquivos de programas\WS10 Data Server\WS10Server.exe
C:\WINNT\system32\svchost.exe
C:\ARQUIV~1\Zebedee\zebedee.exe
C:\ARQUIV~1\Acesys\AceManager 3\AM3Service.exe
C:\WINNT\system32\Dfssvc.exe
C:\Arquivos de programas\Firebird\Firebird_2_0\bin\fb_inet_server.exe
C:\WINNT\System32\dmadmin.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\System32\msdtc.exe
C:\Arquivos de programas\Firebird\Firebird_2_0\bin\fb_inet_server.exe
C:\Arquivos de programas\Firebird\Firebird_2_0\bin\fb_inet_server.exe
C:\Arquivos de programas\Firebird\Firebird_2_0\bin\fb_inet_server.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
F:\Arquivos de programas\Panda Software\Panda Administrator 3\Console\PASystemTray.exe
C:\Arquivos de programas\Panda Software\AVNT\PSCtrlC.exe
C:\WINNT\system32\internat.exe
C:\Arquivos de programas\Firebird\Firebird_2_0\bin\fb_inet_server.exe
C:\Arquivos de programas\Firebird\Firebird_2_0\bin\fb_inet_server.exe
C:\Arquivos de programas\Firebird\Firebird_2_0\bin\fb_inet_server.exe
C:\Arquivos de programas\Firebird\Firebird_2_0\bin\fb_inet_server.exe
C:\Arquivos de programas\Firebird\Firebird_2_0\bin\fb_inet_server.exe
C:\Arquivos de programas\Panda Software\AVNT\AvTask.exe
C:\Arquivos de programas\Panda Software\AVNT\Avtask.exe
C:\Arquivos de programas\Firebird\Firebird_2_0\bin\fb_inet_server.exe
C:\Arquivos de programas\Firebird\Firebird_2_0\bin\fb_inet_server.exe
C:\Arquivos de programas\Firebird\Firebird_2_0\bin\fb_inet_server.exe
C:\Arquivos de programas\Firebird\Firebird_2_0\bin\fb_inet_server.exe
C:\Arquivos de programas\Firebird\Firebird_2_0\bin\fb_inet_server.exe
C:\Arquivos de programas\Firebird\Firebird_2_0\bin\fb_inet_server.exe
C:\Arquivos de programas\Firebird\Firebird_2_0\bin\fb_inet_server.exe
C:\Documents and Settings\acesys\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://192.168.0.80/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = &http://home.microsoft.com/intl/br/access/allinone.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Arquivos de programas\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "R:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [PASystemTray] "F:\Arquivos de programas\Panda Software\Panda Administrator 3\Console\PASystemTray.exe"
O4 - HKLM\..\Run: [Panda Controller Client] "C:\Arquivos de programas\Panda Software\AVNT\PSCtrlC.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Arquivos de programas\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1268305271984
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1268305247921
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{8686F01A-0513-4B50-97C1-A0959C0A01CD}: NameServer = 200.204.0.10,200.204.0.138,189.38.95.96,72.233.55.28
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\system32\browseui.dll
O23 - Service: AceManager 3 Server Acesys (Acesys_AM3Server) - Acesys Tecnologia em Sistema ltda. - C:\ARQUIV~1\Acesys\AceManager 3\AM3Service.exe
O23 - Service: Panda AdminSecure Administration Server (AdminServer) - Panda Security S.L. - F:\Arquivos de programas\Panda Software\Panda Administrator 3\AdminServer\AdminServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: Systems Management Event Manager (dcevt32) - Dell Inc. - C:\Arquivos de programas\Dell\SysMgt\dataeng\bin\dcevt32.exe
O23 - Service: Systems Management Data Manager (dcstor32) - Dell Inc. - C:\Arquivos de programas\Dell\SysMgt\dataeng\bin\dcstor32.exe
O23 - Service: Serviço administrativo do gerenciador de disco lógico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: FIBSBackupService - Talat Dogan - C:\Arquivos de programas\FIBS 2.0.2\fibs202.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Arquivos de programas\Firebird\Firebird_2_0\bin\fb_inet_server.exe
O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINNT\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINNT\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Arquivos de programas\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: OM Common Services (omsad) - Unknown owner - C:\Arquivos de programas\Dell\SysMgt\oma\bin\omsad32.exe (file missing)
