[Resolvido!] Não consigo usar o kaspersky on line

Ionara · Maio 3, 2009

Olá esse pc me mata, está lento quando vai finalizar dá a mensagem que o auto complete está finalizando aí trava, acabo tendo de resetar.

Para completar estou tentando dar um kaspersky on line e simplesmente quando tento clicar na "lupa" a página fecha automaticamente (isso aconteceu várias vezes), mesmo com o avast e fire wall desativados...

O que vou fazer?

O avast não detecta nenhum vírus...

DigRam · Maio 4, 2009

Olá esse pc me mata, está lento quando vai finalizar dá a mensagem que o auto complete está finalizando aí trava, acabo tendo de resetar.
Para completar estou tentando dar um kaspersky on line e simplesmente quando tento clicar na "lupa" a página fecha automaticamente (isso aconteceu várias vezes), mesmo com o avast e fire wall desativados...

O que vou fazer?

O avast não detecta nenhum vírus...

<><><><><><><><><>

Opa! Ionara

<!> Poste o log do HijackThis,segundo este Tutorial:

< Regra Nº 02 - Utilizando O Hijackthis - LEIA ANTES DE POSTAR! >

Abraços!

Ionara · Maio 4, 2009

Desculpe aí esqueci do log,

segue agora...

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Logfile of HijackThis v1.99.1

Scan saved at 13:17:25, on 4/5/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\D-Link\AirPlus G\AirGCFG.exe

C:\Arquivos de programas\ANI\ANIWZCS2 Service\WZCSLDR2.exe

C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe

C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Google\Quick Search Box\GoogleQuickSearchBox.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Ares\Ares.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

C:\ARQUIV~1\borland\INTERB~1\Bin\ibguard.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\ARQUIV~1\borland\INTERB~1\Bin\ibserver.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\Documents and Settings\user\Meus documentos\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - C:\ARQUIV~1\DAP\SBSearch.dll

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Arquivos de programas\D-Link\AirPlus G\AirGCFG.exe

O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Arquivos de programas\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKLM\..\Run: [AudioDeck] C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe 1

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Arquivos de programas\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - Startup: Ferramenta de Verificação de Mídia do Picture Motion Browser.lnk = C:\Arquivos de programas\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{4C46AAA5-817B-4C81-9278-5901EA48DFED}: NameServer = 192.168.6.254 200.180.39.132

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Arquivos de programas\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\ARQUIV~1\borland\INTERB~1\Bin\ibguard.exe

O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\ARQUIV~1\borland\INTERB~1\Bin\ibserver.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe (file missing)

O23 - Service: NMIndexingService - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

DigRam · Maio 5, 2009

Bom Dia! Ionara

<@> Baixe: < avz4en.zip > ou < avz_antiviral_toolkit >

<@> Salve-o em Arquivos de programas,e descompacte-o aí mesmo!

<@> Abra a pasta avz4 e execute o aplicativo,com um duplo-clique. <-- Ícone escudo e espada!

<@> Conecte-se à Internet,e atualize o Toolkit. --> "File" --> "Database Update". < >

<@> Terminando,não faça ainda nenhuma verificação.

<@> Na aba "Search range",marque todas as caixinhas.

<@> Em "File types",marque o botão "All files".

<@> Em "Actions",marque: "Perform healing"

<@> Nos campos,abaixo de "Perform healing",escolha "Report only",para todos os ítens.

<@> Abaixo de "RiskWare",marque a caixa "Copy suspicious files to Quarantine". <-- Somente esta caixa!

<@> No menu "Search parameters",maximize o ajuste "Heuristic analyses".

<@> Marque a caixa "Extended analysis". <-- Somente esta caixa!

<@> Por default,não desmarque as que estão assinaladas!

<@> Feche os programas que estejam abertos,e rode a ferramenta! <-- Clique em Start.

<@> Terminando o scan,clique no ícone "Save log",para dispormos do relatório. ( avz_log )

<@> Clique,também,no ícone dos "óculos".

<@> Clique em "Save as CSV".

<@> Salve,este relatório,no desktop! <-- Formato de texto. ( *.txt )

<@> Nomeie-o como: view_log

<@> Copie e poste: avz_log.txt + view_log.txt,na sua resposta.

Abraços!

Ionara · Maio 6, 2009

Boa Noite

Oi DigRam

Segue os logs

AVZ log

C:\WINDOWS\System32\Drivers\aswSP.SYS 4 Kernel-mode hook

C:\ARQUIV~1\DAP\dapie.dll 3 HSC: suspicion for Adware.SpeedBit

________________________________________________________________________________

______________________________

AVZ Antiviral Toolkit log; AVZ version is 4.30

Scanning started at 5/5/2009 23:03:51

Database loaded: signatures - 222011, NN profile(s) - 2, microprograms of healing - 56, signature database released 05.05.2009 22:15

Heuristic microprograms loaded: 372

SPV microprograms loaded: 9

Digital signatures of system files loaded: 110648

Heuristic analyzer mode: Maximum heuristics level

Healing mode: enabled

Windows version: 5.1.2600, Service Pack 2 ; AVZ is launched with administrator rights

System Restore: enabled

1. Searching for Rootkits and programs intercepting API functions

1.1 Searching for user-mode API hooks

Analysis: kernel32.dll, export table found in section .text

Analysis: ntdll.dll, export table found in section .text

Analysis: user32.dll, export table found in section .text

Analysis: advapi32.dll, export table found in section .text

Analysis: ws2_32.dll, export table found in section .text

Analysis: wininet.dll, export table found in section .text

Analysis: rasapi32.dll, export table found in section .text

Analysis: urlmon.dll, export table found in section .text

Analysis: netapi32.dll, export table found in section .text

1.2 Searching for kernel-mode API hooks

Driver loaded successfully

SDT found (RVA=0846E0)

Kernel ntkrnlpa.exe found in memory at address 804D7000

SDT = 8055B6E0

KiST = 80503960 (284)

Function NtClose (19) intercepted (805BAF70->F605D6B8), hook C:\WINDOWS\System32\Drivers\aswSP.SYS, driver recognized as trusted

Function NtCreateKey (29) intercepted (8062212E->F605D574), hook C:\WINDOWS\System32\Drivers\aswSP.SYS, driver recognized as trusted

Function NtDeleteValueKey (41) intercepted (8062278E->F605DA52), hook C:\WINDOWS\System32\Drivers\aswSP.SYS, driver recognized as trusted

