[Arquivado] &nbspAnálise de Log

[Cecilia Novato 0]

Boa noite!

Meu PC já estava bem lento, então foi formatado e instalaram o windows 7... mas nada adiantou... na verdade acho q está mais lento ainda...

Segue log:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:42, on 1/3/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\AVG\AVG9\avgchsvx.exe

C:\Arquivos de programas\AVG\AVG9\avgrsx.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

C:\Arquivos de programas\AVG\AVG9\avgnsx.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\Arquivos de programas\Lexmark 1200 Series\lxczbmgr.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\FixCamera.exe

C:\Arquivos de programas\Spyware Doctor\pctsTray.exe

C:\WINDOWS\vsnp325.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Lexmark 1200 Series\lxczbmon.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\ARQUIV~1\AVG\AVG9\avgtray.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\OBjectDock\ObjectDock.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\HP\Digital Imaging\Product Assistant\bin\hprblog.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: Wisdom-soft Toolbar - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:\Arquivos de programas\Wisdom-soft\tbWis1.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG9\avgssie.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: Wisdom-soft Toolbar - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:\Arquivos de programas\Wisdom-soft\tbWis1.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O3 - Toolbar: Wisdom-soft Toolbar - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:\Arquivos de programas\Wisdom-soft\tbWis1.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Arquivos de programas\Styler\TB\StylerTB.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\HDbar\vsdrv.exe

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Arquivos de programas\Lexmark 1200 Series\lxczbmgr.exe"

O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe

O4 - HKLM\..\Run: [snp325] C:\WINDOWS\vsnp325.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [AVG9_TRAY] C:\ARQUIV~1\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [iSTray] "C:\Arquivos de programas\Spyware Doctor\pctsTray.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - S-1-5-18 Startup: ObjectDock.lnk = C:\Arquivos de programas\OBjectDock\ObjectDock.exe (User 'SYSTEM')

O4 - S-1-5-18 Startup: UberIcon.lnk = C:\Arquivos de programas\UberIcon\UberIcon Manager.exe (User 'SYSTEM')

O4 - S-1-5-18 Startup: VisualTaskTips.lnk = C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: ObjectDock.lnk = C:\Arquivos de programas\OBjectDock\ObjectDock.exe (User 'Default user')

O4 - .DEFAULT Startup: UberIcon.lnk = C:\Arquivos de programas\UberIcon\UberIcon Manager.exe (User 'Default user')

O4 - .DEFAULT Startup: VisualTaskTips.lnk = C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe (User 'Default user')

O4 - .DEFAULT User Startup: ObjectDock.lnk = C:\Arquivos de programas\OBjectDock\ObjectDock.exe (User 'Default user')

O4 - .DEFAULT User Startup: UberIcon.lnk = C:\Arquivos de programas\UberIcon\UberIcon Manager.exe (User 'Default user')

O4 - .DEFAULT User Startup: VisualTaskTips.lnk = C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe (User 'Default user')

O4 - Startup: ObjectDock.lnk = C:\Arquivos de programas\OBjectDock\ObjectDock.exe

O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

O4 - Startup: VisualTaskTips.lnk = C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {049A470D-F818-4E34-B14D-E4E237DADCF8} (CPlayFirstFashionDasControl Object) - http://games.bigfishgames.com/en_fashion-dash/online/fashiondashweb.1.0.0.21.cab

O16 - DPF: {055B4212-4C81-448E-AFA9-C3CA4AAE8F95} (CPlayFirstDairyDashWControl Object) - http://www.shockwave.com/content/dairydash/sis/DairyDashWeb.1.0.0.12.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab

O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - http://127.0.0.1:9070/etc/var/TVUAx.cab

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab

O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro3.cce.hp.com/ChatEntry/downloads/sysinfo.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game14.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{7331D146-5231-4A08-A520-E21FEDD139CC}: NameServer = 200.204.0.10,200.204.0.138

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG9\avgpp.dll

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginUni - C:\ARQUIV~1\GbPlugin\gbiehUni.dll (file missing)

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

 

--

End of file - 14188 bytes

 

 

Obrigada!!

[Felipe_88 0]

Olá, Cecilia Novato!

 

1º

O Hijackthis que você usou está em uma versão desatualizada. Por gentileza, siga os passos abaixo.

* Vá em Iniciar > Configurações > Painel de Controle > Adicionar ou Remover Programas > Desinstale o Hijackthis 2.0.2

2º

*Baixe o RSIT'>http://images.malwareremoval.com/random/RSIT.exe"]RSIT e salve-o no desktop

*Execute o RSIT e clique em [Continue]

*Ao término do processo, cole os relatórios criados em C:\rsit\log.txt e C:\rsit\info.txt

 

No aguardo!

[Cecilia Novato 0]

Bom dia!

Segue o 1º log:

 

Logfile of random's system information tool 1.08 (written by random/random)

Run by Ceci_Sa at 2010-10-08 12:22:14

Microsoft Windows 7 Ultimate

System drive C: has 13 GB (18%) free of 76 GB

Total RAM: 960 MB (7% free)

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:22:46, on 08/10/2010

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\AVG\AVG10\avgtray.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\AVG\AVG10\avgui.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Ceci_Sa\Desktop\RSIT.EXE

C:\Program Files\trend micro\Ceci_Sa.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GO36F4~1.DLL

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

O23 - Service: Watchdog do AVG (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe

O23 - Service: Gerenciador do Google Desktop 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

 

--

End of file - 6063 bytes

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]

RealPlayer Download and Record Plugin for Internet Explorer - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-10-05 341600]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

AVG Safe Search - C:\Program Files\AVG\AVG10\avgssie.dll [2010-09-16 2890592]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]

Windows Live Messenger Companion Helper - C:\Program Files\Windows Live\Companion\companioncore.dll [2010-09-23 393600]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2010-10-05 30192]

"AVG_TRAY"=C:\Program Files\AVG\AVG10\avgtray.exe [2010-09-15 2745696]

"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]

"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-10-05 202256]

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]

"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"="C:\PROGRA~1\Google\GOOGLE~1\GO36F4~1.DLL"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=credssp.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"ConsentPromptBehaviorAdmin"=5

