Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Bruna Marcela

[Arquivado] mranjm.exe detectado pelo USBFirewall

Por , em Tópicos Arquivados (Seguranca & Malwares)

Recommended Posts

Bruna Marcela    0

Bruna Marcela
Postado

Estou com o mesmo problema. No meu caso, o mranjm.exe foi detectado pelo USB Firewall nos dois dispositivos (camera card e pen drive) que conectei ao computador. Porém acho que liberei o autorun de um desses dispositivos e acredito que tenha executado o virus, pois apareceram varios arquivos estranhos no meu usuario (como ntuser.dat, por exemplo). Executei primeiro o Combo fix, depois o usbfix e por ultimo o malwarebytes. Seguem os logs. Espero ansiosamente por uma ajuda de vocês!!!!!

 

Grata,

 

Bruna Marcela.

 

 

COMBOFIX:

 

ComboFix 09-09-27.05 - Bruna Marcela 28/09/2009 17:54.1.2 - NTFSx86

Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.55.1046.18.3002.1910 [GMT -3:00]

Executando de: c:\users\Bruna Marcela\Downloads\ComboFix.exe

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\$recycle.bin\S-1-5-21-2565894505-2914316380-879554357-500

c:\$recycle.bin\S-1-5-21-3375890411-3288990355-2692903690-500

c:\program files\Mx One

c:\program files\Mx One\info.ini

c:\program files\Mx One\mogtr.exe

c:\program files\Mx One\mxone.ini

c:\program files\Mx One\update.exe

c:\program files\Search Settings

c:\windows\Installer\179c9b.msi

c:\windows\Installer\1bc75.msi

c:\windows\Installer\1bc79.msi

c:\windows\Installer\1bc7d.msi

c:\windows\Installer\1bc81.msi

c:\windows\Installer\1bc85.msi

c:\windows\system32\oem7.inf

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_.norton2009Reset

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-08-28 to 2009-09-28 ))))))))))))))))))))))))))))

.

 

2009-09-27 20:32 . 2009-09-27 20:32 -------- d-----w- c:\windows\system32\ca-ES

2009-09-27 20:32 . 2009-09-27 20:32 -------- d-----w- c:\windows\system32\eu-ES

2009-09-27 20:32 . 2009-09-27 20:32 -------- d-----w- c:\windows\system32\vi-VN

2009-09-27 19:46 . 2009-04-11 06:28 355328 ----a-w- c:\windows\system32\WSDApi.dll

2009-09-27 19:46 . 2009-02-18 18:39 779136 ----a-w- c:\windows\system32\PresentationNative_v0300.dll

2009-09-27 19:46 . 2009-02-18 18:39 41344 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2009-09-27 19:46 . 2009-02-18 18:39 35680 ----a-w- c:\windows\system32\TsWpfWrp.exe

2009-09-27 19:46 . 2009-02-18 18:39 323952 ----a-w- c:\windows\system32\PresentationHost.exe

2009-09-27 19:44 . 2009-04-11 06:28 867328 ----a-w- c:\windows\system32\wmpmde.dll

2009-09-27 19:43 . 2009-04-11 06:28 177664 ----a-w- c:\windows\system32\WSDMon.dll

2009-09-27 19:42 . 2009-04-11 06:28 677376 ----a-w- c:\windows\system32\imapi2fs.dll

2009-09-27 19:21 . 2009-06-15 14:52 1259008 ----a-w- c:\windows\system32\lsasrv.dll

2009-09-27 19:21 . 2009-06-15 14:54 175104 ----a-w- c:\windows\system32\wdigest.dll

2009-09-27 19:21 . 2009-06-15 14:53 218624 ----a-w- c:\windows\system32\msv1_0.dll

2009-09-27 19:21 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll

2009-09-27 19:21 . 2009-06-15 23:15 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2009-09-27 19:21 . 2009-06-15 14:53 270848 ----a-w- c:\windows\system32\schannel.dll

2009-09-27 19:21 . 2009-06-15 14:53 72704 ----a-w- c:\windows\system32\secur32.dll

2009-09-27 19:21 . 2009-06-15 12:48 9728 ----a-w- c:\windows\system32\lsass.exe

2009-09-27 18:52 . 2009-09-27 18:52 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-09-27 18:49 . 2009-09-27 18:50 -------- d-----w- c:\windows\system32\EventProviders

2009-09-25 13:55 . 2009-06-22 10:09 2048 ----a-w- c:\windows\system32\tzres.dll

2009-09-24 19:03 . 2009-09-24 19:03 -------- d-----w- c:\program files\CCleaner

2009-09-24 19:02 . 2009-09-24 19:02 -------- d-----w- c:\program files\Marcos Velasco Security

2009-09-24 18:32 . 2009-08-14 16:27 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys

2009-09-24 18:32 . 2009-08-14 13:48 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

2009-09-24 18:32 . 2009-08-14 13:48 105984 ----a-w- c:\windows\system32\netiohlp.dll

2009-09-24 18:32 . 2009-08-14 13:49 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE

2009-09-24 18:32 . 2009-08-14 13:49 17920 ----a-w- c:\windows\system32\ROUTE.EXE

2009-09-24 18:32 . 2009-08-14 13:49 11264 ----a-w- c:\windows\system32\MRINFO.EXE

2009-09-24 18:32 . 2009-08-14 13:49 27136 ----a-w- c:\windows\system32\NETSTAT.EXE

2009-09-24 18:32 . 2009-08-14 13:49 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE

2009-09-24 18:32 . 2009-08-14 13:49 19968 ----a-w- c:\windows\system32\ARP.EXE

2009-09-24 18:32 . 2009-08-14 13:49 10240 ----a-w- c:\windows\system32\finger.exe

2009-09-24 18:32 . 2009-08-14 15:53 17920 ----a-w- c:\windows\system32\netevent.dll

2009-09-24 18:31 . 2009-07-17 13:54 71680 ----a-w- c:\windows\system32\atl.dll

2009-09-24 18:30 . 2009-06-10 11:38 91136 ----a-w- c:\windows\system32\avifil32.dll

2009-09-24 18:22 . 2009-07-11 19:01 513536 ----a-w- c:\windows\system32\wlansvc.dll

2009-09-24 18:22 . 2009-07-11 19:01 302592 ----a-w- c:\windows\system32\wlansec.dll

2009-09-24 18:22 . 2009-07-11 19:01 293376 ----a-w- c:\windows\system32\wlanmsm.dll

2009-09-24 18:22 . 2009-07-11 17:03 127488 ----a-w- c:\windows\system32\L2SecHC.dll

2009-09-24 18:22 . 2009-04-11 06:28 68096 ----a-w- c:\windows\system32\wlanhlp.dll

2009-09-24 18:22 . 2009-07-11 19:01 65024 ----a-w- c:\windows\system32\wlanapi.dll

2009-09-24 18:21 . 2009-06-15 14:53 156672 ----a-w- c:\windows\system32\t2embed.dll

2009-09-24 18:21 . 2009-06-15 14:52 23552 ----a-w- c:\windows\system32\lpk.dll

2009-09-24 18:21 . 2009-06-15 14:52 72704 ----a-w- c:\windows\system32\fontsub.dll

2009-09-24 18:21 . 2009-06-15 14:51 10240 ----a-w- c:\windows\system32\dciman32.dll

2009-09-24 18:21 . 2009-06-15 12:42 289792 ----a-w- c:\windows\system32\atmfd.dll

2009-09-24 18:21 . 2009-04-11 06:28 34304 ----a-w- c:\windows\system32\atmlib.dll

2009-09-24 18:21 . 2009-06-10 11:41 2868224 ----a-w- c:\windows\system32\mf.dll

2009-09-24 18:21 . 2009-04-11 06:28 98816 ----a-w- c:\windows\system32\mfps.dll

2009-09-24 18:21 . 2009-04-11 06:27 53248 ----a-w- c:\windows\system32\rrinstaller.exe

2009-09-24 18:21 . 2009-04-11 06:27 24576 ----a-w- c:\windows\system32\mfpmp.exe

2009-09-24 18:21 . 2009-04-11 04:54 2048 ----a-w- c:\windows\system32\mferror.dll

2009-09-24 18:16 . 2009-06-10 11:42 160256 ----a-w- c:\windows\system32\wkssvc.dll

2009-09-24 18:16 . 2009-06-04 12:07 2066432 ----a-w- c:\windows\system32\mstscax.dll

2009-09-24 18:16 . 2009-04-11 06:28 53248 ----a-w- c:\windows\system32\tsgqec.dll

2009-09-24 18:16 . 2009-04-11 06:28 136192 ----a-w- c:\windows\system32\aaclient.dll

2009-09-24 11:36 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2009-09-24 11:36 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2009-09-24 11:36 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys

2009-09-24 11:36 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2009-09-24 11:36 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr

2009-09-24 11:35 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe

2009-09-24 11:35 . 2009-08-17 16:05 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2009-09-21 15:08 . 2009-09-21 15:25 -------- d-----w- c:\users\Bruna Marcela\AppData\Roaming\Corel

2009-09-17 16:19 . 2009-09-17 16:19 -------- d-----w- c:\users\Bruna Marcela\Office Genuine Advantage

2009-09-15 18:11 . 2009-09-15 18:11 -------- d-----w- c:\users\Public\Office Genuine Advantage

2009-09-15 18:08 . 2009-09-21 17:01 -------- d-----w- c:\users\Bruna Marcela\AppData\Roaming\Any Video Converter

2009-09-15 18:08 . 2009-09-15 18:08 -------- d-----w- c:\program files\Any Video Converter

2009-09-15 18:03 . 2009-09-15 18:03 -------- d-----w- c:\programdata\DVD Shrink

2009-09-15 12:03 . 2009-09-15 12:03 -------- d-----w- c:\program files\VDOWNLOADER

2009-09-10 01:32 . 2009-09-10 01:32 -------- d-----w- c:\programdata\Office Genuine Advantage

2009-09-08 16:21 . 2009-09-09 02:40 -------- d-----w- c:\users\Bruna Marcela\AppData\Roaming\uTorrent

2009-09-07 20:33 . 2009-09-08 13:39 -------- d-----w- c:\programdata\MyVirtualHome

2009-09-07 20:33 . 2009-09-08 13:39 -------- d-----w- c:\program files\MyVirtualHome

2009-09-07 16:12 . 2009-09-09 02:41 -------- d-----w- c:\program files\Common Files\DVDVideoSoft

2009-09-07 16:12 . 2009-09-07 16:12 -------- d-----w- c:\program files\DVDVideoSoft

2009-09-05 12:46 . 2009-09-12 19:31 -------- d-----w- c:\users\Bruna Marcela\AppData\Roaming\HpUpdate

2009-09-02 19:25 . 2009-09-05 12:43 -------- d-----w- c:\users\Bruna Marcela\RAMALHO - GOLDFRAPP

2009-08-31 23:53 . 2009-08-31 23:53 -------- d-----w- c:\program files\Synaptics

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-09-28 21:07 . 2009-06-02 07:05 634222 ----a-w- c:\windows\system32\prfh0416.dat

2009-09-28 21:07 . 2009-06-02 07:05 121888 ----a-w- c:\windows\system32\prfc0416.dat

2009-09-28 17:10 . 2009-09-28 17:10 -------- d-----w- c:\program files\Lexmark 1200 Series

2009-09-28 17:08 . 2009-07-02 19:43 106944 ----a-w- c:\users\Bruna Marcela\AppData\Local\GDIPFONTCACHEV1.DAT

2009-09-27 20:32 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar

2009-09-27 20:32 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar

2009-09-27 20:32 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration

2009-09-27 20:32 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2009-09-27 20:32 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery

2009-09-27 20:32 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender

2009-09-27 20:28 . 2009-09-27 20:28 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf

2009-09-27 19:35 . 2009-08-27 20:36 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2009-09-27 18:51 . 2009-06-02 04:13 -------- d-----w- c:\program files\Java

2009-09-25 13:50 . 2009-06-02 03:57 -------- d-----w- c:\programdata\Microsoft Help

2009-09-24 21:48 . 2009-08-27 20:36 -------- d-----w- c:\program files\Spybot - Search & Destroy

2009-09-24 18:57 . 2009-08-13 15:30 -------- d-----w- c:\program files\Windows Installer Clean Up

2009-09-24 18:56 . 2009-07-02 23:22 -------- d-----w- c:\program files\MSECache

2009-09-24 18:45 . 2009-07-06 20:23 -------- d-----w- c:\program files\Norton Internet Security

2009-09-24 11:15 . 2009-06-02 03:20 -------- d-----w- c:\programdata\Norton

2009-09-24 11:15 . 2009-06-02 03:45 -------- d-----w- c:\program files\Microsoft Works

2009-09-24 11:15 . 2009-07-06 20:24 -------- d-----w- c:\program files\Common Files\Symantec Shared

2009-09-24 11:15 . 2009-07-02 20:59 -------- d-----w- c:\program files\eMule

2009-09-24 11:14 . 2009-06-02 04:16 -------- d-----w- c:\program files\HP

2009-09-24 11:14 . 2009-06-02 04:00 -------- d-----w- c:\program files\Common Files\Adobe

2009-09-21 21:56 . 2009-08-11 02:16 6080 ----a-w- c:\users\Bruna Marcela\AppData\Local\d3d9caps.dat

2009-09-18 11:56 . 2009-07-09 03:11 -------- d-----w- c:\users\Bruna Marcela\AppData\Roaming\Skype

2009-09-18 11:56 . 2009-07-14 02:29 -------- d-----w- c:\users\Bruna Marcela\AppData\Roaming\skypePM

2009-09-17 15:27 . 2009-09-16 14:07 -------- d-----w- c:\program files\Google

2009-09-17 14:29 . 2009-09-17 14:29 -------- d-----w- c:\programdata\Yahoo! Companion

2009-09-17 14:07 . 2009-09-17 01:49 -------- d-----w- c:\users\Bruna Marcela\AppData\Roaming\Nero

2009-09-17 01:32 . 2009-09-17 01:05 -------- d-----w- c:\program files\Common Files\Nero

2009-09-17 01:11 . 2009-09-17 01:05 -------- d-----w- c:\programdata\Nero

2009-09-16 19:08 . 2009-09-16 19:08 -------- d-----w- c:\program files\Yahoo!

2009-09-16 16:00 . 2009-09-16 16:00 -------- d-----w- c:\programdata\WindowsSearch

2009-09-16 14:09 . 2009-09-16 14:09 -------- d-----w- c:\program files\Common Files\Real

2009-09-16 14:09 . 2009-09-16 14:09 -------- d-----w- c:\program files\Real

2009-09-08 13:39 . 2009-06-02 03:18 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-09-05 13:30 . 2009-07-02 21:27 -------- d-----w- c:\users\Bruna Marcela\AppData\Roaming\CyberLink

2009-08-29 00:27 . 2009-09-24 18:13 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2009-08-29 00:14 . 2009-09-24 18:13 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

2009-08-13 15:10 . 2009-07-02 19:43 -------- d-----w- c:\users\Bruna Marcela\AppData\Roaming\hewlett-packard

2009-08-13 15:02 . 2009-06-02 03:18 -------- d-----w- c:\programdata\Hewlett-Packard

2009-08-13 14:57 . 2009-08-13 14:55 -------- d-----w- c:\users\Bruna Marcela\AppData\Roaming\muvee Technologies

2009-08-13 14:55 . 2009-08-13 14:55 -------- d-----w- c:\programdata\muvee Technologies

2009-08-13 01:16 . 2009-07-03 21:08 -------- d-----w- c:\programdata\eMule

2009-08-13 00:35 . 2009-08-12 22:12 -------- d-----w- c:\programdata\SpeedBit

2009-08-10 18:41 . 2009-08-06 14:28 -------- d-----w- c:\users\Bruna Marcela\AppData\Roaming\Free Download Manager

2009-08-05 15:55 . 2009-07-29 01:34 -------- d-----w- c:\program files\PDF Editor 2

2009-08-05 15:54 . 2009-08-04 23:55 -------- d-----w- c:\program files\Firebird 2.0

2009-08-05 13:56 . 2009-08-05 13:03 -------- d-----w- c:\programdata\Activ Software

2009-08-03 18:07 . 2009-08-03 18:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll

2009-08-03 18:07 . 2009-08-03 18:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll

2009-08-03 18:07 . 2009-08-03 18:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe

2009-07-21 21:52 . 2009-09-24 18:13 915456 ----a-w- c:\windows\system32\wininet.dll

2009-07-21 21:47 . 2009-09-24 18:13 109056 ----a-w- c:\windows\system32\iesysprep.dll

2009-07-21 21:47 . 2009-09-24 18:13 71680 ----a-w- c:\windows\system32\iesetup.dll

2009-07-21 20:13 . 2009-09-24 18:13 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2009-07-15 12:40 . 2009-09-24 18:13 8147456 ----a-w- c:\windows\system32\wmploc.DLL

2009-07-15 12:39 . 2009-09-24 18:13 313344 ----a-w- c:\windows\system32\wmpdxm.dll