O23 - Service: Panda AdminSecure Distribution Server (PadFSvr) - Panda Security S.L. - F:\Arquivos de programas\Panda Software\Panda Administrator 3\Distribution Server\PadFSvr.exe
O23 - Service: Panda Software Controller - Panda Security - C:\Arquivos de programas\Panda Software\AVNT\PsCtrlS.exe
O23 - Service: Panda AdminSecure Communications Agent (PAVAGENTE) - Panda Security, S.L. - F:\Arquivos de programas\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exe
O23 - Service: Panda AdminSecure Scheduler (PavAtScheduler) - Panda Software - F:\Arquivos de programas\Panda Software\Panda Administrator 3\Scheduler\pavsched.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda Antivirus Report Service (PavReport) - Panda Security, S.L. - F:\Arquivos de programas\Panda Software\Panda Administrator 3\PavReport\PavReport.exe
O23 - Service: Panda Antivirus Service (PavSrv) - Panda Security, S.L. - C:\Arquivos de programas\Panda Software\AVNT\PavSrv50.exe
O23 - Service: Protheus 8 (Protheus8Service) - Microsiga Software S/A - C:\Protheus8\bin\server\mp8srvwin.exe
O23 - Service: Panda IManager Service (PsImSvc) - Panda Security - C:\Arquivos de programas\Panda Software\AVNT\PsImSvc.exe
O23 - Service: WS10 Data Server (WS10Server) - Novus Produtos Eletrônicos Ltda. - C:\Arquivos de programas\WS10 Data Server\WS10Server.exe
O23 - Service: zebedee - Unknown owner - C:\ARQUIV~1\Zebedee\zebedee.exe
--
End of file - 10267 bytes

Este abaixo é o report do startup list ,que criei pois o hijack abriu de forma diferente. Talvez ajude:

StartupList report, 3/5/2010, 08:48:40
StartupList version: 1.52.2
Started from : C:\Documents and Settings\acesys\Desktop\HiJackThis.EXE
Detected: Windows 2000 SP4 (WinNT 5.00.2195)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\termsrv.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\Arquivos de programas\Panda Software\AVNT\PavSrv50.exe
C:\Arquivos de programas\Panda Software\AVNT\AVENGINE.EXE
C:\WINNT\system32\spoolsv.exe
F:\Arquivos de programas\Panda Software\Panda Administrator 3\AdminServer\AdminServer.exe
C:\WINNT\System32\svchost.exe
C:\Arquivos de programas\FIBS 2.0.2\fibs202.exe
C:\Arquivos de programas\Firebird\Firebird_2_0\bin\fb_inet_server.exe
C:\Arquivos de programas\GbPlugin\GbpSv.exe
C:\WINNT\system32\hidserv.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\WINNT\System32\llssrv.exe
C:\Arquivos de programas\Microsoft SQL Server\MSSQL$PADMINISTRATOR\Binn\sqlservr.exe
F:\Arquivos de programas\Panda Software\Panda Administrator 3\Distribution Server\PadFSvr.exe
C:\Arquivos de programas\Panda Software\AVNT\PsCtrlS.exe
F:\Arquivos de programas\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exe
F:\Arquivos de programas\Panda Software\Panda Administrator 3\Scheduler\pavsched.exe
F:\Arquivos de programas\Panda Software\Panda Administrator 3\Pav_Agent\pagentwd.exe
C:\Arquivos de programas\Arquivos comuns\Panda Software\PavShld\pavprsrv.exe
C:\Protheus8\bin\server\mp8srvwin.exe
C:\Arquivos de programas\Panda Software\AVNT\PsImSvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\tlntsvr.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Arquivos de programas\WS10 Data Server\WS10Server.exe
C:\WINNT\system32\svchost.exe
C:\ARQUIV~1\Zebedee\zebedee.exe
C:\ARQUIV~1\Acesys\AceManager 3\AM3Service.exe
C:\WINNT\system32\Dfssvc.exe
C:\Arquivos de programas\Firebird\Firebird_2_0\bin\fb_inet_server.exe
C:\WINNT\System32\dmadmin.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\System32\msdtc.exe
C:\Arquivos de programas\Firebird\Firebird_2_0\bin\fb_inet_server.exe
C:\Arquivos de programas\Firebird\Firebird_2_0\bin\fb_inet_server.exe
C:\Arquivos de programas\Firebird\Firebird_2_0\bin\fb_inet_server.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
F:\Arquivos de programas\Panda Software\Panda Administrator 3\Console\PASystemTray.exe
C:\Arquivos de programas\Panda Software\AVNT\PSCtrlC.exe
C:\WINNT\system32\internat.exe
C:\Arquivos de programas\Firebird\Firebird_2_0\bin\fb_inet_server.exe