Function NtDuplicateObject (44) intercepted (805BC94C->F605D14C), hook C:\WINDOWS\System32\Drivers\aswSP.SYS, driver recognized as trusted

Function NtOpenKey (77) intercepted (806234C4->F605D64E), hook C:\WINDOWS\System32\Drivers\aswSP.SYS, driver recognized as trusted

Function NtOpenProcess (7A) intercepted (805C9D0A->F605D08C), hook C:\WINDOWS\System32\Drivers\aswSP.SYS, driver recognized as trusted

Function NtOpenThread (80) intercepted (805C9F96->F605D0F0), hook C:\WINDOWS\System32\Drivers\aswSP.SYS, driver recognized as trusted

Function NtQueryValueKey (B1) intercepted (806201E8->F605D76E), hook C:\WINDOWS\System32\Drivers\aswSP.SYS, driver recognized as trusted

Function NtRestoreKey (CC) intercepted (80620536->F605D72E), hook C:\WINDOWS\System32\Drivers\aswSP.SYS, driver recognized as trusted

Function NtSetValueKey (F7) intercepted (806207EE->F605D8AE), hook C:\WINDOWS\System32\Drivers\aswSP.SYS, driver recognized as trusted

Functions checked: 284, intercepted: 10, restored: 0

1.3 Checking IDT and SYSENTER

Analysis for CPU 1

Analysis for CPU 2

Checking IDT and SYSENTER - complete

1.4 Searching for masking processes and drivers

Checking not performed: extended monitoring driver (AVZPM) is not installed

Driver loaded successfully

1.5 Checking of IRP handlers

Checking - complete

2. Scanning memory

Number of processes found: 45

Analyzer: process under analysis is 1260 C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe

[ES]:Contains network functionality

[ES]:Application has no visible windows

[ES]:Registered in autoruns !!

Analyzer: process under analysis is 1308 C:\Arquivos de programas\Google\Quick Search Box\GoogleQuickSearchBox.exe

[ES]:Contains network functionality

[ES]:Registered in autoruns !!

[ES]:Loads RASAPI DLL - may use dialing ?

>>> The real size is supposed to be = 3100672

Analyzer: process under analysis is 1344 C:\Arquivos de programas\Ares\Ares.exe

[ES]:Contains network functionality

[ES]:Listens on TCP ports !

[ES]:Application has no visible windows

[ES]:EXE runtime packer ?

[ES]:Registered in autoruns !!

[ES]:Loads RASAPI DLL - may use dialing ?

Analyzer: process under analysis is 1524 C:\Arquivos de programas\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe

[ES]:Application has no visible windows

[ES]:Registered in autoruns !!

Analyzer: process under analysis is 264 C:\ARQUIV~1\borland\INTERB~1\Bin\ibguard.exe

[ES]:Contains network functionality

[ES]:Application has no visible windows

Number of modules loaded: 426

Scanning memory - complete

3. Scanning disks

Direct reading C:\Arquivos de programas\Alwil Software\Avast4\DATA\Avast4.db

Direct reading C:\Arquivos de programas\Alwil Software\Avast4\DATA\log\selfdef.log

Direct reading C:\Arquivos de programas\Alwil Software\Avast4\DATA\report\Proteção residente.txt

Direct reading C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr0.dat

Direct reading C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr1.dat

Direct reading C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat

Direct reading C:\Documents and Settings\LocalService\Configurações locais\Histórico\History.IE5\index.dat

Direct reading C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat

Direct reading C:\Documents and Settings\LocalService\Cookies\index.dat

Direct reading C:\Documents and Settings\LocalService\NTUSER.DAT

Direct reading C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat

Direct reading C:\Documents and Settings\NetworkService\NTUSER.DAT

Direct reading C:\Documents and Settings\user\Configurações locais\Dados de aplicativos\Ahead\Nero Home\bl.db

Direct reading C:\Documents and Settings\user\Configurações locais\Dados de aplicativos\Ahead\Nero Home\is2.db

Direct reading C:\Documents and Settings\user\Configurações locais\Dados de aplicativos\Ahead\Nero Home\is2.db-journal

Direct reading C:\Documents and Settings\user\Configurações locais\Dados de aplicativos\Google\Quick Search Box\cache.db

Direct reading C:\Documents and Settings\user\Configurações locais\Dados de aplicativos\Google\Quick Search Box\main.db

Direct reading C:\Documents and Settings\user\Configurações locais\Dados de aplicativos\Google\Quick Search Box\ranking.db

Direct reading C:\Documents and Settings\user\Configurações locais\Dados de aplicativos\Microsoft\Messenger\josi3209@hotmail.com\SharingMetadata\Logs\Dfsr00005.log

Direct reading C:\Documents and Settings\user\Configurações locais\Dados de aplicativos\Microsoft\Messenger\josi3209@hotmail.com\SharingMetadata\Working\database_D00C_B432_CB4_1606\dfsr.db

Direct reading C:\Documents and Settings\user\Configurações locais\Dados de aplicativos\Microsoft\Messenger\josi3209@hotmail.com\SharingMetadata\Working\database_D00C_B432_CB4_1606\fsr.log

Direct reading C:\Documents and Settings\user\Configurações locais\Dados de aplicativos\Microsoft\Messenger\josi3209@hotmail.com\SharingMetadata\Working\database_D00C_B432_CB4_1606\fsrtmp.log

Direct reading C:\Documents and Settings\user\Configurações locais\Dados de aplicativos\Microsoft\Messenger\josi3209@hotmail.com\SharingMetadata\Working\database_D00C_B432_CB4_1606\tmp.edb

Direct reading C:\Documents and Settings\user\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat

Direct reading C:\Documents and Settings\user\Configurações locais\Dados de aplicativos\Microsoft\Windows Live Contacts\josi3209@hotmail.com\real\members.stg

Direct reading C:\Documents and Settings\user\Configurações locais\Dados de aplicativos\Microsoft\Windows Live Contacts\josi3209@hotmail.com\shadow\members.stg

Direct reading C:\Documents and Settings\user\Configurações locais\Histórico\History.IE5\index.dat

Direct reading C:\Documents and Settings\user\Configurações locais\temp\GoogleQuickSearchBox.log

Direct reading C:\Documents and Settings\user\Configurações locais\temp\~DF277E.tmp

Direct reading C:\Documents and Settings\user\Configurações locais\temp\~DF32E9.tmp

Direct reading C:\Documents and Settings\user\Configurações locais\Temporary Internet Files\Content.IE5\index.dat