2009-07-15 12:39 . 2009-09-24 18:13 4096 ----a-w- c:\windows\system32\dxmasf.dll

2009-07-15 12:39 . 2009-09-24 18:13 7680 ----a-w- c:\windows\system32\spwmp.dll

2009-07-14 02:29 . 2009-07-14 02:29 56 ---ha-w- c:\programdata\ezsidmv.dat

2009-07-06 20:24 . 2009-07-06 20:24 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2009-07-06 20:24 . 2009-07-06 20:24 25136 ----a-r- c:\windows\system32\drivers\SymIMV.sys

2009-07-04 13:28 . 2009-07-02 21:47 96 --sh--w- c:\windows\SCC21B33F.tmp

2009-07-04 13:09 . 2009-07-04 13:09 952 --sha-w- c:\windows\system32\KGyGaAvL.sys

2009-07-02 21:59 . 2009-07-02 21:59 0 ----a-w- c:\windows\nsreg.dat

2009-06-02 07:25 . 2009-06-02 07:08 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]

"Sidebar"="c:\program files\windows sidebar\sidebar.exe" [2009-04-11 1233920]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-09 150040]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-09 178712]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-09 154136]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-01-21 217088]

"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-23 468264]

"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]

"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-09-26 210216]

"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]

"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]

"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-27 149280]

"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]

"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"USBFW"="c:\program files\Net Studio\USB FireWall\USB FireWall.exe" [2008-09-01 1330688]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-09-11 446556]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"VistaSp2"=hex(B):00,50,26,3c,b2,3f,ca,01

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{42C57809-5C44-43B5-88AC-512EAD322193}"= c:\program files\CyberLink\PowerDirector\PDR.EXE:CyberLink PowerDirector

"{365F5476-3770-4FAB-9EDF-B7663FAABDBD}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play

"{126123D0-CD30-4B2F-8631-6B3EE67827FE}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program

"{64356B39-8484-4C0A-AEA9-D5B679F1C7D4}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"{E7450822-176F-4B14-8B42-709BF0B09CA3}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{5BF755E3-784C-4D6E-B3F2-91D3937AB334}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{BBD5E2FE-EE41-4BE2-A170-6F1B47426F98}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{316408B3-9E3C-425C-AD97-0B95EAF21803}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"TCP Query User{B580332B-10A9-4235-851F-A69B914D2995}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule

"UDP Query User{8AC235A2-5CE1-4D74-AA7C-C0D967E60D24}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule

"{4A703967-7C31-49EA-A64A-90918D44CF34}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync

"TCP Query User{4AFFAE5E-93C7-453F-91BC-BC0FA0B31DD2}c:\\program files\\microsoft office\\office12\\winword.exe"= UDP:c:\program files\microsoft office\office12\winword.exe:Microsoft Office Word

"UDP Query User{3E86406F-B1EB-4F48-8DEF-B9410C7916C9}c:\\program files\\microsoft office\\office12\\winword.exe"= TCP:c:\program files\microsoft office\office12\winword.exe:Microsoft Office Word

"{9EEBE430-E0BA-44F1-B703-16630A5AAB3C}"= UDP:c:\windows\System32\lxczcoms.exe:Lexmark Communications System

"{291960B9-68FB-4538-BE87-C1D07D52DDB9}"= TCP:c:\windows\System32\lxczcoms.exe:Lexmark Communications System

 

R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\NIS\1000000.07D\SymEFA.sys [06/07/2009 17:24 309296]

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [24/09/2009 08:36 114768]

R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NIS\1000000.07D\ccHPx86.sys [06/07/2009 17:24 362544]

R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20080826.006\IDSVix86.sys [06/07/2009 17:24 289840]

R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_e7ea6efc\AEstSrv.exe [02/06/2009 02:32 77824]

R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [24/09/2009 08:36 20560]

R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [24/09/2009 08:35 53328]

R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [02/06/2009 01:16 365952]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [24/09/2009 18:45 1153368]

R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [28/04/2008 22:54 54784]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\System32\drivers\IntcHdmi.sys [15/07/2008 05:20 112128]

R3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [21/07/2008 07:53 100184]

S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\NIS\1000000.07D\BHDrvx86.sys [06/07/2009 17:24 254512]

S2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [06/07/2009 17:24 115560]

S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [06/07/2009 15:44 55280]

S3 fsssvc;Windows Live Proteção para a Família;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 18:08 533360]

S3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\NIS\1000000.07D\symndisv.sys [06/07/2009 17:24 40496]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

"c:\program files\Common Files\LightScribe\LSRunOnce.exe"

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-09-28 c:\windows\Tasks\User_Feed_Synchronization-{A734DB46-0FB2-44B1-A2A9-EC90ADAD4A57}.job

- c:\windows\system32\msfeedssync.exe [2009-09-24 20:13]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=pt_br&c=91&bd=Presario&pf=cnnb

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=pt_br&c=91&bd=Presario&pf=cnnb

IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

TCP: {FE17C6F6-2B76-4A43-B657-BDEFF6582ADD} = 200.223.0.84,200.222.0.34

FF - ProfilePath - c:\users\Bruna Marcela\AppData\Roaming\Mozilla\Firefox\Profiles\4wqypct6.default\

FF - prefs.js: browser.startup.homepage - www.globo.com

FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-09-28 18:22

Windows 6.0.6002 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security]

"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

------------------------ Outros Processos em Execução ------------------------

.

c:\windows\System32\DriverStore\FileRepository\stwrt.inf_e7ea6efc\stacsv.exe

c:\windows\System32\audiodg.exe

c:\windows\System32\wlanext.exe

c:\program files\Alwil Software\Avast4\aswUpdSv.exe

c:\program files\Alwil Software\Avast4\ashServ.exe

c:\windows\System32\agrsmsvc.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\windows\System32\lxczcoms.exe

c:\windows\System32\PSIService.exe

c:\program files\CyberLink\Shared files\RichVideo.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\Alwil Software\Avast4\ashMaiSv.exe

c:\program files\Alwil Software\Avast4\ashWebSv.exe

c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-09-28 18:25 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-09-28 21:25

 

Pré-execução: 54.740.869.120 bytes disponíveis

Pós execução: 54.310.739.968 bytes disponíveis

 

325 --- E O F --- 2009-09-28 15:02

 

 

 

 

 

 

 

 

 

 

USBFIX:

 

 

############################## | UsbFix V6.037 |

 

User : Bruna Marcela (Administradores) # CASA

Update on 27/09/2009 by Chiquitine29, C_XX & Chimay8

Start at: 12:50:21 | 29/09/2009

Website : http://pagesperso-or...ools/index.html

 

Pentium® Dual-Core CPU T4200 @ 2.00GHz

Microsoft® Windows Vista™ Home Basic (6.0.6002 32-bit) # Service Pack 2

Internet Explorer 8.0.6001.18813

Windows Firewall Status : Enabled

 

C:\ -> Local Fixed Disk # 140,23 Go (49,78 Go free) # NTFS

D:\ -> Local Fixed Disk # 8,82 Go (1,63 Go free) [RECOVERY] # NTFS

E:\ -> CD-ROM Disc # 2,97 Go (0 Mo free) [bRUNA] # CDFS

F:\ -> Removable Disk # 969,72 Mo (853,69 Mo free) [sONYDSC-W55] # FAT

G:\ -> Removable Disk

 

############################## | Processos activos |

 

C:\Windows\System32\smss.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\services.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\LogonUI.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e7ea6efc\STacSV.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\WLANExt.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e7ea6efc\aestsrv.exe

C:\Windows\system32\agrsmsvc.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Windows\system32\lxczcoms.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\PSIService.exe

C:\Program Files\SMINST\BLService.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\userinit.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\runonce.exe

C:\Windows\system32\conime.exe

C:\Windows\system32\wbem\wmiprvse.exe

 

################## | Ficheiros # pastas infeciosos |

 

Supprimido ! C:\autorun.inf

Supprimido ! D:\autorun.inf

Supprimido ! D:\desktop.ini

 

################## | Registro # Chaves Run infectieuses |

 

Supprimido ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableRegistryTools"

Supprimido ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"

 

################## | Registro # Mountpoints2 |

 

Supprimido ! HKCU\...\Explorer\MountPoints2\{19683104-6a72-11de-9e28-0025b3a0f252}\Shell\AutoRun\Command

 

################## | Listing |

 

[18/09/2006 18:43|--a------|24] C:\autoexec.bat

[11/04/2009 03:36|-rahs----|333257] C:\bootmgr

[28/09/2009 18:25|--a------|25709] C:\ComboFix.txt

[18/09/2006 18:43|--a------|10] C:\config.sys

[02/07/2009 19:27|-rahs----|0] C:\IO.SYS

[02/07/2009 19:27|-rahs----|0] C:\MSDOS.SYS

[27/06/2009 07:19|--a------|432128] C:\Mx One.exe

[29/04/2007 14:11|--ah-----|9662] C:\mxone.ico

[06/07/2009 18:10|--ahs----|12] C:\mxone.ini

[?|?|?] C:\pagefile.sys

[29/09/2009 12:55|--a------|3773] C:\UsbFix.txt

[02/07/2009 16:37|---hs----|13] D:\BLOCK.RIN

[03/10/2006 20:02|---hs----|438328] D:\bootmgr

[10/09/2002 13:14|---hs----|8134] D:\Folder.htt

[29/09/2009 12:50|--ahs----|210] D:\MASTER.LOG

[12/09/2008 14:18|---hs----|156098] D:\protect.arabic

[15/09/2008 13:06|---hs----|151163] D:\protect.bulgarian

[12/09/2008 14:22|---hs----|149947] D:\protect.chinese hong kong

[12/09/2008 14:30|---hs----|150503] D:\protect.chinese simplified

[12/09/2008 14:30|---hs----|149947] D:\protect.chinese traditional

[12/09/2008 14:31|---hs----|149591] D:\protect.czech

[12/09/2008 14:31|---hs----|148911] D:\protect.danish

[12/09/2008 14:32|---hs----|148212] D:\protect.dutch

[12/09/2008 14:32|---hs----|148950] D:\protect.ed

[12/09/2008 14:32|---hs----|148952] D:\protect.english

[12/09/2008 14:32|---hs----|148000] D:\protect.finnish

[12/09/2008 14:33|---hs----|147655] D:\protect.french

[12/09/2008 14:33|---hs----|147825] D:\protect.german

[12/09/2008 14:33|---hs----|152670] D:\protect.greek

[12/09/2008 14:34|---hs----|155060] D:\protect.hebrew

[12/09/2008 14:34|---hs----|148303] D:\protect.hungarian

[12/09/2008 14:35|---hs----|147443] D:\protect.italian

[12/09/2008 14:35|---hs----|151323] D:\protect.japanese

[12/09/2008 14:35|---hs----|158134] D:\protect.korean

[12/09/2008 14:36|---hs----|147950] D:\protect.norwegian

[12/09/2008 14:36|---hs----|149293] D:\protect.polish

[12/09/2008 14:36|---hs----|148077] D:\protect.portuguese

[12/09/2008 14:36|---hs----|148808] D:\protect.portuguese brazilian

[15/09/2008 13:06|---hs----|152201] D:\protect.romanian

[12/09/2008 14:37|---hs----|148947] D:\protect.russian

[12/09/2008 14:37|---hs----|149967] D:\protect.slovak

[12/09/2008 14:37|---hs----|147739] D:\protect.spanish

[12/09/2008 14:38|---hs----|148308] D:\protect.swedish

[12/09/2008 14:38|---hs----|149334] D:\protect.turkish

[ |-r-h-----|0] F:\MEMSTICK.IND

[ |-r-h-----|0] F:\MSTK_PRO.IND

[16/09/2007 12:30|--ah-----|128] F:\.SonyVID

[19/12/2007 14:21|--ah-----|296] F:\WMPInfo.xml

 

################## | Vaccinação |

 

# C:\autorun.inf -> Folder created by UsbFix.

# D:\autorun.inf -> Folder created by UsbFix.

# F:\autorun.inf -> Folder created by UsbFix.

 

################## | Upload |

 

Favor enviar o arquivo : C:\Users\BRUNAM~1\Desktop\UsbFix_Upload_Me_Casa.zip : http://forum-aide-co...oix_fichier.php

Obrigado pela sua contribuição .

 

################## | ! Fim do relatório # UsbFix V6.037 ! |

 

 

 

 

MALWAREBYTES:

 

Malwarebytes' Anti-Malware 1.41

Versão do banco de dados: 2871

Windows 6.0.6002 Service Pack 2 (Safe Mode)

 

29/09/2009 13:59:28

mbam-log-2009-09-29 (13-59-28).txt

 

Tipo de Verificação: Completa (C:\|D:\|)

Objetos verificados: 293280

Tempo decorrido: 44 minute(s), 17 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 0

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 1

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

(Nenhum ítem malicioso foi detectado)

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

C:\Users\Bruna Marcela\Downloads\mxone - antivirus para disp usb.exe (Rogue.MxOneAntivirus) -> Quarantined and deleted successfully.

 

 

 

 

 

GRATA!!!

Compartilhar este post

Link para o post
Compartilhar em outros sites

MGuitar    11

MGuitar
Postado

- Faça o download do '>http://images.malwareremoval.com/random/RSIT.exe"]RSIT e salve no seu desktop;

 

● Dê dois cliques em RSIT.exe para executar o programa;

● Na janela que abrir clique no botão Continue para que a ferramenta comece a rodar;

● Quando a ferramenta terminar de rodar, abrirá um log automaticamente no bloco de notas contendo o resultado do scan. Cole o resultado desse log (log.txt) na sua próxima resposta;

● Cole também o conteúdo do arquivo info.txt que estará em C:\rsit\info.txt.

Compartilhar este post

Link para o post
Compartilhar em outros sites

Bruna Marcela    0

Bruna Marcela
Postado

- Faça o download do '>http://images.malwareremoval.com/random/RSIT.exe"]RSIT e salve no seu desktop;

 

● Dê dois cliques em RSIT.exe para executar o programa;

● Na janela que abrir clique no botão Continue para que a ferramenta comece a rodar;

● Quando a ferramenta terminar de rodar, abrirá um log automaticamente no bloco de notas contendo o resultado do scan. Cole o resultado desse log (log.txt) na sua próxima resposta;

● Cole também o conteúdo do arquivo info.txt que estará em C:\rsit\info.txt.

Compartilhar este post

Link para o post
Compartilhar em outros sites

Bruna Marcela    0

Bruna Marcela
Postado

LOG RSIT:

 

 

Logfile of random's system information tool 1.06 (written by random/random)

Run by Bruna Marcela at 2009-10-06 12:58:11

Microsoft® Windows Vista™ Home Basic Service Pack 2

System drive C: has 48 GB (34%) free of 144 GB

Total RAM: 3002 MB (63% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:58:43, on 06/10/2009

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18813)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Net Studio\USB FireWall\USB FireWall.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Program Files\Lexmark 1200 Series\LXCZbmgr.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\Lexmark 1200 Series\lxczbmon.exe

C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Bruna Marcela\Desktop\RSIT.exe

C:\Program Files\trend micro\Bruna Marcela.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=pt_br&c=91&bd=Presario&pf=cnnb

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=pt_br&c=91&bd=Presario&pf=cnnb

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=pt_br&c=91&bd=Presario&pf=cnnb

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=pt_br&c=91&bd=Presario&pf=cnnb

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [updateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

O4 - HKLM\..\Run: [updatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

O4 - HKLM\..\Run: [updatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [uSBFW] C:\Program Files\Net Studio\USB FireWall\USB FireWall.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

O4 - HKLM\..\Run: [lxczbmgr.exe] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [sidebar] C:\Program Files\windows sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')

O4 - Global Startup: McAfee Security Scan.lnk = ?