"ConsentPromptBehaviorUser"=3

"EnableUIADesktopToggle"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

 

======File associations======

 

.js - edit - C:\Windows\System32\Notepad.exe %1

.js - open - C:\Windows\System32\WScript.exe "%1" %*

 

======List of files/folders created in the last 1 months======

 

2010-10-08 12:19:41 ----D---- C:\Program Files\trend micro

2010-10-08 12:19:37 ----D---- C:\rsit

2010-10-07 21:34:02 ----D---- C:\ProgramData\Office Genuine Advantage

2010-10-07 21:09:39 ----A---- C:\Windows\system32\MRT.exe

2010-10-07 21:07:36 ----A---- C:\Windows\system32\iertutil.dll

2010-10-07 15:29:50 ----D---- C:\Users\Ceci_Sa\AppData\Roaming\PhotoFiltre Studio X

2010-10-07 15:28:47 ----D---- C:\Program Files\PhotoFiltre Studio X

2010-10-07 10:16:34 ----A---- C:\Windows\system32\msv1_0.dll

2010-10-07 10:15:45 ----A---- C:\Windows\system32\PresentationHostProxy.dll

2010-10-07 10:15:45 ----A---- C:\Windows\system32\PresentationHost.exe

2010-10-07 10:15:45 ----A---- C:\Windows\system32\netfxperf.dll

2010-10-07 10:15:45 ----A---- C:\Windows\system32\mscoree.dll

2010-10-07 10:15:45 ----A---- C:\Windows\system32\dfshim.dll

2010-10-07 09:52:07 ----D---- C:\Windows\system32\Wat

2010-10-06 23:02:58 ----A---- C:\Windows\system32\drivers\ks.sys

2010-10-06 11:44:04 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys

2010-10-06 11:44:04 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys

2010-10-06 11:44:04 ----A---- C:\Windows\system32\drivers\mrxsmb.sys

2010-10-06 11:44:03 ----A---- C:\Windows\system32\drivers\tcpip.sys

2010-10-06 11:43:50 ----A---- C:\Windows\system32\drivers\fvevol.sys

2010-10-06 11:43:49 ----A---- C:\Windows\system32\spoolsv.exe

2010-10-06 11:43:19 ----A---- C:\Windows\system32\winlogon.exe

2010-10-06 11:43:19 ----A---- C:\Windows\system32\ir32_32.dll

2010-10-06 11:43:19 ----A---- C:\Windows\system32\iccvid.dll

2010-10-06 11:43:19 ----A---- C:\Windows\explorer.exe

2010-10-06 11:43:18 ----A---- C:\Windows\system32\msasn1.dll

2010-10-06 11:43:16 ----A---- C:\Windows\system32\tzres.dll

2010-10-06 11:43:04 ----A---- C:\Windows\system32\lsasrv.dll

2010-10-06 11:43:04 ----A---- C:\Windows\system32\drivers\ksecpkg.sys

2010-10-06 11:42:56 ----A---- C:\Windows\system32\rtutils.dll

2010-10-06 11:42:55 ----A---- C:\Windows\system32\inetcomm.dll

2010-10-06 11:42:53 ----A---- C:\Windows\system32\msxml3.dll

2010-10-06 11:42:51 ----A---- C:\Windows\system32\ntdll.dll

2010-10-06 11:42:39 ----A---- C:\Windows\system32\wmp.dll

2010-10-06 11:42:37 ----A---- C:\Windows\system32\winload.exe

2010-10-06 11:42:37 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys

2010-10-06 11:42:37 ----A---- C:\Windows\system32\CertEnroll.dll

2010-10-06 11:42:36 ----A---- C:\Windows\system32\wmploc.DLL

2010-10-06 11:42:36 ----A---- C:\Windows\system32\winresume.exe

2010-10-06 11:42:06 ----A---- C:\Windows\system32\asycfilt.dll

2010-10-06 11:42:05 ----A---- C:\Windows\system32\drivers\srvnet.sys

2010-10-06 11:42:05 ----A---- C:\Windows\system32\drivers\srv2.sys

2010-10-06 11:42:05 ----A---- C:\Windows\system32\drivers\srv.sys

2010-10-06 11:42:03 ----A---- C:\Windows\system32\msdri.dll

2010-10-06 11:42:03 ----A---- C:\Windows\system32\CPFilters.dll

2010-10-06 11:42:02 ----A---- C:\Windows\system32\psisdecd.dll

2010-10-06 11:41:55 ----A---- C:\Windows\system32\jscript.dll

2010-10-06 11:41:54 ----A---- C:\Windows\system32\t2embed.dll

2010-10-06 11:41:51 ----A---- C:\Windows\system32\kernel32.dll

2010-10-06 11:41:50 ----A---- C:\Windows\system32\apphelp.dll

2010-10-06 11:41:48 ----A---- C:\Windows\system32\tsbyuv.dll

2010-10-06 11:41:48 ----A---- C:\Windows\system32\quartz.dll

2010-10-06 11:41:48 ----A---- C:\Windows\system32\msyuv.dll

2010-10-06 11:41:48 ----A---- C:\Windows\system32\msvidc32.dll

2010-10-06 11:41:48 ----A---- C:\Windows\system32\msrle32.dll

2010-10-06 11:41:48 ----A---- C:\Windows\system32\mciavi32.dll

2010-10-06 11:41:48 ----A---- C:\Windows\system32\iyuv_32.dll

2010-10-06 11:41:48 ----A---- C:\Windows\system32\avifil32.dll

2010-10-06 11:41:46 ----A---- C:\Windows\system32\ntoskrnl.exe

2010-10-06 11:41:46 ----A---- C:\Windows\system32\ntkrnlpa.exe

2010-10-06 11:41:41 ----A---- C:\Windows\system32\mshtml.dll

2010-10-06 11:41:40 ----A---- C:\Windows\system32\ieframe.dll

2010-10-06 11:41:39 ----A---- C:\Windows\system32\urlmon.dll

2010-10-06 11:41:39 ----A---- C:\Windows\system32\mstime.dll

2010-10-06 11:41:38 ----A---- C:\Windows\system32\wininet.dll

2010-10-06 11:41:38 ----A---- C:\Windows\system32\msfeedsbs.dll

2010-10-06 11:41:38 ----A---- C:\Windows\system32\jsproxy.dll

2010-10-06 11:41:38 ----A---- C:\Windows\system32\ieui.dll

2010-10-06 11:41:38 ----A---- C:\Windows\system32\iepeers.dll

2010-10-06 11:41:38 ----A---- C:\Windows\system32\iedkcs32.dll

2010-10-06 11:41:37 ----A---- C:\Windows\system32\msfeedssync.exe

2010-10-06 11:41:33 ----A---- C:\Windows\system32\shell32.dll

2010-10-06 11:41:31 ----A---- C:\Windows\system32\vbscript.dll

2010-10-06 11:41:30 ----A---- C:\Windows\system32\secproc_isv.dll

2010-10-06 11:41:30 ----A---- C:\Windows\system32\secproc.dll

2010-10-06 11:41:29 ----A---- C:\Windows\system32\secproc_ssp_isv.dll

2010-10-06 11:41:29 ----A---- C:\Windows\system32\secproc_ssp.dll

2010-10-06 11:41:29 ----A---- C:\Windows\system32\RMActivate_isv.exe

2010-10-06 11:41:29 ----A---- C:\Windows\system32\RMActivate.exe

2010-10-06 11:41:28 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe

2010-10-06 11:41:28 ----A---- C:\Windows\system32\RMActivate_ssp.exe

2010-10-06 11:41:26 ----A---- C:\Windows\system32\schannel.dll

2010-10-06 11:39:30 ----A---- C:\Windows\system32\win32k.sys

2010-10-06 11:37:42 ----D---- C:\Users\Ceci_Sa\AppData\Roaming\Windows Live Writer