Direct reading C:\Documents and Settings\user\Cookies\index.dat

Direct reading C:\Documents and Settings\user\ntuser.dat

Direct reading C:\System Volume Information\_restore{53EBDC10-2AB9-4F28-813F-C09A8DA926E8}\RP55\change.log

Direct reading C:\WINDOWS\SchedLgU.Txt

Direct reading C:\WINDOWS\SoftwareDistribution\ReportingEvents.log

Direct reading C:\WINDOWS\system32\CatRoot2\edb.log

Direct reading C:\WINDOWS\system32\CatRoot2\tmp.edb

Direct reading C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb

Direct reading C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb

Direct reading C:\WINDOWS\system32\config\Antivirus.Evt

Direct reading C:\WINDOWS\system32\config\AppEvent.Evt

Direct reading C:\WINDOWS\system32\config\default

Direct reading C:\WINDOWS\system32\config\Internet.evt

Direct reading C:\WINDOWS\system32\config\ODiag.evt

Direct reading C:\WINDOWS\system32\config\OSession.evt

Direct reading C:\WINDOWS\system32\config\SAM

Direct reading C:\WINDOWS\system32\config\SecEvent.Evt

Direct reading C:\WINDOWS\system32\config\SECURITY

Direct reading C:\WINDOWS\system32\config\SysEvent.Evt

Direct reading C:\WINDOWS\system32\config\system

Direct reading C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR

Direct reading C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP

Direct reading C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP

Direct reading C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA

Direct reading C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP

Direct reading C:\WINDOWS\Temp\Perflib_Perfdata_424.dat

Direct reading C:\WINDOWS\WindowsUpdate.log

4. Checking Winsock Layered Service Provider (SPI/LSP)

LSP settings checked. No errors detected

5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)

6. Searching for opened TCP/UDP ports used by malicious programs

Checking disabled by user

7. Heuristic system check

>>> C:\ARQUIV~1\DAP\dapie.dll HSC: suspicion for Adware.SpeedBit

File quarantined succesfully (C:\ARQUIV~1\DAP\dapie.dll)

>>> C:\ARQUIV~1\DAP\dapie.dll HSC: suspicion for Adware.SpeedBit

Checking - complete

8. Searching for vulnerabilities

>> Services: potentially dangerous service allowed: RemoteRegistry (Registro remoto)

>> Services: potentially dangerous service allowed: TermService (Serviços de terminal)

>> Services: potentially dangerous service allowed: SSDPSRV (Serviço de descoberta SSDP)

>> Services: potentially dangerous service allowed: Schedule (Agendador de tarefas)

>> Services: potentially dangerous service allowed: mnmsrvc (Compartilhamento remoto da área de trabalho do NetMeeting)

>> Services: potentially dangerous service allowed: RDSessMgr (Gerenciador de sessão de ajuda de área de trabalho remota)

> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!

>> Security: disk drives' autorun is enabled

>> Security: administrative shares (C$, D$ ...) are enabled

>> Security: anonymous user access is enabled

>> Security: sending Remote Assistant queries is enabled

Checking - complete

9. Troubleshooting wizard

>> HDD autorun are allowed

>> Autorun from network drives are allowed

>> Removable media autorun are allowed

Checking - complete

Files scanned: 201868, extracted from archives: 115406, malicious software found 0, suspicions - 0

Scanning finished at 5/5/2009 23:44:59

Time of scanning: 00:41:10

If you have a suspicion on presence of viruses or questions on the suspected objects,

you can address http://virusinfo.info conference

DigRam · Maio 6, 2009

Bom Dia! Ionara

<@> Vá a este link,e baixe: < Malwarebytes >

<@> Atualize o programa!

<@> Escolha o escaneamento Completo!

<@> Desabilite programas de proteção,ao executar o malwarebytes.

<@> Procure enviar os ítens detectados para a quarentena,clicando em Remover itens.

<@> Para maiores detalhes: < Link >

<><><><><><><><><><>

<@> Poste: mbam-log-2009-xx-xx (00-00-00).txt <--

Abraços!

Ionara · Maio 6, 2009

Boa Noite DigRam

Segue o log

Malwarebytes' Anti-Malware 1.36

Versão do banco de dados: 2085

Windows 5.1.2600 Service Pack 2

6/5/2009 20:37:45

mbam-log-2009-05-06 (20-37-45).txt

Tipo de Verificação: Completa (A:\|C:\|D:\|)

Objetos verificados: 166775

Tempo decorrido: 40 minute(s), 55 second(s)

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 0

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 0

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

Chaves do Registro infectadas:

(Nenhum ítem malicioso foi detectado)

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

Arquivos infectados:

(Nenhum ítem malicioso foi detectado)

Oi DigRam,

tentei passar o kaspersky on line e aconteceu a mesma coisa, a página do internet explorer se

fecha imediatamente ao se clicar na lupa....

Ionara

DigRam · Maio 7, 2009

Boa Noite! Ionara

<!> O problema não está associado à malwares,e certamente,uma mudança nos softwares melhoraria o PC.

<><><><><><><><><><><>

<@> Desinstale:

<!> C:\Arquivos de programas\Alwil Software\Avast4 <-- <3>

<!> C:\Arquivos de programas\Google <-- <4>

<!> C:\Arquivos de programas\Nero <-- <5>

<!> C:\ARQUIV~1\borland <-- <6>

<!> C:\ARQUIV~1\DAP <-- <2>

<!> G-Buster Browser Defense <-- <1> ( Para este,aguarde orientação! )

<@> Posteriormente,faça a reinstalação do que achar necessário.

<><><><><><><><><><><>

<@> Baixe: < DDS > ( ...by sUBs )

<@> Salve-o no desktop!

<@> Desabilite seus programas de proteção: antivírus,antimalware,antispyware ou firewall.

<@> Estando desconectado,execute a ferramenta! --> Duplo clique em dds.scr.

<@> Aguarde o término do scan,até obtermos o relatório. ( DDS.txt ) <--

<@> Surgirá,também,uma nova janela: "D.D.S - Optional_Scan" --> Clique em Sim.

<@> O Bloco de Notas irá abrir,com outro relatório. ( Attach.txt ) <--

<@> Ps: Caso o relatório seja incompreensível,renomeie o executável para DDS.exe e repita o scan.

<@> Outra janela,finalmente,abrir-se-à! --> Clique em OK.

<@> Salve os relatórios: DDS.txt + Attach.txt <-- Poste-os!

Abraços!