C:\Arquivos de programas\Firebird\Firebird_2_0\bin\fb_inet_server.exe
C:\Arquivos de programas\Firebird\Firebird_2_0\bin\fb_inet_server.exe
C:\Arquivos de programas\Firebird\Firebird_2_0\bin\fb_inet_server.exe
C:\Arquivos de programas\Firebird\Firebird_2_0\bin\fb_inet_server.exe
C:\Arquivos de programas\Panda Software\AVNT\AvTask.exe
C:\Arquivos de programas\Panda Software\AVNT\Avtask.exe
C:\Arquivos de programas\Firebird\Firebird_2_0\bin\fb_inet_server.exe
C:\Arquivos de programas\Firebird\Firebird_2_0\bin\fb_inet_server.exe
C:\Arquivos de programas\Firebird\Firebird_2_0\bin\fb_inet_server.exe
C:\Arquivos de programas\Firebird\Firebird_2_0\bin\fb_inet_server.exe
C:\Arquivos de programas\Firebird\Firebird_2_0\bin\fb_inet_server.exe
C:\Arquivos de programas\Firebird\Firebird_2_0\bin\fb_inet_server.exe
C:\Arquivos de programas\Firebird\Firebird_2_0\bin\fb_inet_server.exe
C:\Documents and Settings\acesys\Desktop\HiJackThis.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Startup:
[C:\Documents and Settings\acesys\Menu Iniciar\Programas\Inicializar]
*No files*
Shell folders AltStartup:
*Folder not found*
User shell folders Startup:
*Folder not found*
User shell folders AltStartup:
*Folder not found*
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar]
*No files*
Shell folders Common AltStartup:
*Folder not found*
User shell folders Common Startup:
*Folder not found*
User shell folders Alternate Common Startup:
*Folder not found*
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINNT\system32\userinit.exe,
[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*
[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*
[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
PRONoMgrWired = C:\Arquivos de programas\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
FIBS =
SunJavaUpdateSched = "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
LogMeIn GUI = "R:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe"
PASystemTray = "F:\Arquivos de programas\Panda Software\Panda Administrator 3\Console\PASystemTray.exe"
Panda Controller Client = "C:\Arquivos de programas\Panda Software\AVNT\PSCtrlC.exe"
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
internat.exe = internat.exe
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
[OptionalComponents]
*No values found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command
(Default) = "%1" /S
--------------------------------------------------
File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command
(Default) = C:\WINNT\system32\mshta.exe "%1" %*
--------------------------------------------------
File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command
(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1
--------------------------------------------------
Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)
[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
[{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\mplayer2.inf,PerUserStub.NT
[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
[{6A5110B5-E14B-4268-A065-EF89FF33C325}] *
StubPath = regsvr32.exe /s /n /i:"S 2 true 3 true 4 true 5 true 6 true 7 true" initpki.dll
[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll
[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe
[{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *
StubPath = %SystemRoot%\system32\updcrl.exe -e -u %SystemRoot%\system32\verisignpub1.crl
--------------------------------------------------
Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps
*Registry key not found*
--------------------------------------------------
Load/Run keys from C:\WINNT\WIN.INI:
load=*INI section not found*
run=*INI section not found*
Load/Run keys from Registry:
HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=
--------------------------------------------------
Shell & screensaver key from C:\WINNT\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINNT\system32\logon.scr
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Checking for EXPLORER.EXE instances:
C:\WINNT\Explorer.exe: PRESENT!