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O17 - HKLM\System\CCS\Services\Tcpip\..\{3050D0B5-8E68-48E4-8B97-510C8B3DFD89}: NameServer = 208.67.222.222,208.67.220.220

O17 - HKLM\System\CCS\Services\Tcpip\..\{FE17C6F6-2B76-4A43-B657-BDEFF6582ADD}: NameServer = 200.223.0.84,200.222.0.34

O17 - HKLM\System\CS1\Services\Tcpip\..\{3050D0B5-8E68-48E4-8B97-510C8B3DFD89}: NameServer = 208.67.222.222,208.67.220.220

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: Norton 2009 Reset (.norton2009Reset) - Unknown owner - C:\ProgramData\Norton\Norton2009Reset.exe

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e7ea6efc\aestsrv.exe

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: lxcz_device - - C:\Windows\system32\lxczcoms.exe

O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe

O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e7ea6efc\STacSV.exe

 

--

End of file - 11110 bytes

 

======Scheduled tasks folder======

 

C:\Windows\tasks\User_Feed_Synchronization-{A734DB46-0FB2-44B1-A2A9-EC90ADAD4A57}.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

Symantec NCO BHO

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]

Symantec Intrusion Prevention

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]

Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Auxiliar de Conexão do Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-09-27 41760]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]

Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - []

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-09-09 150040]

"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-09-09 178712]

"Persistence"=C:\Windows\system32\igfxpers.exe [2008-09-09 154136]

"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2008-01-21 217088]

"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2008-09-23 468264]

"UpdateLBPShortCut"=C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [2008-06-13 210216]

"UpdatePSTShortCut"=C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [2008-09-26 210216]

"UCam_Menu"=C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2007-12-24 222504]

"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]

"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2008-08-01 202032]

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

"UpdateP2GoShortCut"=C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2008-06-13 210216]

"UpdatePDIRShortCut"=C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [2008-06-13 210216]

"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-09-27 149280]

"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-16 75008]

"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]

"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2008-04-15 488752]

"CloneCDTray"=C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2006-09-28 57344]

"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]

"USBFW"=C:\Program Files\Net Studio\USB FireWall\USB FireWall.exe [2008-09-01 1330688]

"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-08-17 81000]

"SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2008-09-11 446556]

"lxczbmgr.exe"=C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe [2007-04-19 74672]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2009-06-17 2363392]

"Sidebar"=C:\Program Files\windows sidebar\sidebar.exe [2009-04-11 1233920]

"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-20 202240]

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

McAfee Security Scan.lnk - C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\Windows\system32\igfxdev.dll [2008-09-02 221184]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"EnableUIADesktopToggle"=0

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveAutoRun"=FFFFFFFF

"NoDriveTypeAutoRun"=145

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"BindDirectlyToPropertySetStorage"=

"NoDriveTypeAutoRun"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

 

======File associations======

 

.js - edit - C:\Windows\System32\Notepad.exe %1

.js - open - C:\Windows\System32\WScript.exe "%1" %*

 

======List of files/folders created in the last 1 months======

 

2009-10-06 12:58:11 ----D---- C:\rsit

2009-10-06 12:58:11 ----D---- C:\Program Files\trend micro

2009-10-03 17:44:22 ----N---- C:\Windows\system32\MpSigStub.exe

2009-10-01 16:45:44 ----A---- C:\Windows\system32\wups2.dll

2009-10-01 16:45:44 ----A---- C:\Windows\system32\wucltux.dll

2009-10-01 16:45:44 ----A---- C:\Windows\system32\wuaueng.dll

2009-10-01 16:45:44 ----A---- C:\Windows\system32\wuauclt.exe

2009-10-01 16:45:07 ----A---- C:\Windows\system32\wups.dll

2009-10-01 16:45:07 ----A---- C:\Windows\system32\wudriver.dll

2009-10-01 16:45:07 ----A---- C:\Windows\system32\wuapi.dll

2009-10-01 16:44:57 ----A---- C:\Windows\system32\wuwebv.dll

2009-10-01 16:44:57 ----A---- C:\Windows\system32\wuapp.exe

2009-09-30 13:45:37 ----D---- C:\ProgramData\McAfee

2009-09-30 13:00:23 ----D---- C:\ProgramData\McAfee Security Scan

2009-09-30 13:00:22 ----D---- C:\Program Files\McAfee Security Scan

2009-09-30 12:59:57 ----D---- C:\ProgramData\NOS

2009-09-30 12:59:57 ----D---- C:\Program Files\NOS

2009-09-30 11:47:56 ----D---- C:\Program Files\Lexmark 1200 Series

2009-09-30 11:47:49 ----A---- C:\Windows\system32\lxczutil.dll

2009-09-30 11:47:49 ----A---- C:\Windows\system32\lxczusb1.dll

2009-09-30 11:47:49 ----A---- C:\Windows\system32\lxczserv.dll

2009-09-30 11:47:49 ----A---- C:\Windows\system32\LXCZinst.dll

2009-09-30 11:47:49 ----A---- C:\Windows\system32\lxczinpa.dll

2009-09-30 11:47:49 ----A---- C:\Windows\system32\lxcziesc.dll

2009-09-30 11:47:49 ----A---- C:\Windows\system32\LXCZhcp.dll

2009-09-30 11:47:48 ----A---- C:\Windows\system32\lxczprox.dll

2009-09-30 11:47:48 ----A---- C:\Windows\system32\lxczpplc.dll

2009-09-30 11:47:48 ----A---- C:\Windows\system32\lxczpmui.dll

2009-09-30 11:47:48 ----A---- C:\Windows\system32\lxczlmpm.dll

2009-09-30 11:47:48 ----A---- C:\Windows\system32\lxczjswr.dll

2009-09-30 11:47:48 ----A---- C:\Windows\system32\lxczinsr.dll

2009-09-30 11:47:48 ----A---- C:\Windows\system32\lxczinsb.dll

2009-09-30 11:47:48 ----A---- C:\Windows\system32\lxczins.dll

2009-09-30 11:47:48 ----A---- C:\Windows\system32\lxczih.exe

2009-09-30 11:47:48 ----A---- C:\Windows\system32\lxczhbn3.dll

2009-09-30 11:47:48 ----A---- C:\Windows\system32\lxczgf.dll

2009-09-30 11:47:48 ----A---- C:\Windows\system32\lxczcur.dll

2009-09-30 11:47:48 ----A---- C:\Windows\system32\lxczcu.dll

2009-09-30 11:47:48 ----A---- C:\Windows\system32\lxczcoms.exe

2009-09-30 11:47:47 ----A---- C:\Windows\system32\lxczcomm.dll

2009-09-30 11:47:47 ----A---- C:\Windows\system32\lxczcomc.dll

2009-09-30 11:47:47 ----A---- C:\Windows\system32\lxczcfg.exe

2009-09-30 11:47:47 ----A---- C:\Windows\system32\LXCZcfg.dll

2009-09-29 15:59:41 ----A---- C:\ComboFix.txt

2009-09-29 15:51:08 ----D---- C:\Windows\temp

2009-09-29 13:05:32 ----D---- C:\Users\Bruna Marcela\AppData\Roaming\Malwarebytes

2009-09-29 13:05:27 ----D---- C:\ProgramData\Malwarebytes

2009-09-29 13:05:27 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2009-09-29 12:55:10 ----RAD---- C:\autorun.inf