Ionara · Maio 8, 2009

:cry: Olá DigRAm,

Iniciei as orientações, consegui desinstalar todos menos o borland que aparecia a mensagem ibguard. exe acesso negado.

Prossegui instalei novamente o avast e na hora do download do DDS só da erro não entra a página de jeito nenhum.

E agora?

Ionara

DigRam · Maio 8, 2009

:cry: Olá DigRAm,

Iniciei as orientações, consegui desinstalar todos menos o borland que aparecia a mensagem ibguard. exe acesso negado.

Prossegui instalei novamente o avast e na hora do download do DDS só da erro não entra a página de jeito nenhum.

E agora?

Ionara

<><><><><><><><><>

Opa! Ionara

<!> Substitua pelo RSIT.

<><><><><><><><><>

<@> Baixe: < RSIT > ( ...by random/random )

<@> Salve-o,diretamente,no Disco Local ( C ).

<@> Dê um duplo clique em RSIT.exe,para executar a ferramenta.

<@> Na janela que abrir,disclamer,clique em "Continue".

<@> Aguarde a conclusão de "Running HijackThis". <-- Pseudo!

<@> Terminando,abrir-se-à o Bloco de Notas com o relatório: log.txt <-- Relatório para postagem!

<@> Poste,também,na sua resposta: info.txt,que estará em C:\rsit\info.txt <--

Abraços!

Ionara · Maio 8, 2009

Olá DigRam,

seguem os logs....

Logfile of random's system information tool 1.06 (written by random/random)

Run by user at 2009-05-08 17:36:04

Microsoft Windows XP Professional Service Pack 2

System drive C: has 17 GB (23%) free of 76 GB

Total RAM: 511 MB (41% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Facilitador de Leitor de Link Adobe PDF - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{60270dc7-9ea0-472f-9b77-66652c06246e}]

SpeedBitPlus Toolbar - C:\Arquivos de programas\SpeedBitPlus\tbSpee.dll [2008-06-04 1542168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

Groove GFS Browser Helper - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Auxiliar de Conexão do Windows Live - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540003}]

GbIehObj Class - C:\Arquivos de programas\GbPlugin\gbiehcef.dll [2009-01-27 404032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]

DAPIELoader Class - C:\ARQUIV~1\DAP\DAPIEL~1.DLL [2009-05-07 140880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{60270dc7-9ea0-472f-9b77-66652c06246e} - SpeedBitPlus Toolbar - C:\Arquivos de programas\SpeedBitPlus\tbSpee.dll [2008-06-04 1542168]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]

"nwiz"=nwiz.exe /install []

"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-10-22 86016]

"D-Link AirPlus G"=C:\Arquivos de programas\D-Link\AirPlus G\AirGCFG.exe [2005-07-22 1519616]

"ANIWZCS2Service"=C:\Arquivos de programas\ANI\ANIWZCS2 Service\WZCSLDR2.exe [2004-12-16 49152]

"AudioDeck"=C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe [2006-09-05 540672]

"Adobe Reader Speed Launcher"=C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

"Adobe Photo Downloader"=C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [2007-03-09 63712]

"avast!"=C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

"ares"=C:\Arquivos de programas\Ares\Ares.exe [2007-07-16 961536]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe []

"MsnMsgr"=C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]

"DownloadAccelerator"=C:\Arquivos de programas\DAP\DAP.EXE [2009-05-07 2807296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2std]

C:\WINDOWS\vsnp2std.exe [2006-09-15 675840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp2std]

C:\WINDOWS\tsnp2std.exe [2006-11-02 258048]

C:\Documents and Settings\user\Menu Iniciar\Programas\Inicializar

Ferramenta de Verificação de Mídia do Picture Motion Browser.lnk - C:\Arquivos de programas\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe

Recorte de tela e Iniciador do OneNote 2007.lnk - C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

"{E37CB5F0-51F5-4395-A808-5FA49E399003}"=C:\Arquivos de programas\GbPlugin\gbiehcef.dll [2009-01-27 404032]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"NoDriveAutoRun"=67108863

"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

"C:\Arquivos de programas\Microsoft Office\Office12\GROOVE.EXE"="C:\Arquivos de programas\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"

"C:\Arquivos de programas\Microsoft Office\Office12\ONENOTE.EXE"="C:\Arquivos de programas\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"

"C:\Arquivos de programas\Ares\Ares.exe"="C:\Arquivos de programas\Ares\Ares.exe:*:Enabled:Ares p2p for windows"

"C:\Arquivos de programas\eMule\emule.exe"="C:\Arquivos de programas\eMule\emule.exe:*:Enabled:eMule"

"C:\Arquivos de programas\DAP\DAP.exe"="C:\Arquivos de programas\DAP\DAP.exe:*:Enabled:Download Accelerator Plus"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Arquivos de programas\Microsoft Games\Age of Empires III\age3.exe"="C:\Arquivos de programas\Microsoft Games\Age of Empires III\age3.exe:*:Enabled:Age of Empires 3"

"C:\Arquivos de programas\K-Lite Codec Pack\Media Player Classic\mplayerc.exe"="C:\Arquivos de programas\K-Lite Codec Pack\Media Player Classic\mplayerc.exe:*:Enabled:Media Player Classic"

"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Arquivos de programas\Windows Live\Messenger\livecall.exe"="C:\Arquivos de programas\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Arquivos de programas\Windows Live\Messenger\livecall.exe"="C:\Arquivos de programas\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 1 months======

2009-11-28 12:26:35 ----D---- C:\Arquivos de programas\Rockstar Games

2009-05-08 17:36:05 ----D---- C:\Arquivos de programas\trend micro

2009-05-08 17:36:04 ----D---- C:\rsit

2009-05-07 20:34:22 ----A---- C:\WINDOWS\system32\aswBoot.exe

2009-05-07 20:34:19 ----D---- C:\Arquivos de programas\Alwil Software

2009-05-07 20:06:50 ----A---- C:\Arquivos de programas\setuppor.exe

2009-05-07 19:21:41 ----D---- C:\Arquivos de programas\Conduit

2009-05-07 19:21:39 ----D---- C:\Arquivos de programas\SpeedBitPlus

2009-05-07 19:21:37 ----A---- C:\WINDOWS\system32\wbhelp2.dll

2009-05-07 19:21:36 ----D---- C:\Arquivos de programas\DAP

2009-05-07 19:20:51 ----A---- C:\Arquivos de programas\dap9.exe

2009-05-05 22:54:52 ----D---- C:\Arquivos de programas\avz4

2009-04-29 20:36:05 ----D---- C:\WINDOWS\system32\KB905474

2009-04-19 15:23:21 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Yahoo! Companion