C:\Explorer.exe: not present
C:\WINNT\Explorer\Explorer.exe: not present
C:\WINNT\System\Explorer.exe: not present
C:\WINNT\System32\Explorer.exe: not present
C:\WINNT\Command\Explorer.exe: not present
C:\WINNT\Fonts\Explorer.exe: not present
--------------------------------------------------
Checking for superhidden extensions:
.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden
--------------------------------------------------
Verifying REGEDIT.EXE integrity:
- Regedit.exe found in C:\WINNT
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Editor do Registro'
Registry check passed
--------------------------------------------------
Enumerating Browser Helper Objects:
G-Buster Browser Defense - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll - {C41A1C0E-EA6C-11D4-B1B8-444553540000}
(no name) - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll - {DBC80044-A445-435b-BC74-9C25C1C588A9}
JQSIEStartDetectorImpl - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll - {E7E6F031-17CE-4C07-BC86-EABFE594F69C}
--------------------------------------------------
Enumerating Task Scheduler jobs:
Bradesco_bkp.job
Delta_bkp.job
doc_bkp.job
Sigssmag_bkp.job
SyncBack Documentos.job
Users_bkp.job
{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
--------------------------------------------------
Enumerating Download Program Files:
[DirectAnimation Java Classes]
CODEBASE = file://C:\WINNT\Java\classes\dajava.cab
OSD = C:\WINNT\Downloaded Program Files\DirectAnimation Java Classes.osd
[Microsoft XML Parser for Java]
CODEBASE = file://C:\WINNT\Java\classes\xmldso.cab
OSD = C:\WINNT\Downloaded Program Files\Microsoft XML Parser for Java.osd
[{33564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
[WUWebControl Class]
InProcServer32 = C:\WINNT\system32\wuweb.dll
CODEBASE = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1268305271984
[MUWebControl Class]
InProcServer32 = C:\WINNT\system32\muweb.dll
CODEBASE = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1268305247921
[Java Plug-in 1.6.0_17]
InProcServer32 = C:\Arquivos de programas\Java\jre6\bin\jp2iexp.dll
CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
[ActiveScan 2.0 Installer Class]
InProcServer32 = C:\WINNT\Downloaded Program Files\as2stubie.dll
CODEBASE = http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
[Java Plug-in 1.6.0_17]
InProcServer32 = C:\Arquivos de programas\Java\jre6\bin\jp2iexp.dll
CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
[Java Plug-in 1.6.0_17]
InProcServer32 = C:\Arquivos de programas\Java\jre6\bin\npjpi160_17.dll
CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
[Shockwave Flash Object]
InProcServer32 = C:\WINNT\system32\Macromed\Flash\Flash10c.ocx
CODEBASE = http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
[Performance Viewer Activex Control]
InProcServer32 = C:\WINNT\Downloaded Program Files\RACtrl.dll
CODEBASE = https://secure.logmein.com/activex/ractrl.cab?lmi=100
--------------------------------------------------
Enumerating Winsock LSP files:
NameSpace #1: C:\WINNT\System32\rnr20.dll
NameSpace #2: C:\WINNT\System32\winrnr.dll
Protocol #1: C:\WINNT\system32\msafd.dll
Protocol #2: C:\WINNT\system32\msafd.dll
Protocol #3: C:\WINNT\system32\msafd.dll
Protocol #4: C:\WINNT\system32\rsvpsp.dll
Protocol #5: C:\WINNT\system32\rsvpsp.dll
Protocol #6: C:\WINNT\system32\msafd.dll
Protocol #7: C:\WINNT\system32\msafd.dll
Protocol #8: C:\WINNT\system32\msafd.dll
Protocol #9: C:\WINNT\system32\msafd.dll
Protocol #10: C:\WINNT\system32\msafd.dll
Protocol #11: C:\WINNT\system32\msafd.dll
Protocol #12: C:\WINNT\system32\msafd.dll
Protocol #13: C:\WINNT\system32\msafd.dll
--------------------------------------------------