2009-09-29 12:50:18 ----A---- C:\UsbFix.txt

2009-09-29 12:46:15 ----D---- C:\UsbFix

2009-09-28 17:29:47 ----D---- C:\Qoobox

2009-09-28 14:10:37 ----A---- C:\Windows\system32\tmp90E9.tmp

2009-09-27 17:32:24 ----D---- C:\Windows\system32\vi-VN

2009-09-27 17:32:24 ----D---- C:\Windows\system32\eu-ES

2009-09-27 17:32:24 ----D---- C:\Windows\system32\ca-ES

2009-09-27 16:46:01 ----A---- C:\Windows\system32\WSDApi.dll

2009-09-27 16:46:00 ----A---- C:\Windows\system32\TsWpfWrp.exe

2009-09-27 16:46:00 ----A---- C:\Windows\system32\PresentationNative_v0300.dll

2009-09-27 16:46:00 ----A---- C:\Windows\system32\PresentationHostProxy.dll

2009-09-27 16:46:00 ----A---- C:\Windows\system32\PresentationHost.exe

2009-09-27 16:45:59 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll

2009-09-27 16:45:58 ----A---- C:\Windows\system32\tquery.dll

2009-09-27 16:45:58 ----A---- C:\Windows\system32\SearchProtocolHost.exe

2009-09-27 16:45:58 ----A---- C:\Windows\system32\SearchIndexer.exe

2009-09-27 16:45:58 ----A---- C:\Windows\system32\SearchFilterHost.exe

2009-09-27 16:45:58 ----A---- C:\Windows\system32\propdefs.dll

2009-09-27 16:45:58 ----A---- C:\Windows\system32\mssvp.dll

2009-09-27 16:45:58 ----A---- C:\Windows\system32\msstrc.dll

2009-09-27 16:45:57 ----A---- C:\Windows\system32\mssrch.dll

2009-09-27 16:45:57 ----A---- C:\Windows\system32\mssprxy.dll

2009-09-27 16:45:57 ----A---- C:\Windows\system32\mssphtb.dll

2009-09-27 16:45:57 ----A---- C:\Windows\system32\mssph.dll

2009-09-27 16:45:57 ----A---- C:\Windows\system32\mssitlb.dll

2009-09-27 16:45:57 ----A---- C:\Windows\system32\msshooks.dll

2009-09-27 16:45:57 ----A---- C:\Windows\system32\msscntrs.dll

2009-09-27 16:45:57 ----A---- C:\Windows\system32\msscb.dll

2009-09-27 16:45:56 ----A---- C:\Windows\system32\msshsq.dll

2009-09-27 16:45:55 ----A---- C:\Windows\system32\infocardapi.dll

2009-09-27 16:45:55 ----A---- C:\Windows\system32\icardres.dll

2009-09-27 16:45:55 ----A---- C:\Windows\system32\icardagt.exe

2009-09-27 16:45:34 ----A---- C:\Windows\system32\PNPXAssoc.dll

2009-09-27 16:45:30 ----A---- C:\Windows\system32\MPSSVC.dll

2009-09-27 16:45:25 ----A---- C:\Windows\system32\mscories.dll

2009-09-27 16:45:25 ----A---- C:\Windows\system32\mscorier.dll

2009-09-27 16:45:25 ----A---- C:\Windows\system32\mscoree.dll

2009-09-27 16:45:25 ----A---- C:\Windows\system32\dfshim.dll

2009-09-27 16:45:20 ----A---- C:\Windows\system32\winhttp.dll

2009-09-27 16:45:20 ----A---- C:\Windows\system32\bthserv.dll

2009-09-27 16:45:20 ----A---- C:\Windows\system32\bthci.dll

2009-09-27 16:45:16 ----A---- C:\Windows\system32\zipfldr.dll

2009-09-27 16:45:16 ----A---- C:\Windows\system32\CertEnrollUI.dll

2009-09-27 16:45:16 ----A---- C:\Windows\system32\CertEnroll.dll

2009-09-27 16:45:15 ----A---- C:\Windows\system32\wusa.exe

2009-09-27 16:45:14 ----A---- C:\Windows\system32\wsdchngr.dll

2009-09-27 16:45:13 ----A---- C:\Windows\system32\WMVXENCD.DLL

2009-09-27 16:45:13 ----A---- C:\Windows\system32\WMVSDECD.DLL

2009-09-27 16:45:13 ----A---- C:\Windows\system32\PortableDeviceTypes.dll

2009-09-27 16:45:13 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll

2009-09-27 16:45:13 ----A---- C:\Windows\system32\PortableDeviceApi.dll

2009-09-27 16:45:12 ----A---- C:\Windows\system32\WMVENCOD.DLL

2009-09-27 16:45:09 ----A---- C:\Windows\system32\wmicmiplugin.dll

2009-09-27 16:45:09 ----A---- C:\Windows\system32\wlanui.dll

2009-09-27 16:45:08 ----A---- C:\Windows\system32\wlgpclnt.dll

2009-09-27 16:45:08 ----A---- C:\Windows\system32\wlanpref.dll

2009-09-27 16:45:08 ----A---- C:\Windows\system32\wlangpui.dll

2009-09-27 16:45:08 ----A---- C:\Windows\system32\winsrv.dll

2009-09-27 16:45:08 ----A---- C:\Windows\system32\winlogon.exe

2009-09-27 16:45:08 ----A---- C:\Windows\system32\WindowsCodecsExt.dll

2009-09-27 16:45:08 ----A---- C:\Windows\system32\WindowsCodecs.dll

2009-09-27 16:45:07 ----A---- C:\Windows\system32\wiaaut.dll

2009-09-27 16:45:07 ----A---- C:\Windows\system32\whealogr.dll

2009-09-27 16:45:07 ----A---- C:\Windows\system32\WebClnt.dll

2009-09-27 16:45:07 ----A---- C:\Windows\system32\WcnNetsh.dll

2009-09-27 16:45:07 ----A---- C:\Windows\system32\wcncsvc.dll

2009-09-27 16:45:07 ----A---- C:\Windows\system32\fdWCN.dll

2009-09-27 16:45:07 ----A---- C:\Windows\system32\davclnt.dll

2009-09-27 16:45:03 ----A---- C:\Windows\system32\WinSAT.exe

2009-09-27 16:45:02 ----A---- C:\Windows\system32\WscEapPr.dll

2009-09-27 16:45:02 ----A---- C:\Windows\system32\wiaservc.dll

2009-09-27 16:44:55 ----A---- C:\Windows\system32\wmpmde.dll

2009-09-27 16:44:55 ----A---- C:\Windows\system32\chsbrkr.dll

2009-09-27 16:44:54 ----A---- C:\Windows\system32\WsmSvc.dll

2009-09-27 16:44:54 ----A---- C:\Windows\system32\wcnwiz2.dll

2009-09-27 16:44:54 ----A---- C:\Windows\system32\wcnwiz.dll

2009-09-27 16:44:54 ----A---- C:\Windows\system32\korwbrkr.dll

2009-09-27 16:44:53 ----A---- C:\Windows\system32\VSSVC.exe

2009-09-27 16:44:53 ----A---- C:\Windows\system32\thawbrkr.dll

2009-09-27 16:44:53 ----A---- C:\Windows\system32\swprv.dll

2009-09-27 16:44:53 ----A---- C:\Windows\system32\mswsock.dll

2009-09-27 16:44:53 ----A---- C:\Windows\system32\chtbrkr.dll

2009-09-27 16:44:52 ----A---- C:\Windows\system32\vssapi.dll

2009-09-27 16:44:52 ----A---- C:\Windows\system32\version.dll

2009-09-27 16:44:52 ----A---- C:\Windows\system32\vdsutil.dll

2009-09-27 16:44:52 ----A---- C:\Windows\system32\vds.exe

2009-09-27 16:44:52 ----A---- C:\Windows\system32\MSVidCtl.dll

2009-09-27 16:44:51 ----A---- C:\Windows\system32\vdsdyn.dll

2009-09-27 16:44:51 ----A---- C:\Windows\system32\Utilman.exe

2009-09-27 16:44:51 ----A---- C:\Windows\system32\usp10.dll

2009-09-27 16:44:51 ----A---- C:\Windows\system32\scavenge.dll

2009-09-27 16:44:51 ----A---- C:\Windows\system32\psisdecd.dll

2009-09-27 16:44:51 ----A---- C:\Windows\system32\compcln.exe

2009-09-27 16:44:50 ----A---- C:\Windows\system32\userenv.dll

2009-09-27 16:44:50 ----A---- C:\Windows\system32\usercpl.dll

2009-09-27 16:44:50 ----A---- C:\Windows\system32\user32.dll

2009-09-27 16:44:50 ----A---- C:\Windows\system32\powrprof.dll

2009-09-27 16:44:49 ----A---- C:\Windows\system32\w32time.dll

2009-09-27 16:44:49 ----A---- C:\Windows\system32\themeui.dll

2009-09-27 16:44:49 ----A---- C:\Windows\system32\themecpl.dll

2009-09-27 16:44:49 ----A---- C:\Windows\system32\modemui.dll

2009-09-27 16:44:49 ----A---- C:\Windows\system32\EncDec.dll

2009-09-27 16:44:49 ----A---- C:\Windows\system32\cbsra.exe

2009-09-27 16:44:48 ----A---- C:\Windows\system32\TSTheme.exe

2009-09-27 16:44:48 ----A---- C:\Windows\system32\tcpipcfg.dll

2009-09-27 16:44:48 ----A---- C:\Windows\system32\taskeng.exe

2009-09-27 16:44:48 ----A---- C:\Windows\system32\schedsvc.dll

2009-09-27 16:44:47 ----A---- C:\Windows\system32\termsrv.dll

2009-09-27 16:44:47 ----A---- C:\Windows\system32\tapisrv.dll

2009-09-27 16:44:47 ----A---- C:\Windows\system32\rdpencom.dll

2009-09-27 16:44:47 ----A---- C:\Windows\system32\mscandui.dll

2009-09-27 16:44:47 ----A---- C:\Windows\system32\input.dll

2009-09-27 16:44:46 ----A---- C:\Windows\system32\wisptis.exe

2009-09-27 16:44:46 ----A---- C:\Windows\system32\regapi.dll

2009-09-27 16:44:45 ----A---- C:\Windows\system32\tscupgrd.exe

2009-09-27 16:44:45 ----A---- C:\Windows\system32\mstsc.exe

2009-09-27 16:44:45 ----A---- C:\Windows\system32\MsCtfMonitor.dll

2009-09-27 16:44:45 ----A---- C:\Windows\system32\InkEd.dll

2009-09-27 16:44:44 ----A---- C:\Windows\system32\rdpwsx.dll

2009-09-27 16:44:43 ----A---- C:\Windows\system32\msutb.dll

2009-09-27 16:44:43 ----A---- C:\Windows\system32\msctf.dll

2009-09-27 16:44:42 ----A---- C:\Windows\system32\taskcomp.dll

2009-09-27 16:44:42 ----A---- C:\Windows\system32\softkbd.dll

2009-09-27 16:44:42 ----A---- C:\Windows\system32\msctfui.dll

2009-09-27 16:44:41 ----A---- C:\Windows\system32\mstlsapi.dll

2009-09-27 16:44:41 ----A---- C:\Windows\system32\msimtf.dll

2009-09-27 16:44:41 ----A---- C:\Windows\system32\msctfp.dll

2009-09-27 16:44:41 ----A---- C:\Windows\system32\CHxReadingStringIME.dll

2009-09-27 16:44:38 ----A---- C:\Windows\system32\IPHLPAPI.DLL

2009-09-27 16:44:37 ----A---- C:\Windows\system32\systemcpl.dll

2009-09-27 16:44:37 ----A---- C:\Windows\system32\srcore.dll

2009-09-27 16:44:37 ----A---- C:\Windows\system32\spwinsat.dll

2009-09-27 16:44:36 ----A---- C:\Windows\system32\sysclass.dll

2009-09-27 16:44:36 ----A---- C:\Windows\system32\sud.dll

2009-09-27 16:44:35 ----A---- C:\Windows\system32\Storprop.dll

2009-09-27 16:44:35 ----A---- C:\Windows\system32\stobject.dll

2009-09-27 16:44:35 ----A---- C:\Windows\system32\spp.dll

2009-09-27 16:44:34 ----A---- C:\Windows\system32\wsnmp32.dll

2009-09-27 16:44:34 ----A---- C:\Windows\system32\srvsvc.dll

2009-09-27 16:44:34 ----A---- C:\Windows\system32\smss.exe

2009-09-27 16:44:34 ----A---- C:\Windows\system32\SmiEngine.dll

2009-09-27 16:44:33 ----A---- C:\Windows\system32\SMBHelperClass.dll

2009-09-27 16:44:33 ----A---- C:\Windows\system32\shwebsvc.dll

2009-09-27 16:44:33 ----A---- C:\Windows\system32\shsvcs.dll

2009-09-27 16:44:33 ----A---- C:\Windows\system32\scksp.dll

2009-09-27 16:44:33 ----A---- C:\Windows\system32\SCardSvr.dll

2009-09-27 16:44:33 ----A---- C:\Windows\system32\certprop.dll

2009-09-27 16:44:33 ----A---- C:\Windows\system32\basecsp.dll

2009-09-27 16:44:32 ----A---- C:\Windows\system32\shsetup.dll

2009-09-27 16:44:32 ----A---- C:\Windows\system32\shlwapi.dll

2009-09-27 16:44:32 ----A---- C:\Windows\system32\shell32.dll

2009-09-27 16:44:32 ----A---- C:\Windows\system32\shdocvw.dll

2009-09-27 16:44:31 ----A---- C:\Windows\system32\spwizui.dll

2009-09-27 16:44:31 ----A---- C:\Windows\system32\spreview.exe

2009-09-27 16:44:31 ----A---- C:\Windows\system32\spinstall.exe

2009-09-27 16:44:31 ----A---- C:\Windows\system32\sperror.dll

2009-09-27 16:44:31 ----A---- C:\Windows\system32\spcmsg.dll

2009-09-27 16:44:31 ----A---- C:\Windows\system32\setupapi.dll

2009-09-27 16:44:31 ----A---- C:\Windows\system32\sethc.exe

2009-09-27 16:44:30 ----A---- C:\Windows\system32\wscsvc.dll

2009-09-27 16:44:30 ----A---- C:\Windows\system32\wscisvif.dll

2009-09-27 16:44:30 ----A---- C:\Windows\system32\wscapi.dll

2009-09-27 16:44:30 ----A---- C:\Windows\system32\sendmail.dll

2009-09-27 16:44:30 ----A---- C:\Windows\system32\netlogon.dll

2009-09-27 16:44:29 ----A---- C:\Windows\system32\wsepno.dll

2009-09-27 16:44:29 ----A---- C:\Windows\system32\slwmi.dll

2009-09-27 16:44:29 ----A---- C:\Windows\system32\slwga.dll

2009-09-27 16:44:29 ----A---- C:\Windows\system32\SLsvc.exe

2009-09-27 16:44:29 ----A---- C:\Windows\system32\slcinst.dll

2009-09-27 16:44:28 ----A---- C:\Windows\system32\wscript.exe

2009-09-27 16:44:28 ----A---- C:\Windows\system32\sdclt.exe

2009-09-27 16:44:28 ----A---- C:\Windows\system32\scrrun.dll

2009-09-27 16:44:28 ----A---- C:\Windows\system32\scrobj.dll

2009-09-27 16:44:28 ----A---- C:\Windows\system32\scecli.dll

2009-09-27 16:44:28 ----A---- C:\Windows\system32\scansetting.dll

2009-09-27 16:44:28 ----A---- C:\Windows\system32\pidgenx.dll

2009-09-27 16:44:28 ----A---- C:\Windows\system32\cscript.exe

2009-09-27 16:44:27 ----A---- C:\Windows\system32\wscntfy.dll

2009-09-27 16:44:27 ----A---- C:\Windows\system32\SLUINotify.dll

2009-09-27 16:44:27 ----A---- C:\Windows\system32\SLUI.exe

2009-09-27 16:44:27 ----A---- C:\Windows\system32\SLLUA.exe

2009-09-27 16:44:27 ----A---- C:\Windows\system32\SLCommDlg.dll

2009-09-27 16:44:27 ----A---- C:\Windows\system32\secproc.dll

2009-09-27 16:44:27 ----A---- C:\Windows\system32\RMActivate.exe

2009-09-27 16:44:26 ----A---- C:\Windows\system32\slcc.dll

2009-09-27 16:44:26 ----A---- C:\Windows\system32\services.exe

2009-09-27 16:44:23 ----A---- C:\Windows\system32\secproc_ssp.dll

2009-09-27 16:44:23 ----A---- C:\Windows\system32\RMActivate_ssp.exe

2009-09-27 16:44:22 ----A---- C:\Windows\system32\SLCExt.dll

2009-09-27 16:44:21 ----A---- C:\Windows\system32\sysmain.dll

2009-09-27 16:44:21 ----A---- C:\Windows\system32\secproc_isv.dll

2009-09-27 16:44:21 ----A---- C:\Windows\system32\RMActivate_isv.exe

2009-09-27 16:44:20 ----A---- C:\Windows\system32\slmgr.vbs

2009-09-27 16:44:19 ----A---- C:\Windows\system32\wshext.dll

2009-09-27 16:44:19 ----A---- C:\Windows\system32\SLC.dll

2009-09-27 16:44:19 ----A---- C:\Windows\system32\ntmarta.dll

2009-09-27 16:44:19 ----A---- C:\Windows\system32\authz.dll

2009-09-27 16:44:18 ----A---- C:\Windows\system32\scesrv.dll

2009-09-27 16:44:16 ----A---- C:\Windows\system32\WinSCard.dll

2009-09-27 16:44:15 ----A---- C:\Windows\system32\secproc_ssp_isv.dll

2009-09-27 16:44:15 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe

2009-09-27 16:44:12 ----A---- C:\Windows\system32\rsaenh.dll

2009-09-27 16:44:12 ----A---- C:\Windows\system32\rpchttp.dll

2009-09-27 16:44:12 ----A---- C:\Windows\system32\riched20.dll

2009-09-27 16:44:12 ----A---- C:\Windows\system32\regsvc.dll

2009-09-27 16:44:12 ----A---- C:\Windows\system32\rastls.dll

2009-09-27 16:44:12 ----A---- C:\Windows\system32\rastapi.dll

2009-09-27 16:44:11 ----A---- C:\Windows\system32\rtutils.dll

2009-09-27 16:44:11 ----A---- C:\Windows\system32\rasppp.dll

2009-09-27 16:44:11 ----A---- C:\Windows\system32\rasplap.dll

2009-09-27 16:44:11 ----A---- C:\Windows\system32\rasmontr.dll

2009-09-27 16:44:11 ----A---- C:\Windows\system32\rasmans.dll

2009-09-27 16:44:11 ----A---- C:\Windows\system32\rasgcw.dll

2009-09-27 16:44:11 ----A---- C:\Windows\system32\rasdlg.dll

2009-09-27 16:44:11 ----A---- C:\Windows\system32\ifmon.dll

2009-09-27 16:44:11 ----A---- C:\Windows\system32\cmmon32.exe

2009-09-27 16:44:11 ----A---- C:\Windows\system32\cmdial32.dll

2009-09-27 16:44:10 ----A---- C:\Windows\system32\rasdial.exe

2009-09-27 16:44:10 ----A---- C:\Windows\system32\rasdiag.dll

2009-09-27 16:44:10 ----A---- C:\Windows\system32\raschap.dll

2009-09-27 16:44:10 ----A---- C:\Windows\system32\rasapi32.dll

2009-09-27 16:44:09 ----A---- C:\Windows\system32\RelMon.dll

2009-09-27 16:44:09 ----A---- C:\Windows\system32\reg.exe

2009-09-27 16:44:09 ----A---- C:\Windows\system32\RacEngn.dll

2009-09-27 16:44:09 ----A---- C:\Windows\system32\msdrm.dll

2009-09-27 16:44:08 ----A---- C:\Windows\system32\qedit.dll

2009-09-27 16:44:08 ----A---- C:\Windows\system32\PSHED.DLL

2009-09-27 16:44:08 ----A---- C:\Windows\system32\propsys.dll

2009-09-27 16:44:05 ----A---- C:\Windows\system32\spoolsv.exe

2009-09-27 16:44:05 ----A---- C:\Windows\system32\profsvc.dll

2009-09-27 16:44:04 ----A---- C:\Windows\system32\powercpl.dll

2009-09-27 16:44:04 ----A---- C:\Windows\system32\PnPutil.exe

2009-09-27 16:44:04 ----A---- C:\Windows\system32\pnpui.dll

2009-09-27 16:44:04 ----A---- C:\Windows\system32\pnpsetup.dll

2009-09-27 16:44:04 ----A---- C:\Windows\system32\oleprn.dll

2009-09-27 16:44:03 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll

2009-09-27 16:44:03 ----A---- C:\Windows\system32\devmgr.dll

2009-09-27 16:44:03 ----A---- C:\Windows\system32\DeviceEject.exe

2009-09-27 16:44:02 ----A---- C:\Windows\system32\WMPhoto.dll

2009-09-27 16:44:02 ----A---- C:\Windows\system32\wdc.dll

2009-09-27 16:44:02 ----A---- C:\Windows\system32\photowiz.dll

2009-09-27 16:44:01 ----A---- C:\Windows\system32\wpccpl.dll

2009-09-27 16:44:01 ----A---- C:\Windows\system32\PerfCenterCPL.dll

2009-09-27 16:44:01 ----A---- C:\Windows\system32\p2psvc.dll

2009-09-27 16:44:01 ----A---- C:\Windows\system32\P2PGraph.dll

2009-09-27 16:44:00 ----A---- C:\Windows\system32\wdscore.dll

2009-09-27 16:44:00 ----A---- C:\Windows\system32\PkgMgr.exe

2009-09-27 16:43:59 ----A---- C:\Windows\system32\WSDMon.dll

2009-09-27 16:43:59 ----A---- C:\Windows\system32\tcpmon.dll

2009-09-27 16:43:59 ----A---- C:\Windows\system32\spoolss.dll

2009-09-27 16:43:59 ----A---- C:\Windows\system32\prnntfy.dll

2009-09-27 16:43:59 ----A---- C:\Windows\system32\printui.dll

2009-09-27 16:43:59 ----A---- C:\Windows\system32\PnPUnattend.exe

2009-09-27 16:43:59 ----A---- C:\Windows\system32\perfdisk.dll

2009-09-27 16:43:59 ----A---- C:\Windows\system32\pdh.dll

2009-09-27 16:43:59 ----A---- C:\Windows\system32\ntprint.dll

2009-09-27 16:43:59 ----A---- C:\Windows\system32\inetppui.dll

2009-09-27 16:43:59 ----A---- C:\Windows\system32\inetpp.dll

2009-09-27 16:43:58 ----A---- C:\Windows\system32\wpcsvc.dll

2009-09-27 16:43:58 ----A---- C:\Windows\system32\wpcao.dll

2009-09-27 16:43:58 ----A---- C:\Windows\system32\win32spl.dll

2009-09-27 16:43:58 ----A---- C:\Windows\system32\puiapi.dll