2009-04-15 21:26:32 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$

2009-04-15 21:26:24 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$

2009-04-15 21:23:55 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$

2009-04-15 21:23:41 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$

2009-04-15 21:22:45 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$

2009-04-15 21:22:40 ----A---- C:\WINDOWS\imsins.BAK

2009-04-15 21:22:31 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$

======List of files/folders modified in the last 1 months======

2009-11-28 18:59:06 ----HD---- C:\Arquivos de programas\InstallShield Installation Information

2009-11-28 18:55:21 ----DC---- C:\WINDOWS\system32\DRVSTORE

2009-11-28 16:38:46 ----D---- C:\Arquivos de programas\Windows Live Toolbar

2009-11-28 16:31:01 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\WinZip

2009-05-08 17:36:12 ----D---- C:\WINDOWS\Prefetch

2009-05-08 17:36:05 ----RD---- C:\Arquivos de programas

2009-05-08 16:59:43 ----D---- C:\WINDOWS\Temp

2009-05-08 16:58:09 ----AD---- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2009-05-08 13:04:39 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-05-07 22:36:37 ----A---- C:\WINDOWS\win.ini

2009-05-07 20:34:42 ----AD---- C:\WINDOWS\system32\drivers

2009-05-07 20:34:39 ----D---- C:\WINDOWS\system32

2009-05-07 19:21:49 ----D---- C:\Arquivos de programas\Mozilla Firefox

2009-05-07 19:21:42 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\SpeedBit

2009-05-07 18:53:44 ----SHD---- C:\WINDOWS\Installer

2009-05-07 18:53:15 ----SHD---- C:\Config.Msi

2009-05-07 18:49:56 ----D---- C:\WINDOWS

2009-05-07 18:43:36 ----D---- C:\Arquivos de programas\Arquivos comuns\Ahead

2009-05-06 18:40:57 ----D---- C:\Arquivos de programas\Malwarebytes' Anti-Malware

2009-05-06 00:03:49 ----D---- C:\WINDOWS\system32\CatRoot2

2009-05-04 18:08:22 ----A---- C:\WINDOWS\NeroDigital.ini

2009-04-29 20:36:05 ----SD---- C:\WINDOWS\Tasks

2009-04-28 19:30:08 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2009-04-19 16:06:09 ----D---- C:\WINDOWS\system32\config

2009-04-19 16:05:50 ----D---- C:\WINDOWS\system32\wbem

2009-04-19 16:05:49 ----D---- C:\WINDOWS\Registration

2009-04-19 16:02:30 ----D---- C:\Arquivos de programas\Yahoo!

2009-04-19 15:19:13 ----D---- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared

2009-04-15 21:34:26 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2009-04-15 21:29:37 ----D---- C:\WINDOWS\AppPatch

2009-04-15 21:26:36 ----HD---- C:\WINDOWS\inf

2009-04-15 21:26:34 ----RSHDC---- C:\WINDOWS\system32\dllcache

2009-04-15 21:26:09 ----D---- C:\WINDOWS\system32\pt-br

2009-04-15 21:26:09 ----D---- C:\Arquivos de programas\Internet Explorer

2009-04-15 21:25:59 ----D---- C:\WINDOWS\ie7updates

2009-04-15 21:24:20 ----D---- C:\WINDOWS\Debug

2009-04-15 21:23:49 ----HD---- C:\WINDOWS\$hf_mig$

2009-04-10 12:14:48 ----D---- C:\Arquivos de programas\GbPlugin

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]

R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]

R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]

R1 intelppm;Driver de Processador Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 40192]

R2 ANIO;ANIO Service; \??\C:\WINDOWS\system32\ANIO.SYS []

R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]

R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]

R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]

R3 RT61;D-Link Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT61.sys [2005-06-04 319104]

R3 SNP2STD;USB2.0 PC Camera (SNP2STD); C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2006-11-08 12006784]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]

R3 VIAudio;Vinyl AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\vinyl97.sys [2006-08-10 204672]

S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]

S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]

S3 HidUsb;Driver de classe HID da Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]

S3 MSTEE;Conversor em T entre locais de fluxo contínuo Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]

S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]

S3 NdisIP;Conexão de TV e vídeo da Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]

S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2005-05-26 21344]

S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2005-06-24 39036]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

S4 WS2IFSL;Ambiente de suporte a provedores de serviços não-IFS do Windows Socket 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-28 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]

R2 avast! Antivirus;avast! Antivirus; C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]

R2 InterBaseGuardian;InterBase Guardian; C:\ARQUIV~1\borland\INTERB~1\Bin\ibguard.exe [2002-01-30 22016]

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]

R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]

R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]

R3 InterBaseServer;InterBase Server; C:\ARQUIV~1\borland\INTERB~1\Bin\ibserver.exe [2002-01-30 1704448]

R3 usnjsvc;Serviço de Compartilhamento de Pastas Messenger do USN Journal Reader; C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]

S2 ANIWZCSdService;ANIWZCSd Service; C:\Arquivos de programas\ANI\ANIWZCS2 Service\ANIWZCSdS.exe [2004-10-22 49152]

S2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe []

S3 AresChatServer;Ares Chatroom server; C:\Arquivos de programas\Ares\chatServer.exe [2007-03-19 263168]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]

S3 avast! Mail Scanner;avast! Mail Scanner; C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]

S3 avast! Web Scanner;avast! Web Scanner; C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]

S3 IDriverT;InstallDriver Table Manager; C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]

S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Arquivos de programas\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]

S3 NMIndexingService;NMIndexingService; C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe []

S3 odserv;Microsoft Office Diagnostics Service; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]

S3 ose;Office Source Engine; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 WLSetupSvc;Windows Live Setup Service; C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.06 2009-05-08 17:36:26

======Uninstall list======

-->C:\Arquivos de programas\InstallShield Installation Information\{36C41D70-56F5-4E2B-81DA-6BEB7502D7A1}\setup.exe -runfromtemp -l0x0416 -removeonly

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0416-0000-0000000FF1CE} /uninstall {669EB263-0AFE-4FCB-A068-DB082CA6273C}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0416-0000-0000000FF1CE} /uninstall {98003BDC-1B68-4970-B28E-ACC8000D2F3E}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}

Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Reader 8.1.3 - Português-->MsiExec.exe /I{AC76BA86-7AD7-1046-7B44-A81300000003}

Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log

Adobe® Photoshop® Album Starter Edition 3.2-->MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}

Age of Empires III-->C:\ARQUIV~1\ARQUIV~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{FABB02D6-A7FD-4845-A6FA-60C565516712}

AirPlus G-->C:\ARQUIV~1\ARQUIV~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{0EA44599-1E9D-4517-A088-9588A9FAB211} /l2070

ANIO Service-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}\Setup.exe"

ANIWZCS2 Service-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{4C590030-7469-453E-8589-D15DA9D03F52}\Setup.exe"

Ares 2.0.9-->"C:\Arquivos de programas\Ares\uninstall.exe"

Ashampoo Internet Accelerator 2-->"C:\Arquivos de programas\Ashampoo\Ashampoo Internet Accelerator 2\unins000.exe"

Assistente de Conexão do Windows Live-->MsiExec.exe /I{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}

Atualização de Segurança para o Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"

Atualização de Segurança para o Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"

Atualização de Segurança para o Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"

Atualização de Segurança para o Windows Media Player 9 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"

Atualização para Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"

Atualização para Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"

Atualização para Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"

Atualização para Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"

Atualização para Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"

Atualização para Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"

Atualização para Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"

Atualização para Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"

Atualização para Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"

Atualização para Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"

Atualização para Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"

Atualização para Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"

Atualização para Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"

Atualização para Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"

Atualização para Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"

Atualização para Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"

Atualização para Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"

Atualização para Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"

avast! Antivirus-->C:\Arquivos de programas\Alwil Software\Avast4\aswRunDll.exe "C:\Arquivos de programas\Alwil Software\Avast4\Setup\setiface.dll",RunSetup

CCleaner (remove only)-->"C:\Arquivos de programas\CCleaner\uninst.exe"

doPDF 6.1 printer-->"C:\Arquivos de programas\Softland\doPDF 6\unins000.exe"

Download Accelerator Plus (DAP)-->C:\ARQUIV~1\DAP\DAPREMOVE.EXE

EA SPORTS online 2008-->C:\Arquivos de programas\EA SPORTS\EA SPORTS online\EASOUNInstaller.exe

eMule-->"C:\Arquivos de programas\eMule\Uninstall.exe"

Ferramenta de Carregamento do Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}

GOM Player-->"C:\Arquivos de programas\GRETECH\GomPlayer\Uninstall.exe"

GTA San Andreas-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0xa -removeonly

HijackThis 1.99.1-->C:\Documents and Settings\user\Meus documentos\HijackThis\HijackThis.exe /uninstall

Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"

Hotfix para Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"

Hotfix para Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"

InterBase 6.0-->C:\ARQUIV~1\borland\INTERB~1\UNWISE.EXE C:\ARQUIV~1\borland\INTERB~1\INSTIB6.LOG

IRPF2008 - Declaração de Ajuste Anual-->C:\ARQUIV~1\PROGRA~1\IRPF2008\UNWISE.EXE C:\ARQUIV~1\PROGRA~1\IRPF2008\INSTALL.LOG

IRPF2009 - Declaração de Ajuste Anual e Final de Espólio-->C:\ARQUIV~2\IRPF2009\UNWISE.EXE C:\ARQUIV~2\IRPF2009\INSTALL.LOG

Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}

K-Lite Mega Codec Pack 4.1.7-->"C:\Arquivos de programas\K-Lite Codec Pack\unins000.exe"

LG USB Modem driver-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\setup.exe" -l0xa -removeonly

LG_MobileSync-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{0B7BA3EE-D7AC-494E-999D-DA58D6D01DAC}\setup.exe" -l0x416 -removeonly

Malwarebytes' Anti-Malware-->"C:\Arquivos de programas\Malwarebytes' Anti-Malware\unins000.exe"

Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe

Microsoft Age of Empires II: The Conquerors Expansion Trial-->"C:\Arquivos de programas\Microsoft Games\Age of Empires II The Conquerors Expansion Trial\UNINSTALL.EXE" /runtemp /addremove

Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"

Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"

Microsoft Office Access MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0015-0416-0000-0000000FF1CE}

Microsoft Office Enterprise 2007-->"C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL

Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}

Microsoft Office Excel MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0016-0416-0000-0000000FF1CE}

Microsoft Office Groove MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-00BA-0416-0000-0000000FF1CE}

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0044-0416-0000-0000000FF1CE}

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-00A1-0416-0000-0000000FF1CE}

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-001A-0416-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0018-0416-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-001F-0416-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-002C-0416-0000-0000000FF1CE}

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0019-0416-0000-0000000FF1CE}

Microsoft Office Shared MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-006E-0416-0000-0000000FF1CE}

Microsoft Office Word MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-001B-0416-0000-0000000FF1CE}

Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}

Mozilla Firefox (3.0.8)-->C:\Arquivos de programas\Mozilla Firefox\uninstall\helper.exe

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

Need for Speed™ Most Wanted-->C:\Arquivos de programas\EA GAMES\Need for Speed Most Wanted\EAUninstall.exe

neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}

NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI

OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}

Picture Package Music Transfer-->C:\Arquivos de programas\InstallShield Installation Information\{CE2121C6-C94D-4A73-8EA4-6943F33EE335}\setup.exe -runfromtemp -l0x0416 -removeonly

QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log

Receitanet Java 2009.01-->C:\ARQUIV~1\PROGRA~1\RECEIT~1\DesinstJ.exe

Scooby-Doo - O Cavaleiro Fantasma-->C:\WINDOWS\IsUn0416.exe -f"C:\Arquivos de programas\The Learning Company\Scooby-Doo - O Cavaleiro Fantasma\Uninst.isu"

Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}

Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}

Security Update for 2007 Microsoft Office System (KB960003)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F04F8702-18D0-458D-921E-146FB7CD38CF}

Security Update for Microsoft Office Excel 2007 (KB959997)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {9EAC3AEC-5C81-4856-A05B-DE9DC236D740}

Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}

Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}

Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}

Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}

Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}

Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}

Serif PhotoPlus 6.0-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{0609D0AF-1382-42BE-81DB-CF30F8B0F6E2}\Setup.exe" -l0x9

Sharko-->MsiExec.exe /I{955AF706-48B2-42E1-BF1F-CFE50B8D701F}

SIFAB 3.0.1-->C:\SIFAB30\unins000.exe

Sony Picture Utility-->C:\Arquivos de programas\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe -runfromtemp -l0x0416 uninstall -removeonly

SpeedBitPlus Toolbar-->C:\ARQUIV~1\SPEEDB~1\UNWISE.EXE C:\ARQUIV~1\SPEEDB~1\INSTALL.LOG

Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}

Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}

Update for Outlook 2007 Junk Email Filter (kb968503)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5DD98950-4D10-4B79-8BF6-59726705207D}

USB2.0 PC Camera (SN9C201&202)-->C:\Arquivos de programas\InstallShield Installation Information\{75438C0E-9925-412E-AD85-D0E71C6CE2ED}\setup.exe -runfromtemp -l0x0416 -removeonly -u

VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}

VIA Gerenciador de dispositivo de plataforma-->C:\ARQUIV~1\ARQUIV~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}

Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"

Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"

Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"

Windows Live installer-->MsiExec.exe /X{3A417047-2E30-4D05-8977-F706D40BFF39}

Windows Live Mail-->MsiExec.exe /I{449480D4-67ED-4104-A8C0-21E08B08D592}

Windows Live Messenger-->MsiExec.exe /X{8EADB73B-026D-4978-A8F0-1EEF5E1ECEC7}

Windows Media Format Runtime-->"C:\Arquivos de programas\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe

Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe

Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe

Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe

Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe

Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"

Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe

WinRAR archiver-->C:\Arquivos de programas\WinRAR\uninstall.exe

======Security center information======

AV: avast! antivirus 4.8.1335 [VPS 090319-0] (disabled) (outdated)

======System event log======

Computer Name: B40D3459C7494A8

Event Code: 20159

Message: A conexão com procenter feita pelo usuário ionara, utilizando o dispositivo PPPoE6-0, foi desconectada.

Record Number: 13163

Source Name: RemoteAccess

Time Written: 20091127130413.000000-120

Event Type: Informações

User:

Computer Name: B40D3459C7494A8

Event Code: 7036

Message: O serviço Google Updater Service entrou no estado interrompido.

Record Number: 13162

Source Name: Service Control Manager

Time Written: 20091127123635.000000-120

Event Type: Informações

User:

Computer Name: B40D3459C7494A8

Event Code: 7036

Message: O serviço Google Updater Service entrou no estado executando.

Record Number: 13161

Source Name: Service Control Manager

Time Written: 20091127123436.000000-120

Event Type: Informações

User:

Computer Name: B40D3459C7494A8

Event Code: 7035

Message: O serviço Google Updater Service recebeu com êxito um controle Iniciar.

Record Number: 13160

Source Name: Service Control Manager

Time Written: 20091127123436.000000-120

Event Type: Informações

User: AUTORIDADE NT\SYSTEM

Computer Name: B40D3459C7494A8

Event Code: 36

Message: O serviço de tempo não pôde sincronizar a hora do sistema

para 49152 segundos porque nenhum dos provedores pôde

fornecer um carimbo de data/hora utilizável. O relógio do sistema não está sincronizado.

Record Number: 13159

Source Name: W32Time

Time Written: 20091127120946.000000-120

Event Type: aviso

User:

=====Application event log=====

Computer Name: B40D3459C7494A8

Event Code: 105

Message: The service was started.

Record Number: 5

Source Name: PLFlash DeviceIoControl Service

Time Written: 20090304172609.000000-180

Event Type: Informações

User:

Computer Name: B40D3459C7494A8

Event Code: 1000

Message: Aplicativo com falha gta_sa.exe, versão 0.0.0.0, módulo com falha gta_sa.exe, versão 0.0.0.0, endereço com falha 0x00346929.

Record Number: 4

Source Name: Application Error

Time Written: 20090304091413.000000-180

Event Type: Erro

User:

Computer Name: B40D3459C7494A8

Event Code: 251

Message:

Record Number: 3

Source Name: InterBase Guardian

Time Written: 20090304091356.000000-180

Event Type: Informações

User:

Computer Name: B40D3459C7494A8

Event Code: 1800

Message: O Serviço da Central de Segurança do Windows foi iniciado.

Record Number: 2

Source Name: SecurityCenter

Time Written: 20090304091351.000000-180

Event Type: Informações

User:

Computer Name: B40D3459C7494A8

Event Code: 105

Message: The service was started.

Record Number: 1

Source Name: PLFlash DeviceIoControl Service

Time Written: 20090304091336.000000-180

Event Type: Informações

User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=15

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 10, GenuineIntel

"PROCESSOR_REVISION"=040a

"NUMBER_OF_PROCESSORS"=2

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

DigRam · Maio 9, 2009

Boa Tarde! Ionara

<!> Desinstale:

<!> C:\Arquivos de programas\Ashampoo\Ashampoo Internet Accelerator 2 <-- <7>

<!> C:\ARQUIV~1\DAP <-- <2>

<!> C:\Arquivos de programas\Java\jre1.6.0_07 <-- <8>

<><><><><><><><><><><>

<@> Baixe: < OTMoveIt3 > ( ...by OldTimer Tools )

<@> Salve-o no desktop e,execute-o aí mesmo!

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

:Processes

explorer.exe

:Services

InterBaseGuardian

InterBaseServer

:Files

C:\ARQUIV~1\borland\INTERB~1\Bin\ibserver.exe

C:\ARQUIV~1\borland\INTERB~1\Bin\ibguard.exe

C:\ARQUIV~1\PROGRA~1\IRPF2008\INSTALL.LOG

C:\ARQUIV~1\borland\INTERB~1\INSTIB6.LOG

C:\ARQUIV~1\PROGRA~1\IRPF2008\UNWISE.EXE

C:\ARQUIV~1\borland\INTERB~1\UNWISE.EXE

C:\ARQUIV~1\borland\INTERB~1\Bin

C:\ARQUIV~1\PROGRA~1\IRPF2008

C:\ARQUIV~1\borland\INTERB~1

C:\ARQUIV~1\borland

:Commands

[purity]

[emptytemp]

[start explorer]

[Reboot]

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

<@> Copie e cole estas informações,entre os XXXXX...,para o campo ( clipboard ),da ferramenta.

<@> Ps: Área abaixo de "Paste Instructions for Items to be Moved".

<@> Clique em MoveIt.

<@> Na solicitação de reboot,confirme!

<@> Terminando,verifique o conteúdo texto da pasta: C:\_OTMoveIt\MovedFiles

<@> Copie e poste,seu relatório mais recente: C:\_OTMoveIt\MovedFiles\xxxx2009_xxxxxx.log <--

<@> Ps: Como a ferramenta não sobreescreve seus relatórios,devemos observar o que foi gerado logo após sua execução.

<@> Poste,também,HijackThis atualizado.