Enumerating Windows NT/2000/XP services
AceManager 3 Server Acesys: C:\ARQUIV~1\Acesys\AceManager 3\AM3Service.exe (autostart)
Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)
Panda AdminSecure Administration Server: "F:\Arquivos de programas\Panda Software\Panda Administrator 3\AdminServer\AdminServer.exe" (autostart)
Ambiente de suporte a redes AFD: \SystemRoot\System32\drivers\afd.sys (autostart)
Alerta: %SystemRoot%\System32\services.exe (autostart)
Gerenciamento de aplicativo: %SystemRoot%\system32\services.exe (manual start)
Driver de mídia assíncrona RAS: System32\DRIVERS\asyncmac.sys (manual start)
Controlador de disco rígido padrão IDE/ESDI: System32\DRIVERS\atapi.sys (system)
Ati HotKey Poller: %SystemRoot%\system32\Ati2evxx.exe (autostart)
ati2mtag: system32\DRIVERS\ati2mtag.sys (manual start)
Protocolo de cliente ATM ARP: System32\DRIVERS\atmarpc.sys (manual start)
Driver de fragmento de código de áudio: System32\DRIVERS\audstub.sys (manual start)
Serviço de transferência inteligente de segundo plano: %SystemRoot%\System32\svchost.exe -k BITSgroup (manual start)
Localizador de computadores: %SystemRoot%\System32\services.exe (autostart)
Driver de CD-ROM: System32\DRIVERS\cdrom.sys (system)
Serviço de indexação: C:\WINNT\System32\cisvc.exe (manual start)
Área de armazenamento: %SystemRoot%\system32\clipsrv.exe (manual start)
Systems Management Event Manager: C:\Arquivos de programas\Dell\SysMgt\dataeng\bin\dcevt32.exe (autostart)
Systems Management Data Manager: C:\Arquivos de programas\Dell\SysMgt\dataeng\bin\dcstor32.exe (autostart)
Sistema de arquivos distribuídos: %SystemRoot%\system32\Dfssvc.exe (autostart)
DfsDriver: system32\drivers\Dfs.sys (system)
Cliente DHCP: %SystemRoot%\System32\services.exe (autostart)
Driver de disco: System32\DRIVERS\disk.sys (system)
Serviço administrativo do gerenciador de disco lógico: %SystemRoot%\System32\dmadmin.exe /com (autostart)
dmboot: System32\drivers\dmboot.sys (disabled)
Logical Disk Manager Driver: System32\drivers\dmio.sys (system)
dmload: System32\drivers\dmload.sys (system)
Gerenciador de discos lógicos: %SystemRoot%\System32\services.exe (autostart)
Cliente DNS: %SystemRoot%\System32\services.exe (autostart)
Intel(R) PRO/1000 Network Connection Driver: system32\DRIVERS\e1000nt5.sys (manual start)
Log de eventos: %SystemRoot%\system32\services.exe (autostart)
Sistema de eventos do COM+: C:\WINNT\System32\svchost.exe -k netsvcs (manual start)
Serviço de fax: %systemroot%\system32\faxsvc.exe (manual start)
Driver de controlador de disquete: System32\DRIVERS\fdc.sys (manual start)
FIBSBackupService: C:\Arquivos de programas\FIBS 2.0.2\fibs202.exe (autostart)
Firebird Server - DefaultInstance: C:\Arquivos de programas\Firebird\Firebird_2_0\bin\fb_inet_server.exe -s (autostart)
Driver de disquete: System32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)
FXDrv32: \??\D:\FXDrv32.sys (manual start)
Gbp Service: C:\Arquivos de programas\GbPlugin\GbpSv.exe (autostart)
getPlus(R) Helper: %SystemRoot%\System32\svchost.exe -k getPlusHelper (manual start)
Classificador genérico de pacotes: System32\DRIVERS\msgpc.sys (manual start)
hardlock: \??\C:\WINNT\system32\drivers\hardlock.sys (autostart)
Haspnt: \??\C:\WINNT\system32\drivers\Haspnt.sys (autostart)
HID Input Service: %SystemRoot%\system32\hidserv.exe (autostart)
Driver de classe HID da Microsoft: System32\DRIVERS\hidusb.sys (autostart)
HP Port Resolver: C:\WINNT\system32\spool\drivers\w32x86\3\HPBPRO.EXE (manual start)
HP Status Server: C:\WINNT\system32\spool\drivers\w32x86\3\HPBOID.EXE (manual start)
i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
InstallDriver Table Manager: C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe (manual start)