2009-09-27 16:43:58 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe

2009-09-27 16:43:58 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll

2009-09-27 16:43:58 ----A---- C:\Windows\system32\osk.exe

2009-09-27 16:43:58 ----A---- C:\Windows\system32\logman.exe

2009-09-27 16:43:57 ----A---- C:\Windows\system32\onex.dll

2009-09-27 16:43:57 ----A---- C:\Windows\system32\ntoskrnl.exe

2009-09-27 16:43:57 ----A---- C:\Windows\system32\ntkrnlpa.exe

2009-09-27 16:43:56 ----A---- C:\Windows\system32\wow32.dll

2009-09-27 16:43:56 ----A---- C:\Windows\system32\vdmdbg.dll

2009-09-27 16:43:56 ----A---- C:\Windows\system32\olepro32.dll

2009-09-27 16:43:56 ----A---- C:\Windows\system32\oleaut32.dll

2009-09-27 16:43:56 ----A---- C:\Windows\system32\ocsetup.exe

2009-09-27 16:43:56 ----A---- C:\Windows\system32\ntdll.dll

2009-09-27 16:43:56 ----A---- C:\Windows\system32\csrstub.exe

2009-09-27 16:43:56 ----A---- C:\Windows\system32\cscdll.dll

2009-09-27 16:43:56 ----A---- C:\Windows\system32\cscapi.dll

2009-09-27 16:43:55 ----A---- C:\Windows\system32\nslookup.exe

2009-09-27 16:43:55 ----A---- C:\Windows\system32\newdev.exe

2009-09-27 16:43:55 ----A---- C:\Windows\system32\newdev.dll

2009-09-27 16:43:55 ----A---- C:\Windows\system32\networkmap.dll

2009-09-27 16:43:55 ----A---- C:\Windows\system32\networkitemfactory.dll

2009-09-27 16:43:54 ----A---- C:\Windows\system32\networkexplorer.dll

2009-09-27 16:43:53 ----A---- C:\Windows\system32\netcenter.dll

2009-09-27 16:43:52 ----A---- C:\Windows\system32\IKEEXT.DLL

2009-09-27 16:43:52 ----A---- C:\Windows\system32\FWPUCLNT.DLL

2009-09-27 16:43:51 ----A---- C:\Windows\system32\pnidui.dll

2009-09-27 16:43:51 ----A---- C:\Windows\system32\BFE.DLL

2009-09-27 16:43:50 ----A---- C:\Windows\system32\netshell.dll

2009-09-27 16:43:50 ----A---- C:\Windows\system32\netplwiz.dll

2009-09-27 16:43:50 ----A---- C:\Windows\system32\netapi32.dll

2009-09-27 16:43:49 ----A---- C:\Windows\system32\NlsLexicons0009.dll

2009-09-27 16:43:49 ----A---- C:\Windows\system32\NlsLexicons0007.dll

2009-09-27 16:43:49 ----A---- C:\Windows\system32\ncryptui.dll

2009-09-27 16:43:49 ----A---- C:\Windows\system32\ncrypt.dll

2009-09-27 16:43:49 ----A---- C:\Windows\system32\NcdProp.dll

2009-09-27 16:43:49 ----A---- C:\Windows\system32\NaturalLanguage6.dll

2009-09-27 16:43:49 ----A---- C:\Windows\system32\iashlpr.dll

2009-09-27 16:43:46 ----A---- C:\Windows\system32\ipsmsnap.dll

2009-09-27 16:43:46 ----A---- C:\Windows\system32\ipsecsnp.dll

2009-09-27 16:43:46 ----A---- C:\Windows\system32\iassdo.dll

2009-09-27 16:43:46 ----A---- C:\Windows\system32\iassam.dll

2009-09-27 16:43:46 ----A---- C:\Windows\system32\iasnap.dll

2009-09-27 16:43:45 ----A---- C:\Windows\system32\sdohlp.dll

2009-09-27 16:43:45 ----A---- C:\Windows\system32\iasrecst.dll

2009-09-27 16:43:45 ----A---- C:\Windows\system32\iasrad.dll

2009-09-27 16:43:45 ----A---- C:\Windows\system32\iaspolcy.dll

2009-09-27 16:43:45 ----A---- C:\Windows\system32\IasMigReader.exe

2009-09-27 16:43:45 ----A---- C:\Windows\system32\IasMigPlugin.dll

2009-09-27 16:43:45 ----A---- C:\Windows\system32\iasdatastore.dll

2009-09-27 16:43:45 ----A---- C:\Windows\system32\iasads.dll

2009-09-27 16:43:44 ----A---- C:\Windows\system32\QAGENTRT.DLL

2009-09-27 16:43:44 ----A---- C:\Windows\system32\IPSECSVC.DLL

2009-09-27 16:43:44 ----A---- C:\Windows\system32\iassvcs.dll

2009-09-27 16:43:44 ----A---- C:\Windows\system32\iasacct.dll

2009-09-27 16:43:43 ----A---- C:\Windows\system32\msxml6.dll

2009-09-27 16:43:43 ----A---- C:\Windows\system32\msxml3.dll

2009-09-27 16:43:43 ----A---- C:\Windows\system32\msvcrt.dll

2009-09-27 16:43:43 ----A---- C:\Windows\system32\msvcp60.dll

2009-09-27 16:43:43 ----A---- C:\Windows\system32\FwRemoteSvr.dll

2009-09-27 16:43:42 ----A---- C:\Windows\system32\msinfo32.exe

2009-09-27 16:43:42 ----A---- C:\Windows\system32\msftedit.dll

2009-09-27 16:43:42 ----A---- C:\Windows\system32\mprapi.dll

2009-09-27 16:43:42 ----A---- C:\Windows\system32\mpr.dll

2009-09-27 16:43:42 ----A---- C:\Windows\system32\adtschema.dll

2009-09-27 16:43:41 ----A---- C:\Windows\system32\SyncCenter.dll

2009-09-27 16:43:41 ----A---- C:\Windows\system32\MMDevAPI.dll

2009-09-27 16:43:41 ----A---- C:\Windows\system32\mfplat.dll

2009-09-27 16:43:41 ----A---- C:\Windows\system32\mfc42u.dll

2009-09-27 16:43:41 ----A---- C:\Windows\system32\mfc42.dll

2009-09-27 16:43:40 ----A---- C:\Windows\system32\wmpeffects.dll

2009-09-27 16:43:40 ----A---- C:\Windows\system32\WMNetMgr.dll

2009-09-27 16:43:40 ----A---- C:\Windows\system32\wmdrmsdk.dll

2009-09-27 16:43:40 ----A---- C:\Windows\system32\msscp.dll

2009-09-27 16:43:40 ----A---- C:\Windows\system32\msnetobj.dll

2009-09-27 16:43:40 ----A---- C:\Windows\system32\logagent.exe

2009-09-27 16:43:40 ----A---- C:\Windows\system32\drmv2clt.dll

2009-09-27 16:43:40 ----A---- C:\Windows\system32\drmmgrtn.dll

2009-09-27 16:43:40 ----A---- C:\Windows\system32\blackbox.dll

2009-09-27 16:43:38 ----A---- C:\Windows\system32\MediaMetadataHandler.dll

2009-09-27 16:43:37 ----A---- C:\Windows\system32\mcupdate_GenuineIntel.dll

2009-09-27 16:43:37 ----A---- C:\Windows\system32\Magnify.exe

2009-09-27 16:43:37 ----A---- C:\Windows\system32\inetcomm.dll

2009-09-27 16:43:36 ----A---- C:\Windows\system32\odbcconf.dll

2009-09-27 16:43:36 ----A---- C:\Windows\system32\msjtes40.dll

2009-09-27 16:43:36 ----A---- C:\Windows\system32\msjetoledb40.dll

2009-09-27 16:43:35 ----A---- C:\Windows\system32\sqlsrv32.dll

2009-09-27 16:43:35 ----A---- C:\Windows\system32\msxbde40.dll

2009-09-27 16:43:35 ----A---- C:\Windows\system32\mswstr10.dll

2009-09-27 16:43:35 ----A---- C:\Windows\system32\mswdat10.dll

2009-09-27 16:43:35 ----A---- C:\Windows\system32\mspbde40.dll

2009-09-27 16:43:35 ----A---- C:\Windows\system32\msltus40.dll

2009-09-27 16:43:35 ----A---- C:\Windows\system32\msjter40.dll

2009-09-27 16:43:35 ----A---- C:\Windows\system32\msjint40.dll

2009-09-27 16:43:35 ----A---- C:\Windows\system32\msexch40.dll

2009-09-27 16:43:35 ----A---- C:\Windows\system32\mblctr.exe

2009-09-27 16:43:32 ----A---- C:\Windows\system32\odbccp32.dll

2009-09-27 16:43:32 ----A---- C:\Windows\system32\odbc32.dll

2009-09-27 16:43:32 ----A---- C:\Windows\system32\msexcl40.dll

2009-09-27 16:43:32 ----A---- C:\Windows\system32\mmcndmgr.dll

2009-09-27 16:43:31 ----A---- C:\Windows\system32\mmc.exe

2009-09-27 16:43:30 ----A---- C:\Windows\system32\mstext40.dll

2009-09-27 16:43:30 ----A---- C:\Windows\system32\msrepl40.dll

2009-09-27 16:43:30 ----A---- C:\Windows\system32\msjet40.dll

2009-09-27 16:43:29 ----A---- C:\Windows\system32\msrd3x40.dll

2009-09-27 16:43:29 ----A---- C:\Windows\system32\msrd2x40.dll

2009-09-27 16:43:28 ----A---- C:\Windows\system32\hdwwiz.exe

2009-09-27 16:43:28 ----A---- C:\Windows\system32\cdd.dll

2009-09-27 16:43:27 ----A---- C:\Windows\system32\Wldap32.dll

2009-09-27 16:43:27 ----A---- C:\Windows\system32\l2nacp.dll

2009-09-27 16:43:09 ----A---- C:\Windows\system32\msisip.dll

2009-09-27 16:43:09 ----A---- C:\Windows\system32\msimsg.dll

2009-09-27 16:43:09 ----A---- C:\Windows\system32\msihnd.dll

2009-09-27 16:43:09 ----A---- C:\Windows\system32\msiexec.exe

2009-09-27 16:43:09 ----A---- C:\Windows\system32\msi.dll

2009-09-27 16:43:09 ----A---- C:\Windows\system32\kernel32.dll

2009-09-27 16:43:09 ----A---- C:\Windows\system32\ipconfig.exe

2009-09-27 16:43:09 ----A---- C:\Windows\system32\imm32.dll

2009-09-27 16:43:08 ----A---- C:\Windows\system32\imapi2.dll

2009-09-27 16:43:08 ----A---- C:\Windows\system32\imapi.dll

2009-09-27 16:43:07 ----A---- C:\Windows\system32\dbgeng.dll

2009-09-27 16:43:06 ----A---- C:\Windows\system32\mscms.dll

2009-09-27 16:43:01 ----A---- C:\Windows\system32\iphlpsvc.dll

2009-09-27 16:43:00 ----A---- C:\Windows\system32\f3ahvoas.dll

2009-09-27 16:42:57 ----A---- C:\Windows\system32\imapi2fs.dll

2009-09-27 16:42:57 ----A---- C:\Windows\system32\hidserv.dll

2009-09-27 16:42:56 ----A---- C:\Windows\system32\hbaapi.dll

2009-09-27 16:42:56 ----A---- C:\Windows\system32\apds.dll

2009-09-27 16:42:55 ----A---- C:\Windows\system32\gpsvc.dll

2009-09-27 16:42:55 ----A---- C:\Windows\system32\gpapi.dll

2009-09-27 16:42:55 ----A---- C:\Windows\system32\gdi32.dll

2009-09-27 16:42:55 ----A---- C:\Windows\system32\connect.dll

2009-09-27 16:42:54 ----A---- C:\Windows\system32\gpupdate.exe

2009-09-27 16:42:54 ----A---- C:\Windows\system32\gpresult.exe

2009-09-27 16:42:54 ----A---- C:\Windows\system32\gpedit.dll

2009-09-27 16:42:53 ----A---- C:\Windows\system32\ftp.exe

2009-09-27 16:42:52 ----A---- C:\Windows\system32\wersvc.dll

2009-09-27 16:42:52 ----A---- C:\Windows\system32\ulib.dll

2009-09-27 16:42:52 ----A---- C:\Windows\system32\FunctionDiscoveryFolder.dll

2009-09-27 16:42:52 ----A---- C:\Windows\system32\fontext.dll

2009-09-27 16:42:52 ----A---- C:\Windows\system32\findstr.exe

2009-09-27 16:42:52 ----A---- C:\Windows\system32\feclient.dll

2009-09-27 16:42:52 ----A---- C:\Windows\system32\fdeploy.dll

2009-09-27 16:42:52 ----A---- C:\Windows\system32\fdBthProxy.dll

2009-09-27 16:42:52 ----A---- C:\Windows\system32\fdBth.dll

2009-09-27 16:42:51 ----A---- C:\Windows\system32\untfs.dll

2009-09-27 16:42:51 ----A---- C:\Windows\system32\fc.exe

2009-09-27 16:42:49 ----A---- C:\Windows\system32\wevtutil.exe

2009-09-27 16:42:49 ----A---- C:\Windows\system32\wevtsvc.dll

2009-09-27 16:42:49 ----A---- C:\Windows\system32\wevtapi.dll

2009-09-27 16:42:49 ----A---- C:\Windows\system32\ExplorerFrame.dll

2009-09-27 16:42:49 ----A---- C:\Windows\system32\eudcedit.exe

2009-09-27 16:42:49 ----A---- C:\Windows\system32\EhStorShell.dll

2009-09-27 16:42:49 ----A---- C:\Windows\explorer.exe

2009-09-27 16:42:48 ----A---- C:\Windows\system32\WerFaultSecure.exe

2009-09-27 16:42:48 ----A---- C:\Windows\system32\WerFault.exe

2009-09-27 16:42:48 ----A---- C:\Windows\system32\wercon.exe

2009-09-27 16:42:48 ----A---- C:\Windows\system32\wer.dll

2009-09-27 16:42:48 ----A---- C:\Windows\system32\Faultrep.dll

2009-09-27 16:42:48 ----A---- C:\Windows\system32\evr.dll

2009-09-27 16:42:48 ----A---- C:\Windows\system32\EhStorPwdMgr.dll

2009-09-27 16:42:48 ----A---- C:\Windows\system32\EhStorAuthn.dll

2009-09-27 16:42:48 ----A---- C:\Windows\system32\EhStorAPI.dll

2009-09-27 16:42:47 ----A---- C:\Windows\system32\rekeywiz.exe

2009-09-27 16:42:45 ----A---- C:\Windows\system32\esent.dll

2009-09-27 16:42:44 ----A---- C:\Windows\system32\emdmgmt.dll

2009-09-27 16:42:44 ----A---- C:\Windows\system32\eapphost.dll

2009-09-27 16:42:44 ----A---- C:\Windows\system32\eappgnui.dll

2009-09-27 16:42:44 ----A---- C:\Windows\system32\eappcfg.dll

2009-09-27 16:42:44 ----A---- C:\Windows\system32\eapp3hst.dll

2009-09-27 16:42:43 ----A---- C:\Windows\system32\drvstore.dll

2009-09-27 16:42:43 ----A---- C:\Windows\system32\dpapimig.exe

2009-09-27 16:42:42 ----A---- C:\Windows\system32\dot3svc.dll

2009-09-27 16:42:42 ----A---- C:\Windows\system32\dot3msm.dll

2009-09-27 16:42:42 ----A---- C:\Windows\system32\dot3cfg.dll

2009-09-27 16:42:41 ----A---- C:\Windows\system32\winrnr.dll

2009-09-27 16:42:41 ----A---- C:\Windows\system32\dnsrslvr.dll

2009-09-27 16:42:41 ----A---- C:\Windows\system32\dnsapi.dll

2009-09-27 16:42:40 ----A---- C:\Windows\system32\diskraid.exe

2009-09-27 16:42:40 ----A---- C:\Windows\system32\diskpart.exe

2009-09-27 16:42:39 ----A---- C:\Windows\system32\samsrv.dll

2009-09-27 16:42:39 ----A---- C:\Windows\system32\samlib.dll

2009-09-27 16:42:39 ----A---- C:\Windows\system32\quartz.dll

2009-09-27 16:42:39 ----A---- C:\Windows\system32\qdvd.dll

2009-09-27 16:42:39 ----A---- C:\Windows\system32\dimsroam.dll

2009-09-27 16:42:39 ----A---- C:\Windows\system32\dhcpcsvc6.dll

2009-09-27 16:42:39 ----A---- C:\Windows\system32\dhcpcsvc.dll

2009-09-27 16:42:39 ----A---- C:\Windows\system32\d3d9.dll

2009-09-27 16:42:38 ----A---- C:\Windows\system32\uxsms.dll

2009-09-27 16:42:38 ----A---- C:\Windows\system32\uDWM.dll

2009-09-27 16:42:38 ----A---- C:\Windows\system32\tsbyuv.dll

2009-09-27 16:42:38 ----A---- C:\Windows\system32\milcore.dll

2009-09-27 16:42:38 ----A---- C:\Windows\system32\IMJP10K.DLL

2009-09-27 16:42:38 ----A---- C:\Windows\system32\dwm.exe

2009-09-27 16:42:38 ----A---- C:\Windows\system32\dfsr.exe

2009-09-27 16:42:38 ----A---- C:\Windows\system32\DevicePairingWizard.exe

2009-09-27 16:42:38 ----A---- C:\Windows\system32\DevicePairing.dll

2009-09-27 16:42:38 ----A---- C:\Windows\system32\dataclen.dll

2009-09-27 16:42:35 ----A---- C:\Windows\system32\umpnpmgr.dll

2009-09-27 16:42:35 ----A---- C:\Windows\system32\drvinst.exe

2009-09-27 16:42:35 ----A---- C:\Windows\system32\cryptui.dll

2009-09-27 16:42:35 ----A---- C:\Windows\system32\cryptsvc.dll

2009-09-27 16:42:35 ----A---- C:\Windows\system32\crypt32.dll

2009-09-27 16:42:35 ----A---- C:\Windows\system32\credui.dll

2009-09-27 16:42:34 ----A---- C:\Windows\system32\rtffilt.dll

2009-09-27 16:42:34 ----A---- C:\Windows\system32\autoconv.exe

2009-09-27 16:42:33 ----A---- C:\Windows\system32\offfilt.dll

2009-09-27 16:42:33 ----A---- C:\Windows\system32\mimefilt.dll

2009-09-27 16:42:32 ----A---- C:\Windows\system32\xmlfilter.dll

2009-09-27 16:42:32 ----A---- C:\Windows\system32\nlhtml.dll

2009-09-27 16:42:32 ----A---- C:\Windows\system32\conime.exe

2009-09-27 16:42:31 ----A---- C:\Windows\system32\rpcss.dll

2009-09-27 16:42:31 ----A---- C:\Windows\system32\ole32.dll

2009-09-27 16:42:31 ----A---- C:\Windows\system32\msdtctm.dll

2009-09-27 16:42:31 ----A---- C:\Windows\system32\msdtcprx.dll

2009-09-27 16:42:31 ----A---- C:\Windows\system32\comuid.dll

2009-09-27 16:42:31 ----A---- C:\Windows\system32\comdlg32.dll

2009-09-27 16:42:31 ----A---- C:\Windows\system32\ci.dll

2009-09-27 16:42:30 ----A---- C:\Windows\system32\cipher.exe

2009-09-27 16:42:30 ----A---- C:\Windows\system32\certutil.exe

2009-09-27 16:42:30 ----A---- C:\Windows\system32\certreq.exe

2009-09-27 16:42:29 ----A---- C:\Windows\system32\diagperf.dll

2009-09-27 16:42:29 ----A---- C:\Windows\system32\certcli.dll

2009-09-27 16:42:28 ----A---- C:\Windows\system32\Query.dll

2009-09-27 16:42:28 ----A---- C:\Windows\system32\mtxclu.dll

2009-09-27 16:42:28 ----A---- C:\Windows\system32\comsvcs.dll

2009-09-27 16:42:27 ----A---- C:\Windows\system32\wshbth.dll

2009-09-27 16:42:27 ----A---- C:\Windows\system32\qmgr.dll

2009-09-27 16:42:27 ----A---- C:\Windows\system32\es.dll

2009-09-27 16:42:27 ----A---- C:\Windows\system32\certmgr.dll

2009-09-27 16:42:27 ----A---- C:\Windows\system32\bthudtask.exe

2009-09-27 16:42:27 ----A---- C:\Windows\system32\browseui.dll

2009-09-27 16:42:27 ----A---- C:\Windows\system32\brcpl.dll

2009-09-27 16:42:27 ----A---- C:\Windows\system32\bitsigd.dll

2009-09-27 16:42:27 ----A---- C:\Windows\system32\bcrypt.dll

2009-09-27 16:42:26 ----A---- C:\Windows\system32\winresume.exe

2009-09-27 16:42:25 ----A---- C:\Windows\system32\winload.exe

2009-09-27 16:42:25 ----A---- C:\Windows\system32\kd1394.dll

2009-09-27 16:42:24 ----A---- C:\Windows\system32\kdcom.dll

2009-09-27 16:42:23 ----A---- C:\Windows\system32\kdusb.dll

2009-09-27 16:42:23 ----A---- C:\Windows\system32\azroles.dll

2009-09-27 16:42:22 ----A---- C:\Windows\system32\autoplay.dll

2009-09-27 16:42:22 ----A---- C:\Windows\system32\autofmt.exe

2009-09-27 16:42:22 ----A---- C:\Windows\system32\autochk.exe

2009-09-27 16:42:22 ----A---- C:\Windows\system32\authui.dll

2009-09-27 16:42:21 ----A---- C:\Windows\system32\winmm.dll

2009-09-27 16:42:21 ----A---- C:\Windows\system32\SndVol.exe

2009-09-27 16:42:21 ----A---- C:\Windows\system32\mmcico.dll

2009-09-27 16:42:21 ----A---- C:\Windows\system32\mmci.dll

2009-09-27 16:42:21 ----A---- C:\Windows\system32\midimap.dll

2009-09-27 16:42:21 ----A---- C:\Windows\system32\dsound.dll

2009-09-27 16:42:21 ----A---- C:\Windows\system32\dmusic.dll

2009-09-27 16:42:21 ----A---- C:\Windows\system32\dmsynth.dll

2009-09-27 16:42:21 ----A---- C:\Windows\system32\audiosrv.dll

2009-09-27 16:42:21 ----A---- C:\Windows\system32\AudioSes.dll

2009-09-27 16:42:21 ----A---- C:\Windows\system32\audiodg.exe

2009-09-27 16:42:21 ----A---- C:\Windows\system32\advapi32.dll

2009-09-27 16:42:20 ----A---- C:\Windows\system32\accessibilitycpl.dll

2009-09-27 16:42:19 ----A---- C:\Windows\system32\pcaui.dll

2009-09-27 16:42:19 ----A---- C:\Windows\system32\adsldpc.dll

2009-09-27 16:42:18 ----A---- C:\Windows\system32\WindowsAnytimeUpgradeCPL.dll

2009-09-27 16:42:18 ----A---- C:\Windows\system32\SmartcardCredentialProvider.dll