2010-10-06 11:31:38 ----A---- C:\Windows\system32\fontsub.dll

2010-10-06 11:31:38 ----A---- C:\Windows\system32\atmlib.dll

2010-10-06 11:31:38 ----A---- C:\Windows\system32\atmfd.dll

2010-10-06 00:14:50 ----D---- C:\Windows\Panther

2010-10-06 00:13:34 ----D---- C:\Windows\pt-BR

2010-10-06 00:13:33 ----D---- C:\Windows\system32\XPSViewer

2010-10-06 00:13:32 ----D---- C:\Windows\system32\drivers\pt-BR

2010-10-06 00:03:30 ----D---- C:\Windows.old

2010-10-05 23:50:39 ----D---- C:\ProgramData\Adobe

2010-10-05 23:50:21 ----D---- C:\Program Files\Common Files\Adobe

2010-10-05 23:50:21 ----D---- C:\Program Files\Adobe

2010-10-05 23:46:08 ----D---- C:\ProgramData\McAfee

2010-10-05 23:33:17 ----A---- C:\Windows\system32\drivers\fssfltr.sys

2010-10-05 23:33:15 ----DC---- C:\Windows\system32\DRVSTORE

2010-10-05 23:31:25 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition

2010-10-05 23:24:15 ----D---- C:\Program Files\Windows Live

2010-10-05 23:22:48 ----D---- C:\Program Files\Microsoft

2010-10-05 23:21:21 ----A---- C:\Windows\system32\XAudio2_5.dll

2010-10-05 23:21:21 ----A---- C:\Windows\system32\XAPOFX1_3.dll

2010-10-05 23:21:18 ----A---- C:\Windows\system32\d3dx10_42.dll

2010-10-05 23:18:54 ----A---- C:\Windows\system32\d3dx9_32.dll

2010-10-05 23:15:03 ----D---- C:\Program Files\Microsoft Silverlight

2010-10-05 23:13:31 ----A---- C:\Windows\system32\UIRibbon.dll

2010-10-05 23:13:30 ----A---- C:\Windows\system32\UIRibbonRes.dll

2010-10-05 23:09:51 ----D---- C:\Program Files\Common Files\Windows Live

2010-10-05 22:54:20 ----A---- C:\Windows\system32\rmoc3260.dll

2010-10-05 22:53:37 ----A---- C:\Windows\system32\pndx5032.dll

2010-10-05 22:53:37 ----A---- C:\Windows\system32\pndx5016.dll

2010-10-05 22:53:07 ----D---- C:\Program Files\Common Files\xing shared

2010-10-05 22:52:48 ----A---- C:\Windows\system32\msonpmon.dll

2010-10-05 22:50:27 ----A---- C:\Windows\system32\pncrt.dll

2010-10-05 22:50:27 ----A---- C:\Windows\system32\msvcr71.dll

2010-10-05 22:50:27 ----A---- C:\Windows\system32\msvcp71.dll

2010-10-05 22:50:24 ----D---- C:\Program Files\Real

2010-10-05 22:50:17 ----D---- C:\Program Files\Common Files\Real

2010-10-05 22:50:14 ----D---- C:\ProgramData\Real

2010-10-05 22:50:03 ----D---- C:\Users\Ceci_Sa\AppData\Roaming\Real

2010-10-05 22:45:14 ----D---- C:\Program Files\Microsoft Works

2010-10-05 22:42:46 ----D---- C:\Program Files\Microsoft Visual Studio

2010-10-05 22:42:46 ----D---- C:\Program Files\Common Files\DESIGNER

2010-10-05 22:40:26 ----D---- C:\Windows\PCHEALTH

2010-10-05 22:40:25 ----D---- C:\Program Files\Microsoft.NET

2010-10-05 22:37:10 ----D---- C:\Program Files\Microsoft Visual Studio 8

2010-10-05 22:35:12 ----D---- C:\Program Files\Microsoft Office

2010-10-05 22:35:05 ----D---- C:\ProgramData\Microsoft Help

2010-10-05 22:23:50 ----D---- C:\Users\Ceci_Sa\AppData\Roaming\WinRAR

2010-10-05 20:39:58 ----D---- C:\Program Files\WinRAR

2010-10-05 20:36:37 ----D---- C:\Program Files\HP-12C Financial Emulator

2010-10-05 20:35:55 ----D---- C:\Users\Ceci_Sa\AppData\Roaming\AVG10

2010-10-05 20:28:24 ----HD---- C:\ProgramData\Common Files

2010-10-05 20:26:52 ----D---- C:\Windows\system32\drivers\AVG

2010-10-05 20:26:52 ----D---- C:\ProgramData\AVG10

2010-10-05 20:26:33 ----A---- C:\Windows\uninst.exe

2010-10-05 20:26:00 ----D---- C:\Program Files\AVG

2010-10-05 20:10:37 ----D---- C:\Users\Ceci_Sa\AppData\Roaming\Macromedia

2010-10-05 20:10:37 ----D---- C:\Users\Ceci_Sa\AppData\Roaming\Adobe

2010-10-05 20:04:57 ----SHD---- C:\Windows\Installer

2010-10-05 20:04:04 ----D---- C:\Windows\system32\Macromed

2010-10-05 20:03:59 ----D---- C:\ProgramData\MFAData

2010-10-05 19:57:33 ----D---- C:\Program Files\Google

2010-10-05 19:56:25 ----D---- C:\ProgramData\Google

2010-10-05 19:54:39 ----D---- C:\Users\Ceci_Sa\AppData\Roaming\Mozilla

2010-10-05 19:54:32 ----D---- C:\Program Files\Mozilla Firefox

2010-10-05 19:53:27 ----N---- C:\Windows\system32\MpSigStub.exe

2010-10-05 19:47:09 ----A---- C:\Windows\system32\wintrust.dll

2010-10-05 19:47:09 ----A---- C:\Windows\system32\cabview.dll

2010-10-05 19:45:31 ----D---- C:\Users\Ceci_Sa\AppData\Roaming\Identities

2010-10-05 19:45:19 ----SD---- C:\Users\Ceci_Sa\AppData\Roaming\Microsoft

2010-10-05 19:45:19 ----D---- C:\Users\Ceci_Sa\AppData\Roaming\Media Center Programs

2010-10-05 19:45:03 ----SHD---- C:\Recovery

2010-10-05 19:45:02 ----SHD---- C:\ProgramData\Modelos

2010-10-05 19:45:02 ----SHD---- C:\ProgramData\Menu Iniciar

2010-10-05 19:45:02 ----SHD---- C:\ProgramData\Favoritos

2010-10-05 19:45:02 ----SHD---- C:\ProgramData\Documentos

2010-10-05 19:45:02 ----SHD---- C:\ProgramData\Dados de aplicativos

2010-10-05 19:45:02 ----SHD---- C:\Program Files\Common Files\Sistema

2010-10-05 19:45:02 ----SHD---- C:\Program Files\Arquivos Comuns

2010-10-05 19:38:53 ----A---- C:\Windows\system32\PerfStringBackup.INI

2010-10-05 19:19:40 ----D---- C:\Windows\SoftwareDistribution

2010-10-05 19:16:38 ----D---- C:\Windows\Prefetch

2010-10-05 19:15:58 ----ASH---- C:\hiberfil.sys

2010-10-05 18:57:46 ----RASH---- C:\BOOTSECT.BAK

2010-10-05 18:57:37 ----SHD---- C:\Boot

2010-09-23 00:47:28 ----A---- C:\Windows\system32\sirenacm.dll

2010-09-21 14:03:14 ----A---- C:\Windows\system32\LIVESSP.DLL

2010-09-15 20:14:22 ----D---- C:\f6fde338e27b7b8f570f9015c8ab83

2010-09-13 16:27:54 ----A---- C:\Windows\system32\drivers\AVGIDSEH.sys

 

======List of files/folders modified in the last 1 months======

 