Serviço de administração do IIS: C:\WINNT\System32\inetsrv\inetinfo.exe (autostart)
Driver de filtro de tráfego IP: System32\DRIVERS\ipfltdrv.sys (manual start)
Driver de encapsulamento IP em IP: System32\DRIVERS\ipinip.sys (manual start)
Conversor de endereços de rede IP: System32\DRIVERS\ipnat.sys (manual start)
Driver IPSEC: System32\DRIVERS\ipsec.sys (manual start)
IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)
Mensagens entre sites: %SystemRoot%\System32\ismserv.exe (disabled)
Java Quick Starter: "C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf" (autostart)
Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)
Keyboard HID Driver: System32\DRIVERS\kbdhid.sys (system)
Centro de distribuição de chaves Kerberos: %SystemRoot%\System32\lsass.exe (disabled)
Servidor: %SystemRoot%\System32\services.exe (autostart)
Estação de trabalho: %SystemRoot%\System32\services.exe (autostart)
Serviço de registro de licenças: %SystemRoot%\System32\llssrv.exe (autostart)
Serviço auxiliar NetBIOS TCP/IP: %SystemRoot%\System32\services.exe (autostart)
LogMeIn Kernel Information Provider: \??\R:\Arquivos de programas\LogMeIn\x86\RaInfo.sys (autostart)
lmimirr: system32\DRIVERS\lmimirr.sys (manual start)
LogMeIn Remote File System Driver: \??\C:\WINNT\system32\drivers\LMIRfsDriver.sys (autostart)
NDIS5 Miniport Driver for D-Link PCI Express Ethernet Controller: system32\DRIVERS\m4cxw2k.sys (manual start)
Mensageiro: %SystemRoot%\System32\services.exe (autostart)
mirrorv3: system32\DRIVERS\rminiv3.sys (manual start)
Compartilhamento remoto da área de trabalho do NetMeeting: C:\WINNT\System32\mnmsrvc.exe (manual start)
Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)
Mouse HID Driver: System32\DRIVERS\mouhid.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINNT\System32\msdtc.exe (autostart)
Serviço de publicação FTP: C:\WINNT\system32\inetsrv\inetinfo.exe (autostart)
Windows Installer: C:\WINNT\system32\msiexec.exe /V (manual start)
Proxy de serviço de fluxo contínuo Microsoft: system32\drivers\MSKSSRV.sys (manual start)
Proxy do relógio de fluxo contínuo Microsoft: system32\drivers\MSPCLOCK.sys (manual start)
Proxy de gerenciador de qualidade de fluxo contínuo Microsoft: system32\drivers\MSPQM.sys (manual start)
MSSQL$PADMINISTRATOR: C:\Arquivos de programas\Microsoft SQL Server\MSSQL$PADMINISTRATOR\Binn\sqlservr.exe -sPADMINISTRATOR (autostart)
MSSQLServerADHelper: C:\Arquivos de programas\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (manual start)
Driver TAPI NDIS de acesso remoto: System32\DRIVERS\ndistapi.sys (manual start)
Protocolo de modo de usuário E/S em dispositivos NDIS: System32\DRIVERS\ndisuio.sys (manual start)
Driver de rede remota NDIS de acesso remoto: System32\DRIVERS\ndiswan.sys (manual start)
Interface NetBIOS: System32\DRIVERS\netbios.sys (system)
NetBios em Tcpip: System32\DRIVERS\netbt.sys (system)
DDE de rede: %SystemRoot%\system32\netdde.exe (manual start)
DSDM de DDE de rede: %SystemRoot%\system32\netdde.exe (manual start)
NetDetect: \SystemRoot\system32\drivers\netdtect.sys (manual start)
Logon de rede: %SystemRoot%\System32\lsass.exe (manual start)
Conexões de rede: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Intel NCS NetService: C:\Arquivos de programas\Intel\PROSetWired\NCS\Sync\NetSvc.exe (manual start)
Driver de monitor de rede: System32\DRIVERS\NMnt.sys (manual start)
Duplicação de arquivo: %SystemRoot%\system32\ntfrs.exe (manual start)
Fornecedor de suporte de segurança NT LM: %SystemRoot%\System32\lsass.exe (manual start)
Armazenamento removível: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Driver de filtro de tráfego IPX: System32\DRIVERS\nwlnkflt.sys (manual start)