2009-09-27 16:42:18 ----A---- C:\Windows\system32\apphelp.dll

2009-09-27 16:42:18 ----A---- C:\Windows\system32\adsmsext.dll

2009-09-27 16:42:17 ----A---- C:\Windows\system32\iscsilog.dll

2009-09-27 16:42:15 ----A---- C:\Windows\system32\fundisc.dll

2009-09-27 16:42:15 ----A---- C:\Windows\system32\fdWSD.dll

2009-09-27 16:42:15 ----A---- C:\Windows\system32\fdSSDP.dll

2009-09-27 16:42:15 ----A---- C:\Windows\system32\fdProxy.dll

2009-09-27 16:42:11 ----A---- C:\Windows\system32\dsprop.dll

2009-09-27 16:42:11 ----A---- C:\Windows\system32\DevicePairingProxy.dll

2009-09-27 16:42:10 ----A---- C:\Windows\system32\srchadmin.dll

2009-09-27 16:42:10 ----A---- C:\Windows\system32\oobefldr.dll

2009-09-27 16:21:12 ----A---- C:\Windows\system32\lsasrv.dll

2009-09-27 16:21:11 ----A---- C:\Windows\system32\wdigest.dll

2009-09-27 16:21:11 ----A---- C:\Windows\system32\msv1_0.dll

2009-09-27 16:21:11 ----A---- C:\Windows\system32\kerberos.dll

2009-09-27 16:21:10 ----A---- C:\Windows\system32\schannel.dll

2009-09-27 16:21:09 ----A---- C:\Windows\system32\secur32.dll

2009-09-27 16:21:09 ----A---- C:\Windows\system32\lsass.exe

2009-09-27 15:52:17 ----A---- C:\Windows\system32\javaws.exe

2009-09-27 15:52:17 ----A---- C:\Windows\system32\javaw.exe

2009-09-27 15:52:17 ----A---- C:\Windows\system32\java.exe

2009-09-27 15:52:17 ----A---- C:\Windows\system32\deploytk.dll

2009-09-27 15:49:59 ----D---- C:\Windows\system32\EventProviders

2009-09-25 10:55:37 ----A---- C:\Windows\system32\tzres.dll

2009-09-24 16:04:50 ----D---- C:\Program Files\Mozilla Firefox

2009-09-24 16:03:42 ----D---- C:\Program Files\CCleaner

2009-09-24 16:02:38 ----D---- C:\Program Files\Marcos Velasco Security

2009-09-24 15:32:06 ----A---- C:\Windows\system32\netiohlp.dll

2009-09-24 15:32:04 ----A---- C:\Windows\system32\TCPSVCS.EXE

2009-09-24 15:32:04 ----A---- C:\Windows\system32\ROUTE.EXE

2009-09-24 15:32:04 ----A---- C:\Windows\system32\NETSTAT.EXE

2009-09-24 15:32:04 ----A---- C:\Windows\system32\MRINFO.EXE

2009-09-24 15:32:04 ----A---- C:\Windows\system32\HOSTNAME.EXE

2009-09-24 15:32:04 ----A---- C:\Windows\system32\finger.exe

2009-09-24 15:32:04 ----A---- C:\Windows\system32\ARP.EXE

2009-09-24 15:32:03 ----A---- C:\Windows\system32\netevent.dll

2009-09-24 15:31:06 ----A---- C:\Windows\system32\atl.dll

2009-09-24 15:30:50 ----A---- C:\Windows\system32\avifil32.dll

2009-09-24 15:24:56 ----A---- C:\Windows\system32\jscript.dll

2009-09-24 15:22:14 ----A---- C:\Windows\system32\wlansvc.dll

2009-09-24 15:22:14 ----A---- C:\Windows\system32\wlansec.dll

2009-09-24 15:22:14 ----A---- C:\Windows\system32\wlanmsm.dll

2009-09-24 15:22:14 ----A---- C:\Windows\system32\wlanhlp.dll

2009-09-24 15:22:14 ----A---- C:\Windows\system32\L2SecHC.dll

2009-09-24 15:22:13 ----A---- C:\Windows\system32\wlanapi.dll

2009-09-24 15:21:55 ----A---- C:\Windows\system32\t2embed.dll

2009-09-24 15:21:55 ----A---- C:\Windows\system32\lpk.dll

2009-09-24 15:21:55 ----A---- C:\Windows\system32\fontsub.dll

2009-09-24 15:21:55 ----A---- C:\Windows\system32\dciman32.dll

2009-09-24 15:21:55 ----A---- C:\Windows\system32\atmlib.dll

2009-09-24 15:21:55 ----A---- C:\Windows\system32\atmfd.dll

2009-09-24 15:21:42 ----A---- C:\Windows\system32\WMVCORE.DLL

2009-09-24 15:21:41 ----A---- C:\Windows\system32\mf.dll

2009-09-24 15:21:40 ----A---- C:\Windows\system32\rrinstaller.exe

2009-09-24 15:21:40 ----A---- C:\Windows\system32\mfps.dll

2009-09-24 15:21:40 ----A---- C:\Windows\system32\mfpmp.exe

2009-09-24 15:21:39 ----A---- C:\Windows\system32\mferror.dll

2009-09-24 15:16:10 ----A---- C:\Windows\system32\wkssvc.dll

2009-09-24 15:16:05 ----A---- C:\Windows\system32\tsgqec.dll

2009-09-24 15:16:05 ----A---- C:\Windows\system32\mstscax.dll

2009-09-24 15:16:05 ----A---- C:\Windows\system32\aaclient.dll

2009-09-24 15:13:58 ----A---- C:\Windows\system32\mshtml.dll

2009-09-24 15:13:57 ----A---- C:\Windows\system32\iertutil.dll

2009-09-24 15:13:57 ----A---- C:\Windows\system32\ieframe.dll

2009-09-24 15:13:56 ----A---- C:\Windows\system32\wininet.dll

2009-09-24 15:13:56 ----A---- C:\Windows\system32\urlmon.dll

2009-09-24 15:13:56 ----A---- C:\Windows\system32\occache.dll

2009-09-24 15:13:56 ----A---- C:\Windows\system32\msfeeds.dll

2009-09-24 15:13:55 ----A---- C:\Windows\system32\msfeedsbs.dll

2009-09-24 15:13:55 ----A---- C:\Windows\system32\ieUnatt.exe

2009-09-24 15:13:55 ----A---- C:\Windows\system32\ieui.dll

2009-09-24 15:13:55 ----A---- C:\Windows\system32\iepeers.dll

2009-09-24 15:13:55 ----A---- C:\Windows\system32\iedkcs32.dll

2009-09-24 15:13:54 ----A---- C:\Windows\system32\msfeedssync.exe

2009-09-24 15:13:54 ----A---- C:\Windows\system32\jsproxy.dll

2009-09-24 15:13:54 ----A---- C:\Windows\system32\iesysprep.dll

2009-09-24 15:13:54 ----A---- C:\Windows\system32\iesetup.dll

2009-09-24 15:13:54 ----A---- C:\Windows\system32\iernonce.dll

2009-09-24 15:13:54 ----A---- C:\Windows\system32\ie4uinit.exe

2009-09-24 15:13:27 ----A---- C:\Windows\system32\wmp.dll

2009-09-24 15:13:23 ----A---- C:\Windows\system32\wmpdxm.dll

2009-09-24 15:13:23 ----A---- C:\Windows\system32\spwmp.dll

2009-09-24 15:13:23 ----A---- C:\Windows\system32\dxmasf.dll

2009-09-24 15:13:22 ----A---- C:\Windows\system32\wmploc.DLL

2009-09-24 15:13:06 ----A---- C:\Windows\system32\gameux.dll

2009-09-24 15:13:05 ----A---- C:\Windows\system32\Apphlpdm.dll

2009-09-24 15:13:03 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll

2009-09-24 08:35:56 ----A---- C:\Windows\system32\aswBoot.exe

2009-09-21 12:08:13 ----D---- C:\Users\Bruna Marcela\AppData\Roaming\Corel

2009-09-17 12:27:05 ----D---- C:\ProgramData\Google

2009-09-17 11:29:03 ----D---- C:\ProgramData\Yahoo! Companion

2009-09-16 22:49:12 ----D---- C:\Users\Bruna Marcela\AppData\Roaming\Nero

2009-09-16 22:05:45 ----D---- C:\ProgramData\Nero

2009-09-16 22:05:44 ----D---- C:\Program Files\Common Files\Nero

2009-09-16 16:08:55 ----D---- C:\Program Files\Yahoo!

2009-09-16 13:00:40 ----D---- C:\ProgramData\WindowsSearch

2009-09-16 11:57:34 ----D---- C:\Users\Bruna Marcela\AppData\Roaming\Real

2009-09-16 11:09:12 ----D---- C:\Program Files\Real

2009-09-16 11:09:10 ----D---- C:\ProgramData\Real

2009-09-16 11:09:10 ----D---- C:\Program Files\Common Files\Real

2009-09-16 11:07:47 ----D---- C:\Program Files\Google

2009-09-15 15:08:28 ----D---- C:\Users\Bruna Marcela\AppData\Roaming\Any Video Converter

2009-09-15 15:08:25 ----D---- C:\Program Files\Any Video Converter

2009-09-15 15:03:49 ----D---- C:\ProgramData\DVD Shrink

2009-09-15 09:03:28 ----D---- C:\Program Files\VDOWNLOADER

2009-09-09 22:32:29 ----D---- C:\ProgramData\Office Genuine Advantage

2009-09-08 13:21:12 ----D---- C:\Users\Bruna Marcela\AppData\Roaming\uTorrent

2009-09-07 17:33:05 ----D---- C:\ProgramData\MyVirtualHome

2009-09-07 17:33:05 ----D---- C:\Program Files\MyVirtualHome

2009-09-07 13:12:07 ----D---- C:\Program Files\DVDVideoSoft

2009-09-07 13:12:07 ----D---- C:\Program Files\Common Files\DVDVideoSoft

 

======List of files/folders modified in the last 1 months======

 