2010-10-08 12:22:20 ----D---- C:\Windows\Temp

2010-10-08 12:21:21 ----D---- C:\Windows\system32\config

2010-10-08 12:19:41 ----RD---- C:\Program Files

2010-10-08 12:18:18 ----D---- C:\Windows

2010-10-08 12:16:03 ----D---- C:\Windows\system32\Tasks

2010-10-08 12:15:41 ----D---- C:\Config.Msi

2010-10-08 11:20:06 ----D---- C:\Windows\System32

2010-10-07 22:15:02 ----SHD---- C:\System Volume Information

2010-10-07 22:14:16 ----D---- C:\Windows\rescache

2010-10-07 22:09:46 ----D---- C:\Windows\Logs

2010-10-07 21:34:02 ----HD---- C:\ProgramData

2010-10-07 21:33:19 ----D---- C:\Windows\winsxs

2010-10-07 21:15:22 ----D---- C:\Windows\system32\zh-TW

2010-10-07 21:15:22 ----D---- C:\Windows\system32\zh-HK

2010-10-07 21:15:22 ----D---- C:\Windows\system32\tr-TR

2010-10-07 21:15:22 ----D---- C:\Windows\system32\sv-SE

2010-10-07 21:15:22 ----D---- C:\Windows\system32\pt-BR

2010-10-07 21:15:22 ----D---- C:\Windows\system32\nl-NL

2010-10-07 21:15:22 ----D---- C:\Windows\system32\nb-NO

2010-10-07 21:15:22 ----D---- C:\Windows\system32\ko-KR

2010-10-07 21:15:22 ----D---- C:\Windows\system32\it-IT

2010-10-07 21:15:22 ----D---- C:\Windows\system32\he-IL

2010-10-07 21:15:22 ----D---- C:\Windows\system32\fr-FR

2010-10-07 21:15:22 ----D---- C:\Windows\system32\fi-FI

2010-10-07 21:15:22 ----D---- C:\Windows\system32\es-ES

2010-10-07 21:15:22 ----D---- C:\Windows\system32\en-US

2010-10-07 21:15:22 ----D---- C:\Windows\system32\el-GR

2010-10-07 21:15:22 ----D---- C:\Windows\system32\de-DE

2010-10-07 21:15:22 ----D---- C:\Windows\system32\da-DK

2010-10-07 21:15:22 ----D---- C:\Windows\system32\ar-SA

2010-10-07 21:14:50 ----RSD---- C:\Windows\assembly

2010-10-07 21:09:42 ----D---- C:\Windows\debug

2010-10-07 21:07:46 ----D---- C:\Windows\system32\catroot

2010-10-07 19:35:12 ----D---- C:\Windows\Microsoft.NET

2010-10-07 15:08:05 ----D---- C:\Windows\inf

2010-10-07 10:29:27 ----D---- C:\Windows\system32\drivers

2010-10-07 10:29:24 ----D---- C:\Windows\AppPatch

2010-10-07 10:29:24 ----D---- C:\Program Files\Windows Mail

2010-10-07 10:29:23 ----D---- C:\Windows\system32\Boot

2010-10-07 10:29:23 ----D---- C:\Program Files\Windows Media Player

2010-10-07 10:29:22 ----D---- C:\Windows\ehome

2010-10-07 09:52:10 ----D---- C:\Windows\system32\migration

2010-10-07 09:52:10 ----D---- C:\Program Files\Internet Explorer

2010-10-07 09:52:00 ----D---- C:\Windows\system32\DriverStore

2010-10-06 23:09:22 ----RSD---- C:\Windows\Fonts

2010-10-06 23:09:14 ----D---- C:\Program Files\Common Files\microsoft shared

2010-10-06 23:06:33 ----A---- C:\Windows\win.ini

2010-10-06 19:30:19 ----D---- C:\Windows\system32\catroot2

2010-10-06 11:16:37 ----D---- C:\Windows\system32\wdi

2010-10-06 00:14:36 ----RASH---- C:\Boot.ini.saved

2010-10-06 00:13:35 ----D---- C:\Windows\servicing

2010-10-06 00:13:35 ----D---- C:\Program Files\Windows Sidebar

2010-10-06 00:13:35 ----D---- C:\Program Files\Windows Photo Viewer

2010-10-06 00:13:35 ----D---- C:\Program Files\Windows Journal

2010-10-06 00:13:35 ----D---- C:\Program Files\Windows Defender

2010-10-06 00:13:35 ----D---- C:\Program Files\DVD Maker

2010-10-06 00:13:34 ----D---- C:\Windows\system32\winrm

2010-10-06 00:13:34 ----D---- C:\Windows\system32\slmgr

2010-10-06 00:13:34 ----D---- C:\Windows\system32\oobe

2010-10-06 00:13:34 ----D---- C:\Windows\system32\migwiz

2010-10-06 00:13:34 ----D---- C:\Windows\PolicyDefinitions

2010-10-06 00:13:34 ----D---- C:\Windows\IME

2010-10-06 00:13:32 ----D---- C:\Windows\system32\WCN

2010-10-06 00:13:32 ----D---- C:\Windows\system32\Printing_Admin_Scripts

2010-10-06 00:13:32 ----D---- C:\Windows\system32\MUI

2010-10-06 00:13:32 ----D---- C:\Windows\system32\Dism

2010-10-06 00:13:32 ----D---- C:\Windows\system32\com

2010-10-05 23:50:21 ----D---- C:\Program Files\Common Files

2010-10-05 23:29:21 ----SD---- C:\ProgramData\Microsoft

2010-10-05 23:28:26 ----D---- C:\Windows\system32\LogFiles

2010-10-05 22:44:12 ----D---- C:\Program Files\MSBuild

2010-10-05 22:42:42 ----D---- C:\Windows\ShellNew

2010-10-05 22:36:17 ----D---- C:\Program Files\Common Files\System

2010-10-05 19:47:11 ----D---- C:\Windows\system32\restore

2010-10-05 19:45:29 ----SHD---- C:\$Recycle.Bin

2010-10-05 19:45:16 ----RD---- C:\Users

2010-10-05 19:45:03 ----D---- C:\Windows\system32\Recovery

2010-10-05 19:45:03 ----D---- C:\Program Files\Windows NT

2010-10-05 19:38:43 ----D---- C:\Windows\system32\wbem

2010-10-05 19:25:45 ----D---- C:\Windows\system32\CodeIntegrity

2010-10-05 19:21:07 ----RSH---- C:\boot.ini

2010-10-05 19:20:00 ----D---- C:\Windows\system32\sysprep

2010-10-05 19:18:56 ----D---- C:\Windows\system32\drivers\UMDF

2010-10-05 19:17:21 ----D---- C:\Windows\CSC

2010-10-02 17:59:31 ----D---- C:\temp

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R0 AVGIDSEH;AVGIDSEH; C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [2010-09-13 25680]

R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx86.sys [2010-09-07 26064]

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-13 173648]

R1 Avgldx86;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx86.sys [2010-09-07 249424]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx86.sys [2010-09-07 34384]

R1 Avgtdix;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdix.sys [2010-09-07 298448]

R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-13 387584]

R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-13 8704]

R3 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [2010-08-19 123472]

R3 AVGIDSFilter;AVGIDSFilter; C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [2010-08-19 30288]

R3 AVGIDSShim;AVGIDSShim; C:\Windows\system32\DRIVERS\AVGIDSShim.Sys [2010-08-19 21072]

R3 FETNDIS;VIA Rhine-Family Fast Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\fetnd6.sys [2009-07-13 44032]

R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2009-07-13 1068032]

S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-13 70720]

S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-13 53312]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]

S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-23 39272]

S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-13 12368]

S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-13 133120]

S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-13 5632]

S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-13 28224]

S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-13 53328]

S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-13 52736]

S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-13 175824]

S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-13 17920]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-09-03 6104144]

R2 avgwd;Watchdog do AVG; C:\Program Files\AVG\AVG10\avgwdsvc.exe [2010-09-10 265400]

R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-13 20992]

R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464]

S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-13 20992]

S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2010-09-23 1493352]

S3 GoogleDesktopManager-051210-111108;Gerenciador do Google Desktop 5.9.1005.12335; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2010-10-05 30192]

S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-13 20992]

S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-13 20992]

S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-10-06 1343400]

S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

 

-----------------EOF-----------------

 

E aqui va i 2º:

 

info.txt logfile of random's system information tool 1.08 2010-10-08 12:22:54

 

======Uninstall list======

 

Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe -maintain activex

Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10k_Plugin.exe -maintain plugin

Adobe Reader 9.4.0 - Português-->MsiExec.exe /I{AC76BA86-7AD7-1046-7B44-A94000000001}

Arquivo do WinRAR-->C:\Program Files\WinRAR\uninstall.exe

Atualização do produto Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0416-0000-0000000FF1CE} /uninstall {717C9095-8AAE-41CB-B046-BD6E8399F4F3}

Atualização do produto Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0416-0000-0000000FF1CE} /uninstall {5016CB22-B9A7-44FB-AA72-AF28B27B15EA}

Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0416-0000-0000000FF1CE} /uninstall {BE3A7C0C-0081-4694-B5F9-980DD66BDDF8}

Atualização do produto Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0416-0000-0000000FF1CE} /uninstall {7297E3A9-FCD4-4E0E-A306-7A90359E50E3}

AVG 2011-->"C:\Program Files\AVG\AVG10\avgmfapx.exe" /AppMode=SETUP /Uninstall

AVG 2011-->MsiExec.exe /I{739F4CE3-6443-40AB-ACB3-2CF6FD3702AE}

AVG 2011-->MsiExec.exe /I{8FB6AF1C-7B7B-42F9-BAAF-7592AC9819E6}

Controle ActiveX do Windows Live Mesh para Conexões Remotas-->MsiExec.exe /I{39B3184E-0BFB-40FA-ADDC-E7E2D535CDA9}

D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}

Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall

HP-12C Financial Emulator-->C:\Windows\uninst.exe -f"C:\Program Files\HP-12C Financial Emulator\DeIsL1.isu"

Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}

Mesh Runtime-->MsiExec.exe /I{8C6D6116-B724-4810-8F2D-D047E6B7D68E}

Messenger Companion-->MsiExec.exe /I{3889988F-762B-4B85-AB17-71C9CC3AE445}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0416-0000-0000000FF1CE} /uninstall {02A880E2-B8B9-4BF5-8822-EA1374734E2E}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0416-0000-0000000FF1CE} /uninstall {02A880E2-B8B9-4BF5-8822-EA1374734E2E}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0416-0000-0000000FF1CE} /uninstall {02A880E2-B8B9-4BF5-8822-EA1374734E2E}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0416-0000-0000000FF1CE} /uninstall {02A880E2-B8B9-4BF5-8822-EA1374734E2E}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0416-0000-0000000FF1CE} /uninstall {02A880E2-B8B9-4BF5-8822-EA1374734E2E}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0416-0000-0000000FF1CE} /uninstall {02A880E2-B8B9-4BF5-8822-EA1374734E2E}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0416-0000-0000000FF1CE} /uninstall {02A880E2-B8B9-4BF5-8822-EA1374734E2E}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0416-0000-0000000FF1CE} /uninstall {9A141B2B-7C5E-47D2-8E9E-9AC6018F3C42}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0416-0000-0000000FF1CE} /uninstall {02A880E2-B8B9-4BF5-8822-EA1374734E2E}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0416-0000-0000000FF1CE} /uninstall {02A880E2-B8B9-4BF5-8822-EA1374734E2E}

Microsoft Office Access MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0015-0416-0000-0000000FF1CE}

Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL

Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}

Microsoft Office Excel MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0016-0416-0000-0000000FF1CE}

Microsoft Office Groove MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-00BA-0416-0000-0000000FF1CE}

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0044-0416-0000-0000000FF1CE}

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-00A1-0416-0000-0000000FF1CE}

Microsoft Office Outlook Connector-->MsiExec.exe /X{95140000-007A-0416-0000-0000000FF1CE}

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-001A-0416-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0018-0416-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-001F-0416-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-002C-0416-0000-0000000FF1CE}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0416-0000-0000000FF1CE} /uninstall {75EBE365-7FC5-4720-A7D3-804BF550D1BC}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0019-0416-0000-0000000FF1CE}

Microsoft Office Shared MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-006E-0416-0000-0000000FF1CE}

Microsoft Office Word MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-001B-0416-0000-0000000FF1CE}

Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}

Mozilla Firefox (3.6.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}

OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}

RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0

Security Update for 2007 Microsoft Office System (KB2277947)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5857EE21-03D0-482E-9620-5A30B314A2AE}

Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D}

Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}

Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}

Security Update for 2007 Microsoft Office System (KB982312)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B0EC5722-241F-4CDA-83B4-AA5846B6F9F4}

Security Update for 2007 Microsoft Office System (KB982331)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E8766951-2B6C-4022-86E8-80D2D1762B76}

Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1142CCEC-ACA9-484B-BA90-C3A5CA1988C5}

Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5A4E43D5-858F-49BD-BA72-8F30E1793060}

Security Update for Microsoft Office Excel 2007 (KB982308)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C3F9A0DC-A5D1-4BB6-870E-2953E5A2487B}

Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1109D0B3-EFA3-4553-AAED-4C3E9AD130E8}

Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}

Security Update for Microsoft Office Outlook 2007 (KB2288953)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8B772E1C-7C05-42D2-839D-3EC2D39EFF22}

Security Update for Microsoft Office PowerPoint 2007 (KB982158)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F5B70033-E79C-4569-90BF-BC9B4E4F3F46}

Security Update for Microsoft Office Publisher 2007 (KB982124)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {289FA8BC-6A8E-4341-B194-EB26B49E9F5D}

Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}

Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}

Security Update for Microsoft Office Word 2007 (KB2251419)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7E9103DA-253F-41FF-9E83-7C83806C77DA}

Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}

Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF}

Update for Outlook 2007 Junk Email Filter (kb2291599)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {768A5B4B-2FDF-4F3D-981E-33C53724BBC8}

Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}

Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe

Windows Live Essentials-->MsiExec.exe /I{43B43577-2514-4CE0-B14A-7E85C17C0453}

Windows Live Family Safety-->MsiExec.exe /I{65CD9858-1F02-46C8-80DA-62B29D2BA176}

Windows Live Family Safety-->MsiExec.exe /X{F53D678E-238F-4A71-9742-08BB6774E9DC}

Windows Live Galeria de Fotos-->MsiExec.exe /X{F7A46527-DF1F-4B0F-9637-98547E189442}

Windows Live ID Sign-in Assistant-->MsiExec.exe /I{61AD15B2-50DB-4686-A739-14FE180D4429}

Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}

Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30}

Windows Live Mail-->MsiExec.exe /I{9DA3F03B-2CEE-4344-838E-117861E61FAF}

Windows Live Mesh-->MsiExec.exe /I{644063FA-ABA3-42AC-A8AC-3EDC0706018B}

Windows Live Mesh-->MsiExec.exe /I{DECDCB7C-58CC-4865-91AF-627F9798FE48}

Windows Live Messenger Companion Core-->MsiExec.exe /I{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}

Windows Live Messenger-->MsiExec.exe /X{D54A52A8-DF24-4CE8-850B-074CA47DFA74}

Windows Live Messenger-->MsiExec.exe /X{EB4DF488-AAEF-406F-A341-CB2AAA315B90}

Windows Live MIME IFilter-->MsiExec.exe /I{AF844339-2F8A-4593-81B3-9F4C54038C4E}

Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}

Windows Live Movie Maker-->MsiExec.exe /X{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}

Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}

Windows Live Photo Common-->MsiExec.exe /X{B33B61FE-701F-425F-98AB-2B85725CBF68}

Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}

Windows Live PIMT Platform-->MsiExec.exe /I{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}

Windows Live Remote Client Resources-->MsiExec.exe /I{41B72CAF-036B-4E0A-8D22-F5DF7C970434}

Windows Live Remote Client-->MsiExec.exe /I{19A4A990-5343-4FF7-B3B5-6F046C091EDF}

Windows Live Remote Service Resources-->MsiExec.exe /I{E6617B44-D556-49AC-B2A3-01451E115043}

Windows Live Remote Service-->MsiExec.exe /I{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}

Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}

Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}

Windows Live UX Platform Language Pack-->MsiExec.exe /I{5CADEAC5-0A9C-4680-B850-6A9085ADD23B}

Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}

Windows Live Writer Resources-->MsiExec.exe /X{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}

Windows Live Writer-->MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04}

Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}

Windows Live Writer-->MsiExec.exe /X{B3BE54A4-8DFE-4593-8E66-56AB7133B812}

 

=====HijackThis Backups=====

 

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) [2009-12-30]

O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - (no file) [2009-12-30]

O2 - BHO: GbiehObj Class - {FCAAAC14-BC46-40CA-9CB2-CBB12C6739EB} - (no file) [2009-12-30]

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) [2009-12-31]

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) [2010-01-08]

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GbPlugin\gbiehuni.dll (file missing) [2010-01-08]

O20 - Winlogon Notify: GbPluginUni - C:\ARQUIV~1\GbPlugin\gbiehUni.dll (file missing) [2010-01-08]

 

======System event log======

 

Computer Name: 37L4247D28-05

Event Code: 7036

Message: O serviço Distributed Link Tracking Client entrou no estado stopped.

Record Number: 5

Source Name: Service Control Manager

Time Written: 20090714045645.074339-000

Event Type: Informações

User:

 

Computer Name: 37L4247D28-05

Event Code: 7036

Message: O serviço Security Center entrou no estado stopped.

Record Number: 4

Source Name: Service Control Manager

Time Written: 20090714045645.074339-000

Event Type: Informações

User:

 

Computer Name: 37L4247D28-05

Event Code: 7036

Message: O serviço Desktop Window Manager Session Manager entrou no estado stopped.

Record Number: 3

Source Name: Service Control Manager

Time Written: 20090714045645.074339-000

Event Type: Informações

User:

 

Computer Name: 37L4247D28-05

Event Code: 7036

Message: O serviço Diagnostic Policy Service entrou no estado stopped.

Record Number: 2

Source Name: Service Control Manager

Time Written: 20090714045645.074339-000

Event Type: Informações

User:

 

Computer Name: 37L4247D28-05

Event Code: 7036

Message: O serviço Microsoft Software Shadow Copy Provider entrou no estado stopped.

Record Number: 1

Source Name: Service Control Manager

Time Written: 20090714045645.074339-000

Event Type: Informações

User:

 

=====Application event log=====

 

Computer Name: 37L4247D28-05

Event Code: 1001

Message: Falha no compartilhamento de memória , tipo 0

Nome do Evento: PnPDriverNotFound

Resposta: Não disponível

Id do arquivo CAB: 0

 

Assinatura do problema:

P1: x86

P2: PCI\VEN_1106&DEV_3059&SUBSYS_A0041458&REV_60

P3:

P4:

P5:

P6:

P7:

P8:

P9:

P10:

 

Arquivos anexados:

C:\Windows\Temp\DMIF7F2.tmp.log.xml

 

Estes arquivos podem estar disponíveis em:

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x86_719a886e4756c3c558cae0f2996a7bdcd9cc1b91_cab_07aaf8cd

 

Símbolo da análise:

Verificando novamente solução: 0

Id de relatório: 7e38f3ca-d0ce-11df-b8f2-fa991a72ff93

Status do relatório: 6

Record Number: 5

Source Name: Windows Error Reporting

Time Written: 20101005221835.000000-000

Event Type: Informações

User:

 

Computer Name: 37L4247D28-05

Event Code: 5617

Message: Windows Management Instrumentation Service subsystems initialized successfully

Record Number: 4

Source Name: Microsoft-Windows-WMI

Time Written: 20101005221735.000000-000

Event Type: Informações

User:

 

Computer Name: 37L4247D28-05

Event Code: 5615

Message: Windows Management Instrumentation Service started sucessfully

Record Number: 3

Source Name: Microsoft-Windows-WMI

Time Written: 20101005221729.000000-000

Event Type: Informações

User:

 

Computer Name: 37L4247D28-05

Event Code: 1531

Message: Serviço de Perfil de Usuário iniciado com êxito.

 

 

Record Number: 2

Source Name: Microsoft-Windows-User Profiles Service

Time Written: 20101005221722.406250-000

Event Type: Informações

User: AUTORIDADE NT\SISTEMA

 

Computer Name: 37L4247D28-05

Event Code: 4625

Message: O subsistema EventSystem está suprimindo entradas de log de eventos duplicadas para uma duração de 86400 segundos. O tempo limite de supressão pode ser controlado por um valor REG_DWORD denominado SuppressDuplicateDuration sob esta chave do Registro: HKLM\Software\Microsoft\EventSystem\EventLog.

Record Number: 1

Source Name: Microsoft-Windows-EventSystem

Time Written: 20101005221722.000000-000

Event Type: Informações

User:

 

=====Security event log=====

 

Computer Name: 37L4247D28-05

Event Code: 4735

Message: Foi alterado um grupo local com a segurança ativada.

 

Requerente:

Identificação de segurança: S-1-5-18

Nome da conta: 37L4247D28-05$

Domínio da conta: WORKGROUP

Identificação de logon: 0x3e7

 

Grupo:

Identificação de segurança: S-1-5-32-551

Nome do grupo: Operadores de cópia

Domínio do grupo: Builtin

 

Atributos alterados:

Nome de conta Sam: -

Histórico sid: -

 

Informações adicionais:

Privilégios: -

Record Number: 5

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20101005221639.343750-000

Event Type: Sucesso da Auditoria

User:

 

Computer Name: 37L4247D28-05

Event Code: 4731

Message: Foi criado um grupo local com a segurança ativada.

 

Requerente:

Identificação de segurança: S-1-5-18

Nome da conta: 37L4247D28-05$

Domínio da conta: WORKGROUP

Identificação de logon: 0x3e7

 

Novo grupo:

Identificação de segurança: S-1-5-32-551

Nome do grupo: Operadores de cópia

Domínio do grupo: Builtin

 

Atributos:

Nome de conta Sam: Operadores de cópia

Histórico sid: -

 

Informações adicionais:

Privilégios: -

Record Number: 4

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20101005221639.312500-000

Event Type: Sucesso da Auditoria

User:

 

Computer Name: 37L4247D28-05

Event Code: 4902

Message: Criada tabela de diretivas de auditoria por usuário.

 

Número de elementos: 0

Identificação da diretiva: 0x2456d

Record Number: 3

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20101005221638.484375-000

Event Type: Sucesso da Auditoria

User:

 

Computer Name: 37L4247D28-05

Event Code: 4624

Message: O logon de uma conta foi efetuado com sucesso.

 

Requerente:

Identificação de segurança: S-1-0-0

Nome da conta: -

Domínio da conta: -

Identificação de logon: 0x0

 

Tipo de logon: 0

 

Novo logon:

Identificação de segurança: S-1-5-18

Nome da conta: SISTEMA

Domínio da conta: AUTORIDADE NT

Identificação de logon: 0x3e7

GUID de logon: {00000000-0000-0000-0000-000000000000}

 

Informações do processo:

Identificação do processo: 0x4

Nome do processo:

 

Informações da rede:

Nome da estação de trabalho: -

Endereço da rede de origem: -

Porta de origem: -

 

Informações detalhadas da autenticação:

Processo de logon: -

Pacote de autenticação: -

Serviços transitados: -

Nome do pacote (somente NTLM): -

Comprimento da chave: 0

 

Este evento é gerado quando uma sessão de logon é criada. Ele é gerado no computador acessado.

 

Os campos do assunto indicam a Conta Sistema Local que solicitou o logon. Comumente, isto é um serviço como o de servidor ou um processo local como Winlogon.exe ou Services.exe.

 

O campo tipo de logon indica o tipo de logon ocorrido. Os tipos mais comuns são 2 (interativo) e 3 (em rede).

 

Os campos Novo logon indicam as contas para a qual o novo logon foi criada, isto é, a conta na qual o logon foi efetuado.

 

Os campos de rede indicam onde a solicitação de logon remoto se originou. O nome da estação de trabalho nem sempre está disponível e pode ser deixado em branco em alguns casos.

 

Os campos de informações de autenticação fornecem informações detalhadas sobre esta solicitação específica de logon.

-O GUID de logon é um identificador exclusivo que pode ser usado para correlacionar este evento com um evento de KDC.

- Serviços transitados indicam qual serviço intermediário participou desta solicitação de logon.

- Nome de pacote indica qual subprotocolo foi usado, entre os protocolos NTLM.

- Comprimento da chave indica o comprimento da chave da sessão gerada. Ele será 0 se nenhuma chave de sessão foi solicitada.

Record Number: 2

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20101005221634.125000-000

Event Type: Sucesso da Auditoria

User:

 

Computer Name: 37L4247D28-05

Event Code: 4608

Message: Windows está iniciando.

 

Este evento é registrado quando o LSASS.EXE inicia e o subsistema de auditoria é inicializado.

Record Number: 1

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20101005221634.000000-000

Event Type: Sucesso da Auditoria

User:

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"Path"=C:\Program Files\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Windows Live\Shared

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

"PROCESSOR_ARCHITECTURE"=x86

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"USERNAME"=SYSTEM

"windir"=%SystemRoot%

"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\

"NUMBER_OF_PROCESSORS"=2

"PROCESSOR_LEVEL"=15

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 6 Stepping 4, GenuineIntel

"PROCESSOR_REVISION"=0604

 

-----------------EOF-----------------

 

 

Obrigada!!

[Felipe_88 0]

Bom dia Cecilia Novato!

 

1º

Nos informa a configuração do seu PC;

 

2º

*Baixe o MalwareBytes'>http://www.malwarebytes.org/mbam-download.php"]MalwareBytes Anti-Malware e salve-o no desktop

*Instale o programa

*Se alguma atualização existir,o download será automático. Aguarde...

*O programa será aberto automaticamente.

*Na aba [Verificação], selecione a opção [Verificação completa]

*Clique em [Verificar] e selecione as partições a serem examinadas (geralmente C:\ e D:\)

*Ao término do scan, poderá ser interrogado se deseja remover objetos da memória. Clique [sIM] > [OK] > [Mostrar Resultados]

*Clique em [Remover Selecionados]

*Um relatório (mbam-log-ano-mês-data.txt) será apresentado.

*Cole-o na sua próxima resposta

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.