Driver encaminhador de tráfego IPX: System32\DRIVERS\nwlnkfwd.sys (manual start)
OM Common Services: C:\Arquivos de programas\Dell\SysMgt\oma\bin\omsad32.exe (autostart)
Office Source Engine: C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE (manual start)
Panda AdminSecure Distribution Server: "F:\Arquivos de programas\Panda Software\Panda Administrator 3\Distribution Server\PadFSvr.exe" (autostart)
Panda Software Controller: "C:\Arquivos de programas\Panda Software\AVNT\PsCtrlS.exe" (autostart)
Parallel class driver: System32\DRIVERS\parallel.sys (manual start)
Parallel port driver: System32\DRIVERS\parport.sys (system)
Panda AdminSecure Communications Agent: "F:\Arquivos de programas\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exe" (autostart)
Panda AdminSecure Scheduler: "F:\Arquivos de programas\Panda Software\Panda Administrator 3\Scheduler\pavsched.exe" (autostart)
pavboot: system32\drivers\pavboot.sys (system)
Panda Anti-virus Driver: System32\Drivers\PavDrv50.sys (autostart)
Panda Process Protection Driver: \??\C:\WINNT\system32\DRIVERS\PavProc.sys (autostart)
Panda Process Protection Service: "C:\Arquivos de programas\Arquivos comuns\Panda Software\PavShld\pavprsrv.exe" (autostart)
Panda Antivirus Report Service: "F:\Arquivos de programas\Panda Software\Panda Administrator 3\PavReport\PavReport.exe" (manual start)
Panda Antivirus Service: C:\Arquivos de programas\Panda Software\AVNT\PavSrv50.exe (autostart)
PCI Bus Driver: System32\DRIVERS\pci.sys (system)
PCIIde: System32\DRIVERS\pciide.sys (system)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
Agente de diretiva IPSEC: %SystemRoot%\System32\lsass.exe (autostart)
PORTACCESSOR: \??\C:\Arquivos de programas\Dell\SysMgt\oldiags\packages\PORTACCESSOR.sys (manual start)
Miniporta de rede remota (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Armazenamento protegido: %SystemRoot%\system32\services.exe (autostart)
Protheus 8: C:\Protheus8\bin\server\mp8srvwin.exe (autostart)
Panda IManager Service: C:\Arquivos de programas\Panda Software\AVNT\PsImSvc.exe (autostart)
Driver de link paralelo direto: System32\DRIVERS\ptilink.sys (manual start)
Driver de conexão automática de acesso remoto: System32\DRIVERS\rasacd.sys (system)
Gerenciador de conexão de acesso remoto automático: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Miniporta de rede remota (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Gerenciador de conexão de acesso remoto: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Paralelo direto: System32\DRIVERS\raspti.sys (manual start)
Microsoft Streaming Network Raw Channel Access: system32\drivers\RCA.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
Driver do redirecionador de dispositivo do Terminal Server: System32\DRIVERS\rdpdr.sys (manual start)
Driver de filtro de reprodução de áudio digital de CD: System32\DRIVERS\redbook.sys (system)
Roteamento e acesso remoto: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Serviço de registro remoto: %SystemRoot%\system32\regsvc.exe (autostart)
Alocador Remote Procedure Call (RPC): %SystemRoot%\System32\locator.exe (manual start)
Chama de procedimento remoto (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe -s (manual start)
Gerenciador de contas de segurança: %SystemRoot%\system32\lsass.exe (autostart)
Ajuda do cartão inteligente: %SystemRoot%\System32\SCardSvr.exe (manual start)
Cartão inteligente: %SystemRoot%\System32\SCardSvr.exe (manual start)
Agendador de tarefas: %SystemRoot%\system32\MSTask.exe (autostart)
Serviço RunAs: %SystemRoot%\system32\services.exe (autostart)
Notificação de eventos de sistema: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)
Serial port driver: System32\DRIVERS\serial.sys (system)
Compartilhamento de conexões à Internet: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Panda File Shield Driver: System32\DRIVERS\ShldDrv.sys (system)
Simple Mail Transport Protocol (SMTP): C:\WINNT\System32\inetsrv\inetinfo.exe (autostart)
Serviço SNMP: %SystemRoot%\System32\snmp.exe (autostart)
Serviço de traps SNMP: %SystemRoot%\System32\snmptrap.exe (manual start)
Spooler de impressão: %SystemRoot%\system32\spoolsv.exe (autostart)
Driver do utilitário de propósito especial: \SystemRoot\System32\drivers\spud.sys (manual start)
SQLAgent$PADMINISTRATOR: C:\Arquivos de programas\Microsoft SQL Server\MSSQL$PADMINISTRATOR\Binn\sqlagent.EXE -i PADMINISTRATOR (manual start)
Srv: System32\DRIVERS\srv.sys (manual start)
SSHNAS: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)
symmpi: system32\drivers\symmpi.sys (system)
Logs e alertas de desempenho: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telefonia: %SystemRoot%\System32\svchost.exe -k tapisrv (manual start)
Driver de protocolo TCP/IP: System32\DRIVERS\tcpip.sys (system)
Driver de dispositivo de terminal: \SystemRoot\System32\drivers\termdd.sys (autostart)
Serviços de terminal: %SystemRoot%\System32\termsrv.exe (autostart)
Telnet: %SystemRoot%\system32\tlntsvr.exe (autostart)
Servidor de rastreamento de link distribuído: %SystemRoot%\system32\services.exe (manual start)
Cliente de rastreamento de link distribuído: %SystemRoot%\system32\services.exe (autostart)
Microsoft USB Universal Host Controller Driver: System32\DRIVERS\uhcd.sys (manual start)
Microcode Update Driver: System32\DRIVERS\update.sys (manual start)
Sistema de alimentação ininterrupta: %SystemRoot%\System32\ups.exe (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: System32\DRIVERS\usbehci.sys (manual start)
Microsoft USB Standard Hub Driver: System32\DRIVERS\usbhub.sys (manual start)
Suporte a hub raiz USB 2.0: System32\DRIVERS\usbhub20.sys (manual start)
USB Mass Storage Driver: System32\DRIVERS\USBSTOR.SYS (manual start)
Gerenciador de utilitários: %SystemRoot%\System32\UtilMan.exe (manual start)
VgaSave: \SystemRoot\System32\drivers\vga.sys (system)
Horário do Windows: %SystemRoot%\System32\services.exe (manual start)
Serviço de publicação na World Wide Web: C:\WINNT\System32\inetsrv\inetinfo.exe (autostart)
Driver ARP IP de acesso remoto: System32\DRIVERS\wanarp.sys (manual start)
Testador de instrumentação de gerenciamento do Windows: %SystemRoot%\System32\WBEM\WinMgmt.exe (autostart)
Extensões de driver de instrum. gerenc. do Windows: %SystemRoot%\system32\Services.exe (manual start)
WS10 Data Server: "C:\Arquivos de programas\WS10 Data Server\WS10Server.exe" (autostart)
Ambiente de suporte a provedores de serviços não-IFS do Windows Socket 2.0: \SystemRoot\System32\drivers\ws2ifsl.sys (disabled)
Atualizações Automáticas: %systemroot%\system32\svchost.exe -k wugroup (autostart)
Configuração sem fio: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
zebedee: "C:\ARQUIV~1\Zebedee\zebedee.exe" -f "c:\arquiv~1\zebedee\ServerFirebird.zbd" -Srun (autostart)

--------------------------------------------------
Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*
Windows NT checkdisk command:
BootExecute = autocheck autochk *
Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
Network.ConnectionTray: C:\WINNT\system32\NETSHELL.dll
WebCheck: C:\WINNT\system32\webcheck.dll
SysTray: stobject.dll
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
*Registry key not found*
--------------------------------------------------
End of report, 35.760 bytes
Report generated in 0,234 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


Um abraço.

Grato, desde já.
© 1999-2024 Hardware.com.br. Todos os direitos reservados.
Imagem do Modal