2009-10-06 12:58:36 ----D---- C:\Windows\Prefetch

2009-10-06 12:58:11 ----RD---- C:\Program Files

2009-10-06 12:56:33 ----D---- C:\Windows\System32

2009-10-06 12:56:33 ----D---- C:\Windows\inf

2009-10-06 12:56:33 ----A---- C:\Windows\system32\PerfStringBackup.INI

2009-10-06 12:52:29 ----A---- C:\ProgramData\hpqp.ini

2009-10-06 08:01:18 ----SHD---- C:\System Volume Information

2009-10-05 21:19:26 ----D---- C:\Windows\system32\catroot2

2009-10-05 21:04:09 ----D---- C:\Windows\system32\wbem

2009-10-05 21:04:09 ----D---- C:\Windows

2009-10-05 21:02:01 ----D---- C:\Windows\system32\config

2009-10-05 21:01:52 ----HD---- C:\ProgramData

2009-10-05 21:01:52 ----D---- C:\Windows\Tasks

2009-10-05 21:01:52 ----D---- C:\Windows\system32\Tasks

2009-10-05 21:01:52 ----D---- C:\Windows\system32\spool

2009-10-05 21:01:52 ----D---- C:\Windows\system32\Msdtc

2009-10-05 21:01:52 ----D---- C:\Windows\system32\CodeIntegrity

2009-10-05 21:01:52 ----D---- C:\Windows\registration

2009-10-02 18:29:15 ----D---- C:\Windows\rescache

2009-10-02 00:17:16 ----D---- C:\Windows\system32\pt-BR

2009-10-01 16:47:48 ----D---- C:\Windows\winsxs

2009-10-01 16:46:13 ----D---- C:\Windows\system32\catroot

2009-10-01 14:36:13 ----D---- C:\temp

2009-09-30 13:47:06 ----D---- C:\Setups

2009-09-30 13:28:12 ----SHD---- C:\Windows\Installer

2009-09-30 13:06:06 ----D---- C:\ProgramData\Adobe

2009-09-30 13:05:46 ----D---- C:\Program Files\Common Files\Adobe

2009-09-30 12:04:31 ----RD---- C:\Users

2009-09-30 11:51:32 ----A---- C:\Windows\lexstat.ini

2009-09-30 11:46:32 ----D---- C:\drivers

2009-09-29 23:07:46 ----D---- C:\Windows\system32\drivers

2009-09-29 23:07:44 ----SHD---- C:\$RECYCLE.BIN

2009-09-29 23:07:44 ----D---- C:\Program Files\Mx One

2009-09-29 19:08:28 ----SD---- C:\Windows\Downloaded Program Files

2009-09-29 15:48:56 ----D---- C:\Windows\AppPatch

2009-09-29 15:48:55 ----D---- C:\Program Files\Common Files

2009-09-28 18:01:15 ----D---- C:\boot

2009-09-27 17:42:38 ----D---- C:\Windows\Microsoft.NET

2009-09-27 17:42:35 ----RSD---- C:\Windows\assembly

2009-09-27 17:32:53 ----D---- C:\Program Files\Windows Calendar

2009-09-27 17:32:53 ----D---- C:\Program Files\Movie Maker

2009-09-27 17:32:52 ----D---- C:\Program Files\Windows Sidebar

2009-09-27 17:32:52 ----D---- C:\Program Files\Windows Media Player

2009-09-27 17:32:52 ----D---- C:\Program Files\Windows Mail

2009-09-27 17:32:52 ----D---- C:\Program Files\Windows Collaboration

2009-09-27 17:32:52 ----D---- C:\Program Files\Internet Explorer

2009-09-27 17:32:51 ----D---- C:\Windows\servicing

2009-09-27 17:32:51 ----D---- C:\Program Files\Windows Photo Gallery

2009-09-27 17:32:51 ----D---- C:\Program Files\Windows Defender

2009-09-27 17:32:51 ----D---- C:\Program Files\Common Files\System

2009-09-27 17:32:49 ----D---- C:\Windows\system32\XPSViewer

2009-09-27 17:32:49 ----D---- C:\Windows\system32\sk-SK

2009-09-27 17:32:49 ----D---- C:\Windows\system32\lv-LV

2009-09-27 17:32:49 ----D---- C:\Windows\system32\ko-KR

2009-09-27 17:32:49 ----D---- C:\Windows\system32\hr-HR

2009-09-27 17:32:49 ----D---- C:\Windows\system32\et-EE

2009-09-27 17:32:49 ----D---- C:\Windows\system32\en-US

2009-09-27 17:32:49 ----D---- C:\Windows\system32\da-DK

2009-09-27 17:32:49 ----D---- C:\Windows\IME

2009-09-27 17:32:48 ----D---- C:\Windows\system32\sv-SE

2009-09-27 17:32:48 ----D---- C:\Windows\system32\SLUI

2009-09-27 17:32:48 ----D---- C:\Windows\system32\setup

2009-09-27 17:32:48 ----D---- C:\Windows\system32\ru-RU

2009-09-27 17:32:48 ----D---- C:\Windows\system32\pt-PT

2009-09-27 17:32:48 ----D---- C:\Windows\system32\oobe

2009-09-27 17:32:48 ----D---- C:\Windows\system32\migration

2009-09-27 17:32:48 ----D---- C:\Windows\system32\it-IT

2009-09-27 17:32:48 ----D---- C:\Windows\system32\hu-HU

2009-09-27 17:32:48 ----D---- C:\Windows\system32\he-IL

2009-09-27 17:32:48 ----D---- C:\Windows\system32\fr-FR

2009-09-27 17:32:48 ----D---- C:\Windows\system32\fi-FI

2009-09-27 17:32:48 ----D---- C:\Windows\system32\el-GR

2009-09-27 17:32:48 ----D---- C:\Windows\system32\de-DE

2009-09-27 17:32:48 ----D---- C:\Windows\system32\cs-CZ

2009-09-27 17:32:48 ----D---- C:\Windows\system32\AdvancedInstallers

2009-09-27 17:32:47 ----D---- C:\Windows\system32\zh-TW

2009-09-27 17:32:47 ----D---- C:\Windows\system32\zh-CN

2009-09-27 17:32:47 ----D---- C:\Windows\system32\uk-UA

2009-09-27 17:32:47 ----D---- C:\Windows\system32\th-TH

2009-09-27 17:32:47 ----D---- C:\Windows\system32\sr-Latn-CS

2009-09-27 17:32:47 ----D---- C:\Windows\system32\sl-SI

2009-09-27 17:32:47 ----D---- C:\Windows\system32\ro-RO

2009-09-27 17:32:47 ----D---- C:\Windows\system32\pl-PL

2009-09-27 17:32:47 ----D---- C:\Windows\system32\manifeststore

2009-09-27 17:32:47 ----D---- C:\Windows\system32\ja-JP

2009-09-27 17:32:47 ----D---- C:\Windows\system32\es-ES

2009-09-27 17:32:47 ----D---- C:\Windows\system32\bg-BG

2009-09-27 17:32:46 ----D---- C:\Windows\system32\tr-TR

2009-09-27 17:32:46 ----D---- C:\Windows\system32\nl-NL

2009-09-27 17:32:46 ----D---- C:\Windows\system32\nb-NO

2009-09-27 17:32:46 ----D---- C:\Windows\system32\lt-LT

2009-09-27 17:32:46 ----D---- C:\Windows\system32\ar-SA

2009-09-27 17:32:45 ----D---- C:\Windows\system32\migwiz

2009-09-27 17:32:32 ----RSD---- C:\Windows\Fonts

2009-09-27 17:32:24 ----D---- C:\Windows\system32\Boot

2009-09-27 16:35:38 ----D---- C:\ProgramData\Spybot - Search & Destroy

2009-09-27 16:35:37 ----D---- C:\Windows\Debug

2009-09-27 16:21:36 ----D---- C:\Windows\system32\zh-HK

2009-09-27 15:51:59 ----D---- C:\Program Files\Java

2009-09-27 15:47:34 ----D---- C:\Windows\system32\WDI

2009-09-25 10:50:41 ----D---- C:\ProgramData\Microsoft Help

2009-09-24 18:48:39 ----D---- C:\Program Files\Spybot - Search & Destroy

2009-09-24 15:57:02 ----SD---- C:\Users\Bruna Marcela\AppData\Roaming\Microsoft

2009-09-24 15:57:01 ----D---- C:\Program Files\Windows Installer Clean Up

2009-09-24 15:56:37 ----D---- C:\Program Files\MSECache

2009-09-24 15:45:56 ----D---- C:\Program Files\Norton Internet Security

2009-09-24 08:16:11 ----D---- C:\Windows\system32\sysprep

2009-09-24 08:16:11 ----D---- C:\Windows\system32\ras

2009-09-24 08:16:11 ----D---- C:\Windows\system

2009-09-24 08:16:08 ----RSD---- C:\Windows\Media

2009-09-24 08:16:08 ----RD---- C:\Windows\Offline Web Pages

2009-09-24 08:16:08 ----D---- C:\Windows\system32\ias

2009-09-24 08:16:08 ----D---- C:\Program Files\Common Files\Services

2009-09-24 08:16:00 ----D---- C:\Windows\system32\restore

2009-09-24 08:15:54 ----D---- C:\ProgramData\Norton

2009-09-24 08:15:51 ----RD---- C:\Program Files\Online Services

2009-09-24 08:15:50 ----D---- C:\Program Files\Microsoft Works

2009-09-24 08:15:48 ----D---- C:\Program Files\eMule

2009-09-24 08:15:48 ----D---- C:\Program Files\Common Files\Symantec Shared

2009-09-24 08:14:53 ----D---- C:\Program Files\HP

2009-09-18 08:56:37 ----D---- C:\Users\Bruna Marcela\AppData\Roaming\Skype

2009-09-18 08:56:04 ----D---- C:\Users\Bruna Marcela\AppData\Roaming\skypePM

2009-09-12 16:31:23 ----D---- C:\Users\Bruna Marcela\AppData\Roaming\HpUpdate

2009-09-08 10:39:28 ----HD---- C:\Program Files\InstallShield Installation Information

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-08-17 23152]

R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-08-17 114768]

R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-08-17 51376]

R1 ccHP;Symantec Hash Provider; \??\C:\Windows\system32\drivers\NIS\1000000.07D\ccHPx86.sys [2009-07-06 362544]

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2009-07-06 371248]

R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2007-08-07 25160]

R1 IDSVix86;IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20080826.006\IDSVix86.sys [2009-07-06 289840]

R1 SRTSPX;SRTSPX; \??\C:\Windows\system32\drivers\NIS\1000000.07D\SRTSPX.SYS [2009-07-06 43696]

R1 SymIM;Symantec Network Security Intermediate Filter Driver; C:\Windows\system32\DRIVERS\SymIMv.sys [2009-07-06 25136]

R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-08-17 20560]

R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-08-17 53328]

R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2008-02-29 1202560]

R3 AnyDVD;AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [2008-02-05 97216]

R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2008-01-31 166448]

R3 BCM43XX;Controlador da Placa de Rede Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl6.sys [2009-06-02 1326584]

R3 CmBatt;Driver de Bateria do Método de Controle ACPI da Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-20 14208]

R3 ElbyCDFL;ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [2007-02-15 34760]

R3 ElbyDelay;ElbyDelay; C:\Windows\System32\Drivers\ElbyDelay.sys [2007-02-15 11984]

R3 enecir;ENE CIR Receiver; C:\Windows\system32\DRIVERS\enecir.sys [2008-04-28 54784]

R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]

R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-09-02 2472448]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI; C:\Windows\system32\drivers\IntcHdmi.sys [2008-07-15 112128]

R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-07-22 123904]

R3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\DRIVERS\stwrt.sys [2008-09-11 389120]

R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2009-07-06 124464]

R3 usbvideo;Dispositivo de vídeo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-20 134016]

R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-20 11264]

S1 BHDrvx86;Symantec Heuristics Driver; \??\C:\Windows\system32\drivers\NIS\1000000.07D\BHDrvx86.sys [2009-07-06 254512]

S1 SYMTDI;SYMTDI; \??\C:\Windows\system32\drivers\NIS\1000000.07D\SYMTDI.SYS [2009-07-06 198192]

S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]

S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2009-02-06 55280]

S3 HdAudAddService;Driver de Função Microsoft 1.1 UAA para Serviço de High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]

S3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys [2008-07-21 100184]

S3 MSKSSRV;Proxy de serviço de streaming Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]

S3 MSPCLOCK;Proxy do relógio de streaming Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]

S3 MSPQM;Proxy de gerenciador de qualidade de streaming Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]

S3 MSTEE;Conversor em T entre Coletores de streaming Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]

S3 NAVENG;NAVENG; C:\Windows\system32\drivers\NAVENG.sys []

S3 NAVEX15;NAVEX15; C:\Windows\system32\drivers\NAVEX15.sys []

S3 NETw3v32;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2008-01-20 2225664]

S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-20 88576]

S3 SRTSP;SRTSP; \??\C:\Windows\system32\drivers\NIS\1000000.07D\SRTSP.SYS [2009-07-06 305712]

S3 SYMDNS;SYMDNS; \??\C:\Windows\system32\drivers\NIS\1000000.07D\SYMDNS.SYS [2009-07-06 12976]

S3 SYMFW;SYMFW; \??\C:\Windows\system32\drivers\NIS\1000000.07D\SYMFW.SYS [2009-07-06 89904]

S3 SYMNDISV;SYMNDISV; \??\C:\Windows\system32\drivers\NIS\1000000.07D\SYMNDISV.SYS [2009-07-06 40496]

S3 SYMREDRV;SYMREDRV; \??\C:\Windows\system32\drivers\NIS\1000000.07D\SYMREDRV.SYS [2009-07-06 24752]

S3 UIUSys;Conexant Setup API; C:\Windows\system32\DRIVERS\UIUSYS.SYS []

S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-20 35328]

S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-20 39936]

S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]

S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 194048]

S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]

S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 AESTFilters;Andrea ST Filters Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e7ea6efc\aestsrv.exe [2008-06-27 77824]

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2007-12-11 12800]

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-08-17 18752]

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-08-17 138680]

R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-06-16 94208]

R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2009-06-17 73728]

R2 lxcz_device;lxcz_device; C:\Windows\system32\lxczcoms.exe [2007-04-19 537520]

R2 ProtexisLicensing;ProtexisLicensing; C:\Windows\system32\PSIService.exe [2006-11-02 174656]

R2 Recovery Service for Windows;Recovery Service for Windows; C:\Program Files\SMINST\BLService.exe [2008-10-06 365952]

R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2008-06-29 241734]

R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]

R2 STacSV;Audio Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e7ea6efc\STacSV.exe [2008-09-11 237650]

R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-08-17 254040]

R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-08-17 352920]

R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2008-05-01 165192]

S2 .norton2009Reset;Norton 2009 Reset; C:\ProgramData\Norton\Norton2009Reset.exe [2009-07-06 281625]

S2 Norton Internet Security;Norton Internet Security; C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [2009-07-06 115560]

S3 fsssvc;Windows Live Proteção para a Família; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]

S3 getPlusHelper;@C:\Program Files\NOS\bin\getPlus_Helper.dll,-101; C:\Windows\System32\svchost.exe [2008-01-20 21504]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]

S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

 

-----------------EOF-----------------

 

 

 

INFO.TXT :

 

info.txt logfile of random's system information tool 1.06 2009-10-06 12:58:47

 

======Uninstall list======

 

Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE

Adobe Download Manager-->"C:\Windows\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper.dll",Uninstall /Get1

Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Reader 9.1.3 - Português-->MsiExec.exe /I{AC76BA86-7AD7-1046-7B44-A91000000001}

Adobe Shockwave Player-->MsiExec.exe /X{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}

Agere Systems HDA Modem-->agrsmdel

AnyDVD-->"C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"

Arquivo do WinRAR-->C:\Program Files\WinRAR\uninstall.exe

Assistente de Conexão do Windows Live-->MsiExec.exe /I{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}

Atualização do produto Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0416-0000-0000000FF1CE} /uninstall {717C9095-8AAE-41CB-B046-BD6E8399F4F3}

Atualização do produto Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0416-0000-0000000FF1CE} /uninstall {5016CB22-B9A7-44FB-AA72-AF28B27B15EA}

Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0416-0000-0000000FF1CE} /uninstall {BE3A7C0C-0081-4694-B5F9-980DD66BDDF8}

Atualização do produto Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0416-0000-0000000FF1CE} /uninstall {7297E3A9-FCD4-4E0E-A306-7A90359E50E3}

avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup

Broadcom 802.11 Wireless LAN Adapter-->"C:\Program Files\Broadcom\Broadcom 802.11\Driver\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Broadcom\Broadcom 802.11\Driver"

CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"

Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}

CloneCD-->"C:\Program Files\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Program Files\SlySoft\CloneCD"

CloneDVD2-->"C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2"

Corel Paint Shop Pro Photo XI-->MsiExec.exe /X{E1C7EF5E-3A7B-4ED4-A48B-F70F1B36EAB4}

CyberLink DVD Suite-->"C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe" /z-uninstall

CyberLink DVD Suite-->"C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe" /z-uninstall

CyberLink YouCam-->"C:\Program Files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall

CyberLink YouCam-->"C:\Program Files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall

eMule-->"C:\Program Files\eMule\Uninstall.exe"

ESU for Microsoft Vista-->MsiExec.exe /I{3877C901-7B90-4727-A639-B6ED2DD59D43}

Ferramenta de Carregamento do Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}

Hewlett-Packard Active Check for Health Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}

Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}

HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""

HP Active Support Library-->C:\Program Files\InstallShield Installation Information\{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}\setup.exe -runfromtemp -l0x0409

HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57A5AEC1-97FC-474D-92C4-908FCC2253D4}\setup.exe" -l0x9 -removeonly

HP Doc Viewer-->MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}

HP DVD Play 3.7-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall

HP Help and Support-->MsiExec.exe /I{0054A0F6-00C9-4498-B821-B5C9578F433E}

HP MULTIPLE MODEM INSTALLER for VISTA-->MsiExec.exe /I{45A136EC-88BF-4B95-99F5-C45D3930E1CC}

HP Quick Launch Buttons 6.40 H2-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x0416 uninst

HP Update-->MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}

HP User Guides 0125-->MsiExec.exe /X{C4CF43CE-94AE-498E-9EB1-C804E05CB3CA}

HP Wireless Assistant-->MsiExec.exe /I{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}

HPNetworkAssistant-->MsiExec.exe /I{228C6B46-64E2-404E-898A-EF0830603EF4}

HPTCSSetup-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{846DDADA-0239-4B67-A6B1-33658863793B}\setup.exe" -l0x9 -removeonly

IDT Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\setup.exe" -l0x416 -remove -removeonly

Intel® Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall

Java 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216015FF}

Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}

JMicron JMB38X Flash Media Controller-->"C:\Program Files\InstallShield Installation Information\{26604C7E-A313-4D12-867F-7C6E7820BE4C}\setup.exe" delpkg

LabelPrint-->"C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" /z-uninstall

LabelPrint-->"C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" /z-uninstall

Lexmark 1200 Series-->C:\Program Files\Lexmark 1200 Series\Install\x86\Uninst.exe

LightScribe Applications-->MsiExec.exe /X{88A4002B-BDBA-49A2-927C-D81E8DF32B1B}

LightScribe System Software-->MsiExec.exe /X{82EF29B1-9B60-4142-A155-0599216DD053}

McAfee Security Scan-->"C:\Program Files\McAfee Security Scan\uninstall.exe"

Microsoft .NET Framework 3.5 Language Pack SP1 - ptb-->MsiExec.exe /I{1438B41C-658C-35B7-9253-780F2E0A0B8E}

Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe

Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0416-0000-0000000FF1CE} /uninstall {02A880E2-B8B9-4BF5-8822-EA1374734E2E}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0416-0000-0000000FF1CE} /uninstall {02A880E2-B8B9-4BF5-8822-EA1374734E2E}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0416-0000-0000000FF1CE} /uninstall {02A880E2-B8B9-4BF5-8822-EA1374734E2E}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0416-0000-0000000FF1CE} /uninstall {02A880E2-B8B9-4BF5-8822-EA1374734E2E}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0416-0000-0000000FF1CE} /uninstall {02A880E2-B8B9-4BF5-8822-EA1374734E2E}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0416-0000-0000000FF1CE} /uninstall {02A880E2-B8B9-4BF5-8822-EA1374734E2E}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0416-0000-0000000FF1CE} /uninstall {02A880E2-B8B9-4BF5-8822-EA1374734E2E}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0416-0000-0000000FF1CE} /uninstall {9A141B2B-7C5E-47D2-8E9E-9AC6018F3C42}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0416-0000-0000000FF1CE} /uninstall {02A880E2-B8B9-4BF5-8822-EA1374734E2E}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0416-0000-0000000FF1CE} /uninstall {02A880E2-B8B9-4BF5-8822-EA1374734E2E}

Microsoft Office Access MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0015-0416-0000-0000000FF1CE}

Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL

Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}

Microsoft Office Excel MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0016-0416-0000-0000000FF1CE}

Microsoft Office Groove MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-00BA-0416-0000-0000000FF1CE}

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0044-0416-0000-0000000FF1CE}

Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-00A1-0416-0000-0000000FF1CE}

Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0122-0416-0000-0000000FF1CE}

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-001A-0416-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0018-0416-0000-0000000FF1CE}

Microsoft Office PowerPoint Viewer 2007 (Portuguese (Brazil))-->MsiExec.exe /X{95120000-00AF-0416-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-001F-0416-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-002C-0416-0000-0000000FF1CE}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0416-0000-0000000FF1CE} /uninstall {75EBE365-7FC5-4720-A7D3-804BF550D1BC}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0019-0416-0000-0000000FF1CE}

Microsoft Office Shared MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-006E-0416-0000-0000000FF1CE}

Microsoft Office Word MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-001B-0416-0000-0000000FF1CE}

Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}

Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}

Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}

Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Microsoft Works-->MsiExec.exe /I{EE5B6291-45EF-4705-A20E-89A3C5D2F87E}

Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}

Mozilla Firefox (3.5.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

muvee Reveal-->MsiExec.exe /X{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}