Abraços!

Ionara · Maio 9, 2009

Oi DigRam,

dos itens a serem excluídos consegui remover todos menos o DAP, dava a seguinte mensagem: Erro ao excluir - não é possível excluir - DAPCtxMenuShell.dll acesso negado. (tbm não consegui remover no modo de segurança.

Segue os logs:

========== PROCESSES ==========

Process explorer.exe killed successfully.

========== SERVICES/DRIVERS ==========

Service\Driver InterBaseGuardian stopped successfully.

Service\Driver InterBaseGuardian deleted successfully.

Service\Driver InterBaseGuardian stopped successfully.

Service\Driver InterBaseServer deleted successfully.

========== FILES ==========

C:\ARQUIV~1\borland\INTERB~1\Bin\ibserver.exe moved successfully.

C:\ARQUIV~1\borland\INTERB~1\Bin\ibguard.exe moved successfully.

C:\ARQUIV~1\PROGRA~1\IRPF2008\INSTALL.LOG moved successfully.

C:\ARQUIV~1\borland\INTERB~1\INSTIB6.LOG moved successfully.

C:\ARQUIV~1\PROGRA~1\IRPF2008\UNWISE.EXE moved successfully.

C:\ARQUIV~1\borland\INTERB~1\UNWISE.EXE moved successfully.

C:\ARQUIV~1\borland\INTERB~1\Bin moved successfully.

C:\ARQUIV~1\PROGRA~1\IRPF2008\gravadas moved successfully.

C:\ARQUIV~1\PROGRA~1\IRPF2008\aplicacao\dados moved successfully.

C:\ARQUIV~1\PROGRA~1\IRPF2008\aplicacao moved successfully.

C:\ARQUIV~1\PROGRA~1\IRPF2008 moved successfully.

C:\ARQUIV~1\borland\interbase\udf moved successfully.

C:\ARQUIV~1\borland\interbase\Lib moved successfully.

C:\ARQUIV~1\borland\interbase\intl moved successfully.

C:\ARQUIV~1\borland\interbase\Include moved successfully.

C:\ARQUIV~1\borland\interbase\help moved successfully.

C:\ARQUIV~1\borland\interbase\Examples\v5 moved successfully.

C:\ARQUIV~1\borland\interbase\Examples\v4 moved successfully.

C:\ARQUIV~1\borland\interbase\Examples\v3 moved successfully.

C:\ARQUIV~1\borland\interbase\Examples moved successfully.

C:\ARQUIV~1\borland\interbase\BACKUP moved successfully.

C:\ARQUIV~1\borland\interbase moved successfully.

C:\ARQUIV~1\borland moved successfully.

========== COMMANDS ==========

User's Temp folder emptied.

User's Internet Explorer cache folder emptied.

File delete failed. C:\Documents and Settings\user\Configurações locais\Temporary Internet Files\Content.IE5\K0I2HY5L\CAAP2NPACADRRA3VCA0Y2MMMCA31H1AOCAWZL7BHCAYZYK2SCA9XP9THCAVOWIAICABGCPDLCAD

QNH82CA009SQUCA58ZHLECABA5JDBCAY31CPSCAYMODB2CA9DNWI8CA2USAZMCACA01OMCAHDD8G8.htm scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\user\Configurações locais\Temporary Internet Files\Content.IE5\K0I2HY5L\index[3].htm scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\user\Configurações locais\Temporary Internet Files\Content.IE5\A5AV53R0\iframe[1].htm scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\user\Configurações locais\Temporary Internet Files\Content.IE5\0LSAWJK1\site=mebr&affiliate=meimaster&size=especiais&page=3&conntype=0&expble=0&reso=1024x768&keyword=uolhost&tile=1128750477368095[1].htm scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\user\Configurações locais\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\user\Configurações locais\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat scheduled to be deleted on reboot.

User's Temporary Internet Files folder emptied.

File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.

File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_438.dat scheduled to be deleted on reboot.

Windows Temp folder emptied.

Java cache emptied.

FireFox cache emptied.

Temp folders emptied.

Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05092009_170530

Files moved on Reboot...

C:\Documents and Settings\user\Configurações locais\Temporary Internet Files\Content.IE5\K0I2HY5L\CAAP2NPACADRRA3VCA0Y2MMMCA31H1AOCAWZL7BHCAYZYK2SCA9XP9THCAVOWIAICABGCPDLCAD

QNH82CA009SQUCA58ZHLECABA5JDBCAY31CPSCAYMODB2CA9DNWI8CA2USAZMCACA01OMCAHDD8G8.htm moved successfully.

C:\Documents and Settings\user\Configurações locais\Temporary Internet Files\Content.IE5\K0I2HY5L\index[3].htm moved successfully.

C:\Documents and Settings\user\Configurações locais\Temporary Internet Files\Content.IE5\A5AV53R0\iframe[1].htm moved successfully.

C:\Documents and Settings\user\Configurações locais\Temporary Internet Files\Content.IE5\0LSAWJK1\site=mebr&affiliate=meimaster&size=especiais&page=3&conntype=0&expble=0&reso=1024x768&keyword=uolhost&tile=1128750477368095[1].htm moved successfully.

C:\Documents and Settings\user\Configurações locais\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat moved successfully.

File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.

C:\WINDOWS\temp\Perflib_Perfdata_438.dat moved successfully.

________________________________________________________________________________

________________________________

Logfile of HijackThis v1.99.1

Scan saved at 17:19:40, on 9/5/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\D-Link\AirPlus G\AirGCFG.exe

C:\Arquivos de programas\ANI\ANIWZCS2 Service\WZCSLDR2.exe

C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe

C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Ares\Ares.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe

C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\Documents and Settings\user\Meus documentos\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - C:\ARQUIV~1\DAP\SBSearch.dll (file missing)

R3 - URLSearchHook: SpeedBitPlus Toolbar - {60270dc7-9ea0-472f-9b77-66652c06246e} - C:\Arquivos de programas\SpeedBitPlus\tbSpee.dll

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SpeedBitPlus Toolbar - {60270dc7-9ea0-472f-9b77-66652c06246e} - C:\Arquivos de programas\SpeedBitPlus\tbSpee.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll (file missing)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\ARQUIV~1\DAP\DAPIEL~1.DLL

O3 - Toolbar: SpeedBitPlus Toolbar - {60270dc7-9ea0-472f-9b77-66652c06246e} - C:\Arquivos de programas\SpeedBitPlus\tbSpee.dll