MV RegClean 5.9-->"C:\Program Files\Marcos Velasco Security\MV RegClean 5.9\unins000.exe"

OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}

Pacote de Compatibilidade para o sistema Office 2007-->MsiExec.exe /X{90120000-0020-0416-0000-0000000FF1CE}

Pacote de Idiomas do Microsoft .NET Framework 3.5 SP1 - PTB-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - ptb\setup.exe

PDF2Office v4.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD63AC-C256-4237-A6C9-D166CF456422}\setup.exe" -l0x9 -removeonly

Power2Go-->"C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" /z-uninstall

Power2Go-->"C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" /z-uninstall

PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe" /z-uninstall

PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe" /z-uninstall

Realtek 8169 8168 8101E 8102E Ethernet Driver-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0416 -removeonly

Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}

Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}

Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}

Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}

Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}

Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}

Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}

Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"

The Sims™ 3-->"C:\Program Files\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\Sims3Setup.exe" -runfromtemp -l0x0416 -removeonly

Touch Pad Driver-->C:\Program Files\Apoint2K\Uninstap.exe ADDREMOVE

Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""

Update for Microsoft Office Outlook 2007 (KB969907)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {74F98B24-AFBD-4800-9BD6-87D349B5C462}

Update for Outlook 2007 Junk Email Filter (kb973514)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {03B11C77-336F-43B4-9B43-79890BA84504}

USB FireWall 1.1.3-->"C:\Program Files\InstallShield Installation Information\{E12683F4-89CF-4C10-BB15-013B415AA03A}\setup.exe" -runfromtemp -l0x0416 -removeonly

Windows Driver Package - ENE (enecir) HIDClass (04/29/2008 2.5.0.0)-->C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\enecir.inf_8f2fc366\enecir.inf

Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}

Windows Live Call-->MsiExec.exe /I{32BC546A-8AA3-4239-AE92-9CF3291C35A6}

Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}

Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe

Windows Live Essentials-->MsiExec.exe /I{3B96F4EA-CD82-4C57-B86A-646A017CAF18}

Windows Live Galeria de Fotos-->MsiExec.exe /X{50D918C3-1FAD-4BE0-89D1-7B7AAA2AF710}

Windows Live Mail-->MsiExec.exe /I{852E74A9-74F1-4F71-BE3E-991A48EF232D}

Windows Live Messenger-->MsiExec.exe /X{C8DD4EAD-674B-461B-94D5-4C80CCFB8401}

Windows Live Movie Maker Beta-->MsiExec.exe /X{1C3B405E-BC69-485A-BD98-28796D5A33C4}

Windows Live Proteção para a Família-->MsiExec.exe /X{BA9A33CA-8ADF-4263-B2F4-B611245A37FF}

Windows Live Sync-->MsiExec.exe /X{D7A88CAC-67C3-4435-898E-2B7245F3E4BB}

Windows Live Toolbar-->MsiExec.exe /X{624DEAA0-B27D-444B-8BFE-70622B318A4A}

Windows Live Writer-->MsiExec.exe /X{32EF3D9D-B626-497C-8E93-EC4B24E20EDA}

 

======Security center information======

 

AS: Spybot - Search and Destroy (disabled) (outdated)

AS: Windows Defender

 

======System event log======

 

Computer Name: Casa

Event Code: 4001

Message: Serviço de Configuração Automática de WLAN interrompido com êxito.

 

Record Number: 25458

Source Name: Microsoft-Windows-WLAN-AutoConfig

Time Written: 20090722042839.201000-000

Event Type: Aviso

User: AUTORIDADE NT\SYSTEM

 

Computer Name: Casa

Event Code: 10002

Message: Módulo de Extensibilidade de WLAN interrompido.

 

Caminho do Módulo: C:\Windows\System32\bcmihvsrv.dll

 

Record Number: 25457

Source Name: Microsoft-Windows-WLAN-AutoConfig

Time Written: 20090722042839.201000-000

Event Type: Aviso

User: AUTORIDADE NT\SYSTEM

 

Computer Name: Casa

Event Code: 6013

Message: O tempo de ativação do sistema é 32 segundos.

Record Number: 25456

Source Name: EventLog

Time Written: 20090722153251.000000-000

Event Type: Informações

User:

 

Computer Name: Casa

Event Code: 6005

Message: O serviço Log de eventos foi iniciado.

Record Number: 25455

Source Name: EventLog

Time Written: 20090722153251.000000-000

Event Type: Informações

User:

 

Computer Name: Casa

Event Code: 6009

Message: Microsoft ® Windows ® 6.00. 6001 Service Pack 1 Multiprocessor Free.

Record Number: 25454

Source Name: EventLog

Time Written: 20090722153251.000000-000

Event Type: Informações

User:

 

=====Application event log=====

 

Computer Name: Casa

Event Code: 0

Message: Requires:C:\Program Files\Hewlett-Packard\HP TCS

Record Number: 197

Source Name: HP Total Care Setup Updater

Time Written: 20090702193849.000000-000

Event Type: Informações

User:

 

Computer Name: Casa

Event Code: 0

Message: Expanded Env:CORESYSTEMPATH

Record Number: 196

Source Name: HP Total Care Setup Updater

Time Written: 20090702193849.000000-000

Event Type: Informações

User:

 

Computer Name: Casa

Event Code: 0

Message: Current:C:\ProgramData\Hewlett-Packard\HP TCS

Record Number: 195

Source Name: HP Total Care Setup Updater

Time Written: 20090702193849.000000-000

Event Type: Informações

User:

 

Computer Name: Casa

Event Code: 0

Message: Requires:C:\ProgramData\Hewlett-Packard\HP TCS

Record Number: 194

Source Name: HP Total Care Setup Updater

Time Written: 20090702193849.000000-000

Event Type: Informações

User:

 

Computer Name: Casa

Event Code: 0

Message: Expanded Env:COREALLUSERPATH

Record Number: 193

Source Name: HP Total Care Setup Updater

Time Written: 20090702193849.000000-000

Event Type: Informações

User:

 

=====Security event log=====

 

Computer Name: Casa

Event Code: 4624

Message: O logon de uma conta foi efetuado com sucesso.

 

Requerente:

Identificação de segurança: S-1-5-18

Nome da conta: WIN-PYV6C2TQ8UT$

Domínio da conta: WORKGROUP

Identificação de logon: 0x3e7

 

Tipo de logon: 2

 

Novo logon:

Identificação de segurança: S-1-5-21-3375890411-3288990355-2692903690-1001

Nome da conta: Caio César

Domínio da conta: Casa

Identificação de logon: 0x1e79b8

GUID de logon: {00000000-0000-0000-0000-000000000000}

 

Informações do processo:

Identificação do processo: 0x65c

Nome do processo: C:\Windows\System32\winlogon.exe

 

Informações da rede:

Nome da estação de trabalho: WIN-PYV6C2TQ8UT

Endereço da rede de origem: 127.0.0.1

Porta de origem: 0

 

Informações detalhadas da autenticação:

Processo de logon: User32

Pacote de autenticação: Negotiate

Serviços transitados: -

Nome do pacote (somente NTLM): -

Comprimento da chave: 0

 

Este evento é gerado quando uma sessão de logon é criada. Ele é gerado no computador acessado.

 

Os campos do assunto indicam a conta do sistema local que solicitou o logon. Comumente, isto é um serviço como o de servidor ou um processo local como Winlogon.exe ou Services.exe.

 

O campo tipo de logon indica o tipo de logon ocorrido. Os tipos mais comuns são 2 (interativo) e 3 (em rede).

 

Os campos Novo logon indicam as contas para a qual o novo logon foi criada, isto é, a conta na qual o logon foi efetuado.

 

Os campos de rede indicam onde a solicitação de logon remoto se originou. O nome da estação de trabalho nem sempre está disponível e pode ser deixado em branco em alguns casos.

 

Os campos de informações de autenticação fornecem informações detalhadas sobre esta solicitação específica de logon.

-O GUID de logon é um identificador exclusivo que pode ser usado para correlacionar este evento com um evento de KDC.

- Serviços transitados indicam qual serviço intermediário participou desta solicitação de logon.

- Nome de pacote indica qual subprotocolo foi usado, entre os protocolos NTLM.

- Comprimento da chave indica o comprimento da chave da sessão gerada. Ele será 0 se nenhuma chave de sessão foi solicitada.

Record Number: 1053

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090702194843.024770-000

Event Type: Sucesso da Auditoria

User:

 

Computer Name: Casa

Event Code: 4648

Message: Tentativa de logon com uso de credenciais explícitas.

 

Requerente:

Identificação de segurança: S-1-5-18

Nome da conta: WIN-PYV6C2TQ8UT$

Domínio da conta: WORKGROUP

Identificação de logon: 0x3e7

Identificação de logon: {00000000-0000-0000-0000-000000000000}

 

Conta cujas credenciais foram utilizadas:

Nome da conta: Caio César

Domínio da conta: Casa

GUID de logon: {00000000-0000-0000-0000-000000000000}

 

Servidor de destino:

Nome do servidor de destino: localhost

Informações adicionais: localhost

 

Informações do processo:

Identificação do processo: 0x65c

Nome do processo: C:\Windows\System32\winlogon.exe

 

Informações da rede:

Endereço da rede: 127.0.0.1

Porta: 0

 

Este evento é gerado quando um processo tenta efetuar o logon em uma conta, especificando explicitamente suas credenciais. Comumente, ele ocorre em configurações do tipo lote como em tarefas programadas, ou quando se utiliza o comando RUNAS.

Record Number: 1052

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090702194843.024770-000

Event Type: Sucesso da Auditoria

User:

 

Computer Name: Casa

Event Code: 4905

Message: Tentativa de remover o registro de uma origem de evento de segurança.

 

Assunto

Identificação de segurança: S-1-5-18

Nome da conta: WIN-PYV6C2TQ8UT$

Domínio da conta: WORKGROUP

Identificação de logon: 0x3e7

 

Processo:

Identificação do processo: 0xe1c

Nome do processo: C:\Windows\System32\VSSVC.exe

 

Origem do evento:

Nome da origem: VSSAudit

Identificação da origem do evento: 0xc3a43

Record Number: 1051

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090702193845.610970-000

Event Type: Sucesso da Auditoria

User:

 

Computer Name: Casa

Event Code: 4904

Message: Tentativa de registrar uma origem de evento de segurança.

 

Requerente:

Identificação de segurança: S-1-5-18

Nome da conta: WIN-PYV6C2TQ8UT$

Domínio da conta: WORKGROUP

Identificação de logon: 0x3e7

 

Processo:

Identificação do processo: 0xe1c

Nome do processo: C:\Windows\System32\VSSVC.exe

 

Origem do evento:

Nome da origem: VSSAudit

Identificação da origem do evento: 0xc3a43

Record Number: 1050

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090702193845.610970-000

Event Type: Sucesso da Auditoria

User:

 

Computer Name: Casa

Event Code: 1102

Message: O log de auditoria foi apagado.

Requerente:

ID de segurança: S-1-5-21-3375890411-3288990355-2692903690-1000

Nome da conta: Bruna Marcela

Nome do domínio: Casa

ID de logon: 0x50361

Record Number: 1049

Source Name: Microsoft-Windows-Eventlog

Time Written: 20090702193838.466170-000

Event Type: Sucesso da Auditoria

User:

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\CyberLink\Power2Go

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

"PROCESSOR_ARCHITECTURE"=x86

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"USERNAME"=SYSTEM

"windir"=%SystemRoot%

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel

"PROCESSOR_REVISION"=170a

"NUMBER_OF_PROCESSORS"=2

"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat

"DFSTRACINGON"=FALSE

"OnlineServices"=Online Services

"Platform"=MCD

"PCBRAND"=Presario

 

-----------------EOF-----------------

 

Ah! Também não consigo mais ativar o aotorun de dispositivos. Já tentei inclusive seguindo um tutorial de chave do registro.

Agradeço de puderem me ajudar!!!

Compartilhar este post

Link para o post
Compartilhar em outros sites

MGuitar    11

MGuitar
Postado

Com o navegador Internet Explorer, acesse o '>http://www.eset.com/onlinescan/"]ESET Online Scanner e faça um scan no site de acordo com a imagem abaixo:

 

75708734.gif

 

Ao término, um log estará em: C:\Arquivos de programas\Eset\Eset Online Scanner\log.txt.

 

Poste-o aqui.

 

Ah! Também não consigo mais ativar o aotorun de dispositivos. Já tentei inclusive seguindo um tutorial de chave do registro.

Agradeço de puderem me ajudar!!!

Tente isto:

 

- Baixe o '>http://download.microsoft.com/download/2/3/2/2326455e-a840-4c61-bc28-3afa1820b240/AutoFix.exe"]AutoFix e salve-o no desktop;

 

- Dê um duplo clique na ferramenta para executá-la. Clique em Avançar na primeira tela e na segunda confira se há um OK na frente das duas opções e clique em Avançar

 

imagemjj6.jpg

 

- Caso algum esteja sem o OK, clique no botão Repair à frente.

 

- Na próxima tela, selecione a unidade que será reparada pela ferramenta e clique em Avançar.

 

- Na próxima janela, verifique novamente se há um OK na frente das opções e clique em Avançar.

 

- Depois de clicar em Avançar a ferramenta tentará reparar o problema.

 

- Clique no botão Repair se algo for encontrado, depois dê um Avançar e Concluir.

 

- Reinicie seu computador e veja se o autorun voltou ao normal.

 

OBS: Caso o problema esteja acontecendo em outra unidade, faça o mesmo procedimento, mas, selecionando a unidade que será reparada então. Após isto, reinicie o computador novamente.

Compartilhar este post

Link para o post
Compartilhar em outros sites

Bruna Marcela    0

Bruna Marcela
Postado

QUANTO AO LOG, SÓ APARECE ISTO:

 

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

 

QUANTO AO AUTO FIX:

 

Depois de avançar, após a tela onde aparecem os dispositivos ok, qdo manda reparar, o programa dá erro e fecha sozinho. tentei mais de 10 vezes!

 

o que faço?

Compartilhar este post

Link para o post
Compartilhar em outros sites

MGuitar    11

MGuitar
Postado

QUANTO AO LOG, SÓ APARECE ISTO:

 

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

Não é este o relatório.

 

QUANTO AO AUTO FIX:

 

Depois de avançar, após a tela onde aparecem os dispositivos ok, qdo manda reparar, o programa dá erro e fecha sozinho. tentei mais de 10 vezes!

 

o que faço?

Tente executá-lo em modo de segurança.

 

Se ainda assim não resolver, tente mais isto:

 

Iniciar > Executar > gpedit.msc > OK. Caminhe nas chaves: Configuração do computador\Modelos administrativos\Sistema. Ao lado direito, duplo clique em Desativar AutoExecutar. Veja se a opção marcada é: "Não configurado" ou "Desativado".

Compartilhar este post

Link para o post
Compartilhar em outros sites

Bruna Marcela    0

Bruna Marcela
Postado

Quanto ao AUTO FIX:

 

AutoFix [V5.2.3790.67]

Time [2009-11-09 22:57:12]

Microsoft Windows Version [6.0 (Service Pack 2) <6002>]

 

Test [The Shell Hardware Detection service is running.] - Instance [N/A]:

Result [AutoStart Setting]: OK

Result [The Shell Hardware Detection service is running.]: Problems

>> Repair << [The Shell Hardware Detection service is running.]

Step: Starting the Shell Hardware Detection service.

Result: The wizard ran into problems while trying to start the Shell Hardware Detection service.

 

>> Required action: The wizard found problems but cannot fix them -> None

 

 

O SEGUNDO PROCEDIMENTO, COM O GPEDIT.MSC NÃO FUNCIONA, TALVE PQ MEU WINDOWS E O VISTA HOME BASIC. NEM ABRE O GPEDIT. E AGORA, QUAL O PROCEDIMENTO PARA ATIVAR O AUTORUN E ONDE ENCONTRO O LOG DO ESET SCANNER?

Compartilhar este post

Link para o post
Compartilhar em outros sites

MGuitar    11

MGuitar
Postado

Desculpe a demora!

 

A demanda do trabalho me pegou. Trabalho, faço pós-graduação, especialização e não moro no Brasil. Não posso ficar respodendo a qualquer hora e qualquer dia.

 

Seu problema com o autorun não está relacionado com vírus. Para tentar resolver isso abra um tópico na área de Windows aqui do fórum.

 

O log do ESET está na pasta que lhe informei anteriormente: C:\Arquivos de programas\Eset\Eset Online Scanner\log.txt. Mas deixa pra lá...

 

Faça um scan no '>http://www.kaspersky.com.br/virusscanner/"]Kaspersky seguindo o tutorial abaixo e poste o relatório final (como descrito no tutorial).

 

http://www.linhadefensiva.org/forum/index.php?showtopic=74159

Compartilhar este post

Link para o post
Compartilhar em outros sites

Mário Monteiro    179

Mário Monteiro
Postado

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Arquivados (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito