Sefyrus 0 Denunciar post Postado Dezembro 17, 2010 Ola pessoal, se possive, por favor, analisem meu log do HijackThis. Ha alguns dias meu computador detectou uns trojans pelo avast e desde então meu computador esta muito lento e as vezes congela, mas logo volta. Obrigado Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 09:52:39, on 17/12/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Netropa\Multimedia Keyboard\nhksrv.exe C:\Arquivos de programas\Embarcadero\RAD Studio\7.0\bin\BSQLServer.exe C:\Arquivos de programas\Bonjour\mDNSResponder.exe C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe c:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Arquivos de programas\VIA\VIAudioi\EnvyADeck\EnMixCPL.exe C:\Arquivos de programas\Netropa\Multimedia Keyboard\MMKeybd.exe C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\PixArt\PAC7302\Monitor.exe C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe C:\Arquivos de programas\Netropa\Multimedia Keyboard\TrayMon.exe C:\Arquivos de programas\Netropa\Onscreen Display\OSD.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqbam08.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgpc01.exe C:\WINDOWS\system32\msiexec.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe C:\WINDOWS\system32\wuauclt.exe c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe C:\Documents and Settings\Felipe\Meus documentos\Downloads\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~3\Office12\GRA8E1~1.DLL O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] C:\Arquivos de programas\NVIDIA Corporation\nView\nwiz.exe /installquiet O4 - HKLM\..\Run: [EnvyHFCPL] C:\Arquivos de programas\VIA\VIAudioi\EnvyADeck\EnMixCPL.exe 1 O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Arquivos de programas\Netropa\Multimedia Keyboard\MMKeybd.exe O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [DWQueuedReporting] "C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" -t O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" /startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O17 - HKLM\System\CCS\Services\Tcpip\..\{054019F8-5302-451E-AC42-A8A7055596AF}: NameServer = 200.204.0.10 200.204.0.138 O17 - HKLM\System\CS1\Services\Tcpip\..\{054019F8-5302-451E-AC42-A8A7055596AF}: NameServer = 200.204.0.10 200.204.0.138 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~3\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe O23 - Service: BlackfishSQL - CodeGear - C:\Arquivos de programas\Embarcadero\RAD Studio\7.0\bin\BSQLServer.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InterBase 2009 Guardian gds_db (IBG_gds_db) - Embarcadero Technologies, Inc. - C:\CodeGear\InterBase\bin\ibguard.exe O23 - Service: InterBase 2009 Server gds_db (IBS_gds_db) - Embarcadero Technologies, Inc. - C:\CodeGear\InterBase\bin\ibserver.exe O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Arquivos de programas\Netropa\Multimedia Keyboard\nhksrv.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 9335 bytes Compartilhar este post Link para o post Compartilhar em outros sites
Felipe_88 0 Denunciar post Postado Dezembro 17, 2010 Olá, Sefyrus! Seja Bem Vindo ao iMasters Fóruns! *Baixe o RSIT e salve-o no desktop *Execute o RSIT e clique em [Continue] *Ao término do processo, cole os relatórios criados em C:\rsit\log.txt e C:\rsit\info.txt No aguardo! Compartilhar este post Link para o post Compartilhar em outros sites
Sefyrus 0 Denunciar post Postado Dezembro 17, 2010 Obrigado moderador! Logfile of random's system information tool 1.08 (written by random/random) Run by Felipe at 2010-12-18 00:22:49 Microsoft Windows XP Professional Service Pack 3 System drive C: has 51 GB (33%) free of 153 GB Total RAM: 2047 MB (65% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 00:23:54, on 18/12/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Netropa\Multimedia Keyboard\nhksrv.exe C:\Arquivos de programas\Embarcadero\RAD Studio\7.0\bin\BSQLServer.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Arquivos de programas\VIA\VIAudioi\EnvyADeck\EnMixCPL.exe C:\Arquivos de programas\Netropa\Multimedia Keyboard\MMKeybd.exe C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\PixArt\PAC7302\Monitor.exe C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe C:\Arquivos de programas\Bonjour\mDNSResponder.exe c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Netropa\Multimedia Keyboard\TrayMon.exe C:\Arquivos de programas\Netropa\Onscreen Display\OSD.exe C:\WINDOWS\System32\svchost.exe c:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqbam08.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgpc01.exe C:\WINDOWS\system32\spoolsv.exe C:\Documents and Settings\Felipe\Meus documentos\Felipe\Games\GrandChase_20100928_Downloader.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Documents and Settings\Felipe\Meus documentos\Felipe\Games\GrandChase_20100928_Downloader.exe C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe C:\Documents and Settings\Felipe\Desktop\RSIT.exe C:\Arquivos de programas\trend micro\Felipe.exe C:\Arquivos de programas\Alwil Software\Avast5\setup\avast.setup R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~3\Office12\GRA8E1~1.DLL O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] C:\Arquivos de programas\NVIDIA Corporation\nView\nwiz.exe /installquiet O4 - HKLM\..\Run: [EnvyHFCPL] C:\Arquivos de programas\VIA\VIAudioi\EnvyADeck\EnMixCPL.exe 1 O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Arquivos de programas\Netropa\Multimedia Keyboard\MMKeybd.exe O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" /startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O17 - HKLM\System\CCS\Services\Tcpip\..\{054019F8-5302-451E-AC42-A8A7055596AF}: NameServer = 200.204.0.10 200.204.0.138 O17 - HKLM\System\CS1\Services\Tcpip\..\{054019F8-5302-451E-AC42-A8A7055596AF}: NameServer = 200.204.0.10 200.204.0.138 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~3\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe O23 - Service: BlackfishSQL - CodeGear - C:\Arquivos de programas\Embarcadero\RAD Studio\7.0\bin\BSQLServer.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InterBase 2009 Guardian gds_db (IBG_gds_db) - Embarcadero Technologies, Inc. - C:\CodeGear\InterBase\bin\ibguard.exe O23 - Service: InterBase 2009 Server gds_db (IBS_gds_db) - Embarcadero Technologies, Inc. - C:\CodeGear\InterBase\bin\ibserver.exe O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Arquivos de programas\Netropa\Multimedia Keyboard\nhksrv.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 9334 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AWC AutoSweep.job C:\WINDOWS\tasks\AWC Update.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}] HP Print Enhancer - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22 328248] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\ARQUIV~1\MICROS~3\Office12\GRA8E1~1.DLL [2006-10-27 2210608] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Auxiliar de Conexão do Windows Live - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}] HP Smart BHO Class - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22 517688] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-10-16 110696] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-10-16 13851752] "nwiz"=C:\Arquivos de programas\NVIDIA Corporation\nView\nwiz.exe [2010-08-26 1753192] "EnvyHFCPL"=C:\Arquivos de programas\VIA\VIAudioi\EnvyADeck\EnMixCPL.exe [2009-08-07 2654208] "MULTIMEDIA KEYBOARD"=C:\Arquivos de programas\Netropa\Multimedia Keyboard\MMKeybd.exe [2003-09-30 425984] "avast5"=C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe [2010-09-07 2838912] "GrooveMonitor"=C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016] "PAC7302_Monitor"=C:\WINDOWS\PixArt\PAC7302\Monitor.exe [2006-11-03 319488] "Adobe Reader Speed Launcher"=C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760] "Adobe ARM"=C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288] "HP Software Update"=C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe [2009-11-18 54576] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"=C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200] "Advanced SystemCare 3"=C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe [2010-09-28 2408144] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ManyCam] C:\Arquivos de programas\ManyCam 2.3\ManyCam.exe [2008-10-14 1791272] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe [2010-04-16 3872080] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] C:\Arquivos de programas\Skype\Phone\Skype.exe [2009-10-09 25623336] C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar HP Digital Imaging Monitor.lnk - C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-19 133632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\ARQUIV~1\MICROS~3\Office12\GRA8E1~1.DLL [2006-10-27 2210608] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"=1 "NoResolveSearch"=1 "NoDriveAutoRun"=67108863 "NoDriveTypeAutoRun"=323 "NoDrives"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\Arquivos de programas\Microsoft Office\Office12\GROOVE.EXE"="C:\Arquivos de programas\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove" "C:\Arquivos de programas\Microsoft Office\Office12\ONENOTE.EXE"="C:\Arquivos de programas\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote" "C:\Arquivos de programas\Electronic Arts\Dead Space\Dead Space.exe"="C:\Arquivos de programas\Electronic Arts\Dead Space\Dead Space.exe:*:Enabled:Dead Space ™" "C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe"="C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe" "C:\Arquivos de programas\HP\Digital Imaging\bin\hpqste08.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe" "C:\Arquivos de programas\HP\Digital Imaging\bin\hposid01.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe" "C:\Arquivos de programas\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe" "C:\Arquivos de programas\HP\Digital Imaging\bin\hpqcopy2.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe" "C:\Arquivos de programas\HP\Digital Imaging\bin\hpfcCopy.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe" "C:\Arquivos de programas\HP\Digital Imaging\bin\hpoews01.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe" "C:\Arquivos de programas\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe" "C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgplgtupl.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe" "C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgpc01.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe" "C:\Arquivos de programas\HP\Digital Imaging\bin\hpqusgm.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe" "C:\Arquivos de programas\HP\Digital Imaging\bin\hpqusgh.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe" "C:\Arquivos de programas\HP\HP Software Update\hpwucli.exe"="C:\Arquivos de programas\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe" "C:\Arquivos de programas\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe"="C:\Arquivos de programas\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe" "C:\Arquivos de programas\uTorrent\uTorrent.exe"="C:\Arquivos de programas\uTorrent\uTorrent.exe:*:Enabled:µTorrent" "C:\Arquivos de programas\Winamp\winamp.exe"="C:\Arquivos de programas\Winamp\winamp.exe:*:Enabled:Winamp" "C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe"="C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager" "C:\Documents and Settings\Felipe\Desktop\snes\ZSNESW.EXE"="C:\Documents and Settings\Felipe\Desktop\snes\ZSNESW.EXE:*:Enabled:ZSNESW" "C:\Arquivos de programas\Bonjour\mDNSResponder.exe"="C:\Arquivos de programas\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe"="C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster" "C:\Arquivos de programas\Skype\Phone\Skype.exe"="C:\Arquivos de programas\Skype\Phone\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe"="C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe" "C:\Arquivos de programas\HP\Digital Imaging\bin\hpqste08.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe" "C:\Arquivos de programas\HP\Digital Imaging\bin\hposid01.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe" "C:\Arquivos de programas\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe" "C:\Arquivos de programas\HP\Digital Imaging\bin\hpqcopy2.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe" "C:\Arquivos de programas\HP\Digital Imaging\bin\hpfcCopy.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe" "C:\Arquivos de programas\HP\Digital Imaging\bin\hpoews01.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe" "C:\Arquivos de programas\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe" "C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgplgtupl.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe" "C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgpc01.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe" "C:\Arquivos de programas\HP\Digital Imaging\bin\hpqusgm.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe" "C:\Arquivos de programas\HP\Digital Imaging\bin\hpqusgh.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe" "C:\Arquivos de programas\HP\HP Software Update\hpwucli.exe"="C:\Arquivos de programas\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe" "C:\Arquivos de programas\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe"="C:\Arquivos de programas\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe" "C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe"="C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster" ======List of files/folders created in the last 1 months====== 2010-12-18 00:22:49 ----D---- C:\rsit 2010-12-18 00:22:49 ----D---- C:\Arquivos de programas\trend micro 2010-12-17 13:48:56 ----SHD---- C:\Config.Msi 2010-12-17 09:49:52 ----D---- C:\Documents and Settings\Felipe\Dados de aplicativos\Malwarebytes 2010-12-17 09:49:45 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2010-12-17 09:49:43 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes 2010-12-17 09:49:15 ----D---- C:\Arquivos de programas\Malwarebytes' Anti-Malware 2010-12-17 09:49:15 ----A---- C:\WINDOWS\system32\drivers\mbam.sys 2010-12-17 09:40:28 ----D---- C:\!KillBox 2010-12-17 09:28:08 ----HDC---- C:\WINDOWS\$NtUninstallKB2296199$ 2010-12-17 09:27:52 ----HDC---- C:\WINDOWS\$NtUninstallKB2443105$ 2010-12-17 09:26:04 ----HDC---- C:\WINDOWS\$NtUninstallKB2440591$ 2010-12-17 09:25:38 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$ 2010-12-17 09:25:10 ----HDC---- C:\WINDOWS\$NtUninstallKB2443685$ 2010-12-17 09:21:03 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$ 2010-12-17 09:19:13 ----HDC---- C:\WINDOWS\$NtUninstallKB2436673$ 2010-12-17 09:18:59 ----HDC---- C:\WINDOWS\$NtUninstallKB2467659$ 2010-12-17 09:15:48 ----D---- C:\78efc4f9092b91be2a 2010-12-17 00:34:54 ----D---- C:\34654db5720f1e69fc9d5b2d4c 2010-12-17 00:29:50 ----D---- C:\Arquivos de programas\MSXML 4.0 2010-12-17 00:27:40 ----A---- C:\WINDOWS\imsins.BAK 2010-12-17 00:27:36 ----HDC---- C:\WINDOWS\$NtUninstallKB2423089$ 2010-12-16 22:13:48 ----A---- C:\ComboFix.txt 2010-12-16 19:54:21 ----D---- C:\Documents and Settings\Felipe\Dados de aplicativos\Mozilla 2010-12-16 19:21:26 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\PMB Files 2010-12-16 19:20:21 ----D---- C:\Arquivos de programas\Pando Networks 2010-12-16 14:09:39 ----A---- C:\Boot.bak 2010-12-16 14:09:34 ----RASHD---- C:\cmdcons 2010-12-16 14:06:01 ----A---- C:\WINDOWS\zip.exe 2010-12-16 14:06:01 ----A---- C:\WINDOWS\SWREG.exe 2010-12-16 14:06:01 ----A---- C:\WINDOWS\PEV.exe 2010-12-16 14:06:01 ----A---- C:\WINDOWS\NIRCMD.exe 2010-12-16 14:06:01 ----A---- C:\WINDOWS\MBR.exe 2010-12-16 14:06:00 ----A---- C:\WINDOWS\SWXCACLS.exe 2010-12-16 14:06:00 ----A---- C:\WINDOWS\SWSC.exe 2010-12-16 14:06:00 ----A---- C:\WINDOWS\sed.exe 2010-12-16 14:06:00 ----A---- C:\WINDOWS\grep.exe 2010-12-16 14:05:09 ----D---- C:\WINDOWS\ERDNT 2010-12-16 14:04:22 ----D---- C:\Qoobox 2010-12-16 12:47:10 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy 2010-12-16 12:47:10 ----D---- C:\Arquivos de programas\Spybot - Search & Destroy 2010-12-16 12:45:15 ----D---- C:\Arquivos de programas\Microsoft Silverlight 2010-12-16 10:23:52 ----A---- C:\WINDOWS\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.0.1600.22.dll 2010-12-16 10:23:35 ----A---- C:\WINDOWS\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.0.1600.22.dll 2010-12-16 10:22:07 ----D---- C:\WINDOWS\system32\RsFx 2010-12-16 10:19:26 ----D---- C:\Arquivos de programas\MSXML 6.0 2010-12-16 10:10:18 ----HDC---- C:\WINDOWS\$NtUninstallKB942288-v3$ 2010-12-16 10:09:24 ----D---- C:\Arquivos de programas\Microsoft SQL Server 2010-12-16 10:08:26 ----D---- C:\Arquivos de programas\Microsoft Synchronization Services 2010-12-16 10:08:25 ----D---- C:\Arquivos de programas\Microsoft SQL Server Compact Edition 2010-12-16 09:58:58 ----D---- C:\Arquivos de programas\Microsoft.NET 2010-12-16 09:58:58 ----D---- C:\Arquivos de programas\Microsoft Visual Studio 9.0 2010-12-16 09:56:57 ----D---- C:\Arquivos de programas\Microsoft SDKs 2010-12-15 19:57:32 ----A---- C:\WINDOWS\system32\ivint21s.dll 2010-12-15 19:57:32 ----A---- C:\WINDOWS\system32\ivint21r.dll 2010-12-15 19:57:32 ----A---- C:\WINDOWS\system32\ivint21.dll 2010-12-15 19:57:31 ----A---- C:\WINDOWS\system32\ivicu21.dll 2010-12-15 19:57:25 ----D---- C:\Arquivos de programas\datadirect 2010-12-15 19:55:58 ----D---- C:\CodeGear 2010-12-15 19:53:13 ----D---- C:\Documents and Settings\Felipe\Dados de aplicativos\CodeGear 2010-12-15 19:44:58 ----D---- C:\Documents and Settings\Felipe\Dados de aplicativos\Embarcadero 2010-12-15 19:44:58 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Embarcadero 2010-12-15 19:44:58 ----D---- C:\Arquivos de programas\Arquivos comuns\CodeGear Shared 2010-12-15 19:43:35 ----D---- C:\Arquivos de programas\Arquivos comuns\Borland Shared 2010-12-15 19:32:04 ----HD---- C:\Documents and Settings\All Users\Dados de aplicativos\{2D559015-4C05-4AE5-8C8B-7E13E1EAB09D} 2010-12-15 19:10:00 ----HDC---- C:\Documents and Settings\All Users\Dados de aplicativos\{2563F97A-045F-4E4C-9DB1-D5D26C269882} 2010-12-15 19:06:32 ----D---- C:\Arquivos de programas\Embarcadero 2010-12-15 18:41:26 ----D---- C:\WINDOWS\system32\XPSViewer 2010-12-15 18:41:14 ----D---- C:\WINDOWS\system32\en-US 2010-12-15 18:41:02 ----D---- C:\Arquivos de programas\Reference Assemblies 2010-12-15 18:39:51 ----N---- C:\WINDOWS\system32\xpssvcs.dll 2010-12-15 18:39:51 ----N---- C:\WINDOWS\system32\xpsshhdr.dll 2010-12-15 18:39:51 ----N---- C:\WINDOWS\system32\prntvpt.dll 2010-12-15 18:39:50 ----D---- C:\7f9ef9b76f876aeb2cc8f2d8f961efa9 2010-12-15 18:38:50 ----RSD---- C:\WINDOWS\assembly 2010-12-15 18:37:55 ----D---- C:\WINDOWS\Microsoft.NET 2010-12-15 12:26:02 ----A---- C:\WINDOWS\system32\GDS32.DLL 2010-12-15 12:25:56 ----D---- C:\Arquivos de programas\Firebird 2010-12-15 00:27:45 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\FLEXnet 2010-12-15 00:24:59 ----D---- C:\Arquivos de programas\Bonjour 2010-12-15 00:17:04 ----D---- C:\Arquivos de programas\Arquivos comuns\Macrovision Shared 2010-12-14 10:35:31 ----D---- C:\Documents and Settings\Felipe\Dados de aplicativos\skypePM 2010-12-11 20:15:48 ----N---- C:\WINDOWS\system32\SETCB.tmp 2010-12-10 15:45:21 ----ASH---- C:\pagefile.sys 2010-12-02 08:15:44 ----D---- C:\Arquivos de programas\Marcos Velasco Security 2010-12-02 08:13:02 ----D---- C:\Documents and Settings\Felipe\Dados de aplicativos\Dev-Cpp 2010-12-02 08:12:46 ----D---- C:\Dev-Cpp 2010-12-01 18:36:06 ----D---- C:\Arquivos de programas\Winamp Detect 2010-12-01 18:35:46 ----D---- C:\Documents and Settings\Felipe\Dados de aplicativos\Winamp 2010-12-01 18:31:21 ----D---- C:\Arquivos de programas\PluginLetras 2010-11-24 19:56:46 ----D---- C:\WINDOWS\element 2010-11-21 19:02:47 ----D---- C:\Pirata 2010-11-20 16:06:12 ----D---- C:\Documents and Settings\Felipe\Dados de aplicativos\HPAppData 2010-11-20 11:26:11 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin ======List of files/folders modified in the last 1 months====== 2010-12-18 00:23:27 ----D---- C:\WINDOWS\Temp 2010-12-18 00:22:49 ----RD---- C:\Arquivos de programas 2010-12-17 17:47:15 ----A---- C:\WINDOWS\Msiosd.ini 2010-12-17 17:46:17 ----D---- C:\WINDOWS\system32 2010-12-17 17:46:17 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2010-12-17 14:20:11 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-12-17 13:56:52 ----SHD---- C:\WINDOWS\Installer 2010-12-17 13:55:08 ----D---- C:\WINDOWS\WinSxS 2010-12-17 13:39:34 ----D---- C:\WINDOWS 2010-12-17 13:38:37 ----D---- C:\Documents and Settings\Felipe\Dados de aplicativos\Skype 2010-12-17 10:10:18 ----D---- C:\WINDOWS\system32\drivers 2010-12-17 10:09:36 ----D---- C:\WINDOWS\system32\CatRoot2 2010-12-17 09:29:09 ----D---- C:\WINDOWS\system32\CatRoot 2010-12-17 09:28:52 ----HD---- C:\WINDOWS\inf 2010-12-17 09:28:40 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-12-17 09:28:33 ----D---- C:\WINDOWS\ie8updates 2010-12-17 09:27:21 ----D---- C:\Arquivos de programas\Internet Explorer 2010-12-17 09:26:25 ----HD---- C:\WINDOWS\$hf_mig$ 2010-12-17 00:27:45 ----A---- C:\WINDOWS\system32\MRT.exe 2010-12-17 00:27:38 ----D---- C:\Arquivos de programas\Outlook Express 2010-12-16 22:35:36 ----D---- C:\Arquivos de programas\HP 2010-12-16 22:30:00 ----SD---- C:\WINDOWS\Tasks 2010-12-16 22:00:47 ----A---- C:\WINDOWS\system.ini 2010-12-16 21:54:14 ----D---- C:\WINDOWS\AppPatch 2010-12-16 21:54:09 ----D---- C:\Arquivos de programas\Arquivos comuns 2010-12-16 19:54:17 ----D---- C:\Arquivos de programas\Mozilla Firefox 2010-12-16 14:09:40 ----RASH---- C:\boot.ini 2010-12-16 14:02:51 ----D---- C:\WINDOWS\system32\drivers\etc 2010-12-16 12:44:48 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help 2010-12-16 12:38:00 ----D---- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared 2010-12-16 11:10:18 ----D---- C:\Documents and Settings\Felipe\Dados de aplicativos\Media Player Classic 2010-12-16 10:19:12 ----D---- C:\WINDOWS\system32\1033 2010-12-16 10:10:50 ----D---- C:\WINDOWS\system32\mui 2010-12-16 10:08:48 ----SD---- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft 2010-12-16 10:06:23 ----SD---- C:\Documents and Settings\Felipe\Dados de aplicativos\Microsoft 2010-12-16 09:47:38 ----D---- C:\Documents and Settings\Felipe\Dados de aplicativos\uTorrent 2010-12-15 21:38:18 ----A---- C:\WINDOWS\win.ini 2010-12-15 19:57:33 ----A---- C:\WINDOWS\ODBCINST.INI 2010-12-15 18:41:11 ----RSD---- C:\WINDOWS\Fonts 2010-12-15 18:40:36 ----D---- C:\WINDOWS\system32\spool 2010-12-15 18:39:23 ----D---- C:\WINDOWS\Prefetch 2010-12-15 00:30:21 ----D---- C:\Documents and Settings\Felipe\Dados de aplicativos\Adobe 2010-12-15 00:25:34 ----D---- C:\Arquivos de programas\Adobe 2010-12-15 00:25:15 ----D---- C:\Arquivos de programas\Arquivos comuns\Adobe 2010-12-14 22:57:34 ----DC---- C:\WINDOWS\system32\DRVSTORE 2010-12-08 17:42:47 ----D---- C:\Documents and Settings\Felipe\Dados de aplicativos\HP 2010-12-04 22:04:58 ----D---- C:\WINDOWS\system32\wbem 2010-12-01 18:36:13 ----D---- C:\Arquivos de programas\Winamp 2010-11-25 18:47:21 ----D---- C:\Documents and Settings\Felipe\Dados de aplicativos\HpUpdate 2010-11-20 22:32:35 ----D---- C:\Arquivos de programas\Ask.com 2010-11-20 10:56:25 ----D---- C:\WINDOWS\Debug ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-04-29 44944] R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-11-12 691696] R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-09-07 28880] R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-09-07 165584] R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-09-07 46672] R1 intelppm;Driver de Processador Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448] R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14720] R1 msikbd2k;Multimedia Keyboard Filter Driver; C:\WINDOWS\System32\DRIVERS\msikbd2k.sys [2001-12-20 6656] R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-09-07 17744] R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-09-07 100176] R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-09-07 23376] R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l251x86.sys [2007-07-03 29696] R3 Envy24HFS;ICE Envy24 Family Audio Controller WDM; C:\WINDOWS\system32\drivers\Envy24HF.sys [2008-06-04 673600] R3 HDAudBus;Driver de Barramento Microsoft UAA para High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384] R3 hidusb;Driver de classe HID da Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver; C:\WINDOWS\system32\DRIVERS\ManyCam.sys [2008-01-14 21632] R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-10-22 9623680] R3 PAC7302;PC Camera; C:\WINDOWS\system32\DRIVERS\PAC7302.SYS [2007-11-08 458752] R3 usbaudio;Driver de áudio USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608] S3 afudfmx3;afudfmx3; C:\WINDOWS\system32\drivers\afudfmx3.sys [] S3 catchme;catchme; \??\C:\DOCUME~1\Felipe\CONFIG~1\Temp\catchme.sys [] S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2008-10-28 49920] S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2008-10-28 16496] S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2008-10-28 21568] S3 MSTEE;Conversor em T entre locais de fluxo contínuo Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Conexão de TV e vídeo da Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-29 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-29 82944] S4 RsFx0102;RsFx0102 Driver; C:\WINDOWS\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 avast! Antivirus;avast! Antivirus; C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384] R2 BlackfishSQL;BlackfishSQL; C:\Arquivos de programas\Embarcadero\RAD Studio\7.0\bin\BSQLServer.exe [2009-11-19 65536] R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Arquivos de programas\Bonjour\mDNSResponder.exe [2006-02-28 229376] R2 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance; C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe [2009-02-28 81920] R2 hpqddsvc;Serviço de Descoberta de dispositivos CUE HP; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Arquivos de programas\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2008-07-10 40999448] R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R2 nhksrv;Netropa NHK Server; C:\Arquivos de programas\Netropa\Multimedia Keyboard\nhksrv.exe [2001-08-06 28672] R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-10-16 156776] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R2 SQLWriter;SQL Server VSS Writer; c:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-07-10 98840] R3 avast! Mail Scanner;avast! Mail Scanner; C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384] R3 avast! Web Scanner;avast! Web Scanner; C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384] R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance; C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe [2009-02-28 2732032] R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S2 IBG_gds_db;InterBase 2009 Guardian gds_db; C:\CodeGear\InterBase\bin\ibguard.exe [2009-08-12 36864] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-12-15 654848] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 IBS_gds_db;InterBase 2009 Server gds_db; C:\CodeGear\InterBase\bin\ibserver.exe [2009-08-12 2887680] S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Arquivos de programas\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824] S3 odserv;Microsoft Office Diagnostics Service; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136] S3 ose;Office Source Engine; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 WMPNetworkSvc;Serviço de Compartilhamento de Rede do Windows Media Player; C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe [2006-11-03 914944] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; c:\Arquivos de programas\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 47128] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); c:\Arquivos de programas\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-10 369688] S4 SQLBrowser;SQL Server Browser; c:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-07-10 258072] -----------------EOF----------------- o Info agora: info.txt logfile of random's system information tool 1.08 2010-12-18 00:24:05 ======Uninstall list====== -->MsiExec /X{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF} -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf µTorrent-->"C:\Arquivos de programas\uTorrent\uTorrent.exe" /UNINSTALL 32 Bit HP CIO Components Installer-->MsiExec.exe /I{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D} Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95} Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61} Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394} Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23} Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C} Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C} Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D} Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2} Adobe Extension Manager CS3-->MsiExec.exe /I{D7A53E41-3F32-4A44-989C-53DDEBB2130C} Adobe Fireworks CS3-->C:\Arquivos de programas\Arquivos comuns\Adobe\Installers\bbef028176efa5abf0233d3e1747be8\Setup.exe Adobe Fireworks CS3-->MsiExec.exe /I{7DFC1012-D346-46CE-B03E-FF79125AE029} Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe -maintain activex Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_Plugin.exe -maintain plugin Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245} Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C} Adobe Reader 9.4.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A94000000001} Adobe Setup-->MsiExec.exe /I{C92A5A89-B218-46F7-8898-77C52113FFE0} Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312} Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8} Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5} Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923} Advanced SystemCare 3-->"C:\Arquivos de programas\IObit\Advanced SystemCare 3\unins000.exe" Arquivo do WinRAR-->C:\Arquivos de programas\WinRAR\uninstall.exe Assistente de Conexão do Windows Live-->MsiExec.exe /I{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48} Atheros Communications Inc.® L2 Fast Ethernet Driver-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{0A755762-EED8-47AB-A446-505766F93D43}\Setup.exe" -l0x9 -removeonly Atualização de Segurança para o Windows Media Player (KB2378111)-->"C:\WINDOWS\$NtUninstallKB2378111_WM9$\spuninst\spuninst.exe" Atualização de Segurança para o Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Atualização de Segurança para o Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe" Atualização de Segurança para o Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe" Atualização de Segurança para o Windows Media Player (KB975558)-->"C:\WINDOWS\$NtUninstallKB975558_WM8$\spuninst\spuninst.exe" Atualização de Segurança para o Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe" Atualização de Segurança para o Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe" Atualização de Segurança para Windows Internet Explorer 8 (KB2416400)-->"C:\WINDOWS\ie8updates\KB2416400-IE8\spuninst\spuninst.exe" Atualização de Segurança para Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe" Atualização de Segurança para Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB2079403)-->"C:\WINDOWS\$NtUninstallKB2079403$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB2115168)-->"C:\WINDOWS\$NtUninstallKB2115168$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB2121546)-->"C:\WINDOWS\$NtUninstallKB2121546$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB2259922)-->"C:\WINDOWS\$NtUninstallKB2259922$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB2279986)-->"C:\WINDOWS\$NtUninstallKB2279986$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB2286198)-->"C:\WINDOWS\$NtUninstallKB2286198$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB2296011)-->"C:\WINDOWS\$NtUninstallKB2296011$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB2296199)-->"C:\WINDOWS\$NtUninstallKB2296199$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB2347290)-->"C:\WINDOWS\$NtUninstallKB2347290$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB2360937)-->"C:\WINDOWS\$NtUninstallKB2360937$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB2387149)-->"C:\WINDOWS\$NtUninstallKB2387149$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB2423089)-->"C:\WINDOWS\$NtUninstallKB2423089$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB2436673)-->"C:\WINDOWS\$NtUninstallKB2436673$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB2440591)-->"C:\WINDOWS\$NtUninstallKB2440591$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB2443105)-->"C:\WINDOWS\$NtUninstallKB2443105$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB979687)-->"C:\WINDOWS\$NtUninstallKB979687$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB980436)-->"C:\WINDOWS\$NtUninstallKB980436$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB981322)-->"C:\WINDOWS\$NtUninstallKB981322$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB981852)-->"C:\WINDOWS\$NtUninstallKB981852$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB981957)-->"C:\WINDOWS\$NtUninstallKB981957$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB981997)-->"C:\WINDOWS\$NtUninstallKB981997$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB982132)-->"C:\WINDOWS\$NtUninstallKB982132$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB982214)-->"C:\WINDOWS\$NtUninstallKB982214$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB982665)-->"C:\WINDOWS\$NtUninstallKB982665$\spuninst\spuninst.exe" Atualização para Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe" Atualização para Windows XP (KB2141007)-->"C:\WINDOWS\$NtUninstallKB2141007$\spuninst\spuninst.exe" Atualização para Windows XP (KB2345886)-->"C:\WINDOWS\$NtUninstallKB2345886$\spuninst\spuninst.exe" Atualização para Windows XP (KB2467659)-->"C:\WINDOWS\$NtUninstallKB2467659$\spuninst\spuninst.exe" Atualização para Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" Atualização para Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe" Atualização para Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe" Atualização para Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe" Atualização para Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe" Atualização para Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe" Atualização para Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe" avast! Free Antivirus-->C:\Arquivos de programas\Alwil Software\Avast5\aswRunDll.exe "C:\Arquivos de programas\Alwil Software\Avast5\Setup\setiface.dll" RunSetup BDE_ENT-->MsiExec.exe /I{E966F0CC-76B3-11D3-945B-00C04FB1760A} CCleaner-->"C:\Arquivos de programas\CCleaner\uninst.exe" CodeGear InterBase 2009 [instance = gds_db]-->C:\CodeGear\INTERB~1\UNWISE.EXE C:\CodeGear\INTERB~1\INSTALL.LOG DataDirect ODBC driver for InterBase-->C:\ARQUIV~1\DATADI~1\UNWISE.EXE C:\ARQUIV~1\DATADI~1\INSTALL.LOG Dead Space™-->MsiExec.exe /X{4D87DC92-C328-46EC-A7B4-9C88129DC696} Dev-C++ 5 beta 9 release (4.9.9.2)-->"C:\Dev-Cpp\uninstall.exe" Embarcadero Delphi and C++Builder 2010 Database Pack-->"C:\Documents and Settings\All Users\Dados de aplicativos\{2563F97A-045F-4E4C-9DB1-D5D26C269882}\dbpack_setup.exe" REMOVE=TRUE MODIFY=FALSE Embarcadero Delphi and C++Builder 2010 Database Pack-->C:\Documents and Settings\All Users\Dados de aplicativos\{2563F97A-045F-4E4C-9DB1-D5D26C269882}\dbpack_setup.exe Embarcadero RAD Studio 2010-->"C:\Documents and Settings\All Users\Dados de aplicativos\{2D559015-4C05-4AE5-8C8B-7E13E1EAB09D}\Setup.exe" REMOVE=TRUE MODIFY=FALSE Embarcadero RAD Studio 2010-->C:\Documents and Settings\All Users\Dados de aplicativos\{2D559015-4C05-4AE5-8C8B-7E13E1EAB09D}\Setup.exe Ferramenta de Carregamento do Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} Firebird 2.1.2.18118 (Win32)-->"C:\Arquivos de programas\Firebird\Firebird_2_1\unins000.exe" Guitar Pro 5.2-->"C:\Arquivos de programas\Guitar Pro 5\unins000.exe" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB945282)-->C:\WINDOWS\system32\msiexec.exe /package {A4418082-E601-3954-805B-D56A2B50EC8B} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB946040)-->C:\WINDOWS\system32\msiexec.exe /package {A4418082-E601-3954-805B-D56A2B50EC8B} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB946308)-->C:\WINDOWS\system32\msiexec.exe /package {A4418082-E601-3954-805B-D56A2B50EC8B} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB947540)-->C:\WINDOWS\system32\msiexec.exe /package {A4418082-E601-3954-805B-D56A2B50EC8B} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB947789)-->C:\WINDOWS\system32\msiexec.exe /package {A4418082-E601-3954-805B-D56A2B50EC8B} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" Hotfix para o Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" Hotfix para Windows XP (KB2158563)-->"C:\WINDOWS\$NtUninstallKB2158563$\spuninst\spuninst.exe" Hotfix para Windows XP (KB2443685)-->"C:\WINDOWS\$NtUninstallKB2443685$\spuninst\spuninst.exe" Hotfix para Windows XP (KB942288-v3)-->"C:\WINDOWS\$NtUninstallKB942288-v3$\spuninst\spuninst.exe" Hotfix para Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe" HP Customer Participation Program 14.0-->C:\Arquivos de programas\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat -forcereboot HP Deskjet F4400 Printer Driver Software 14.0 Rel. 5-->C:\Arquivos de programas\HP\Digital Imaging\{A800FCC9-8E1E-4D84-9CED-47870701FDE1}\setup\hpzscr01.exe -datfile hposcr37.dat -onestop -forcereboot HP Imaging Device Functions 14.0-->C:\Arquivos de programas\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat HP Smart Web Printing 4.60-->C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat HP Solution Center 14.0-->C:\Arquivos de programas\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat -forcereboot HP Update-->MsiExec.exe /X{74DC0593-6BC6-4001-AD5F-D810AFB68D86} K-Lite Codec Pack 6.2.0 (Full)-->"C:\Arquivos de programas\K-Lite Codec Pack\unins000.exe" Malwarebytes' Anti-Malware-->"C:\Arquivos de programas\Malwarebytes' Anti-Malware\unins000.exe" ManyCam 2.3 (remove only)-->"C:\Arquivos de programas\ManyCam 2.3\uninstall.exe" Messenger Plus! Live-->"C:\Arquivos de programas\Messenger Plus! Live\Uninstall.exe" Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570} Microsoft Office Access MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0015-0416-0000-0000000FF1CE} Microsoft Office Enterprise 2007-->"C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE} Microsoft Office Excel MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0016-0416-0000-0000000FF1CE} Microsoft Office Groove MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-00BA-0416-0000-0000000FF1CE} Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0044-0416-0000-0000000FF1CE} Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-00A1-0416-0000-0000000FF1CE} Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-001A-0416-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0018-0416-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-001F-0416-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-002C-0416-0000-0000000FF1CE} Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0019-0416-0000-0000000FF1CE} Microsoft Office Shared MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-006E-0416-0000-0000000FF1CE} Microsoft Office Word MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-001B-0416-0000-0000000FF1CE} Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft SQL Server 2008 Browser-->MsiExec.exe /X{C688457E-03FD-4941-923B-A27F4D42A7DD} Microsoft SQL Server 2008 Common Files-->MsiExec.exe /I{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7} Microsoft SQL Server 2008 Common Files-->MsiExec.exe /I{4A6F34E2-09E5-4616-B227-4A26A488A6F9} Microsoft SQL Server 2008 Database Engine Services-->MsiExec.exe /I{58721EC3-8D4E-4B79-BC51-1054E2DDCD10} Microsoft SQL Server 2008 Database Engine Services-->MsiExec.exe /I{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2} Microsoft SQL Server 2008 Database Engine Shared-->MsiExec.exe /I{4815BD99-96A4-49FE-A885-DCF06E9E4E78} Microsoft SQL Server 2008 Database Engine Shared-->MsiExec.exe /I{F3494AB6-6900-41C6-AF57-823626827ED8} Microsoft SQL Server 2008 Management Objects-->MsiExec.exe /I{F5E87B12-3C27-452F-8E78-21D42164FD83} Microsoft SQL Server 2008 Native Client-->MsiExec.exe /I{D9D937B0-E842-4130-9588-B948E876904A} Microsoft SQL Server 2008 RsFx Driver-->MsiExec.exe /I{F1DC7648-8623-442F-92B7-E118DF61872E} Microsoft SQL Server 2008 Setup Support Files (English)-->MsiExec.exe /X{9D6D76A6-4328-49E8-97A7-531A74841DA5} Microsoft SQL Server 2008-->"c:\Arquivos de programas\Microsoft SQL Server\100\Setup Bootstrap\Release\x86\SetupARP.exe" /x86 Microsoft SQL Server 2008-->"c:\Arquivos de programas\Microsoft SQL Server\100\Setup Bootstrap\Release\x86\SetupARP.exe" /X86 Microsoft SQL Server Compact 3.5 SP1 Design Tools English-->MsiExec.exe /X{0C19D563-5F25-4621-BF10-01F741BD283F} Microsoft SQL Server Compact 3.5 SP1 English-->MsiExec.exe /I{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B} Microsoft SQL Server VSS Writer-->MsiExec.exe /I{B857D868-F8B0-43EE-BC2B-D9E5ED21F237} Microsoft Visual C# 2008 Express Edition with SP1 - ENU-->C:\Arquivos de programas\Microsoft Visual Studio 9.0\Microsoft Visual C# 2008 Express Edition with SP1 - ENU\setup.exe Microsoft Visual C# 2008 Express Edition with SP1 - ENU-->MsiExec.exe /X{A4418082-E601-3954-805B-D56A2B50EC8B} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729-->MsiExec.exe /X{3C3D696B-0DB7-3C6D-A356-3DB8CE541918} Microsoft Visual J# 2.0 Redistributable Package-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.exe Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu-->MsiExec.exe /X{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D} Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32-->MsiExec.exe /X{044F9133-B8D7-4d11-BF39-803FA20F5C8B} Mozilla Firefox (3.6.13)-->C:\Arquivos de programas\Mozilla Firefox\uninstall\helper.exe MSI to redistribute MS VS2005 CRT libraries-->MsiExec.exe /I{A8D93648-9F7F-407D-915C-62044644C3DA} MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E} MV RegClean 5.9-->"C:\Arquivos de programas\Marcos Velasco Security\MV RegClean 5.9\unins000.exe" NVIDIA Driver de gráficos 260.99-->"C:\WINDOWS\system32\RunDll32.EXE" "C:\Arquivos de programas\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.Driver NVIDIA nView 135.36-->"C:\WINDOWS\system32\RunDll32.EXE" "C:\Arquivos de programas\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.NView NVIDIA nView Desktop Manager-->C:\Arquivos de programas\NVIDIA Corporation\nView\nViewSetup.exe -uninstall NVIDIA PhysX-->MsiExec.exe /X{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF} NVIDIA Software do sistema PhysX 9.10.0514-->"C:\WINDOWS\system32\RunDll32.EXE" "C:\Arquivos de programas\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.PhysX Office Keyboard-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{0208A7E3-0D30-11D4-A1FC-00508B9D1BA2}\Setup.exe" -l0x416 Pando Media Booster-->C:\Arquivos de programas\Pando Networks\Media Booster\uninst.exe PC Camera-->"C:\Arquivos de programas\InstallShield Installation Information\{A59AB961-BE82-41E0-B0FB-648DFA6DDEA4}\setup.exe" -runfromtemp -l0x0009 -removeonly Plugin Letras.mus.br 1.10-->C:\Arquivos de programas\PluginLetras\uninst.exe Rave Reports 7.7.0 BE-->"C:\Arquivos de programas\Embarcadero\RAD Studio\7.0\RaveReports\unins000.exe" Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT="" Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7} Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36} Sql Server Customer Experience Improvement Program-->MsiExec.exe /I{C965F01C-76EA-4BD7-973E-46236AE312D7} SQL Server System CLR Types-->MsiExec.exe /I{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490} TeamSpeak 2 RC2-->"C:\Arquivos de programas\Teamspeak2_RC2\unins000.exe" VIA Gerenciador de dispositivo de plataforma-->C:\ARQUIV~1\ARQUIV~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169} Winamp-->"C:\Arquivos de programas\Winamp\UninstWA.exe" Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe" Windows Live Call-->MsiExec.exe /I{590035D9-BFA0-406A-A7F0-479C72C0DDB2} Windows Live Communications Platform-->MsiExec.exe /I{3175E049-F9A9-4A3D-8F19-AC9FB04514D1} Windows Live Essentials-->C:\Arquivos de programas\Windows Live\Installer\wlarp.exe Windows Live Essentials-->MsiExec.exe /I{0FFEA8EE-7BC7-4C9D-8CC6-5B8C891BA3F2} Windows Live Messenger-->MsiExec.exe /X{9ADC3E4F-34DA-48CD-8727-BB26D90257BD} Windows Media Format 11 runtime-->"C:\Arquivos de programas\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Player 11-->"C:\Arquivos de programas\Windows Media Player\Setup_wm.exe" /Uninstall ======Hosts File====== 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com ======Security center information====== AV: avast! Antivirus ======System event log====== Computer Name: ZERO-8BC894AD9D Event Code: 20158 Message: O usuário venon.fenix@terra.com.br estabeleceu com êxito uma conexão a Speedy usando o dispositivo PPPoE4-0. Record Number: 2924 Source Name: RemoteAccess Time Written: 20101206123943.000000+270 Event Type: Informações User: Computer Name: ZERO-8BC894AD9D Event Code: 1002 Message: A concessão 10.1.1.2 do endereço IP para a placa de rede com endereço de rede 001E8C15CB77 foi negada pelo servidor DHCP 10.1.1.1 (O servidor DHCP enviou uma mensagem DHCPNACK). Record Number: 2923 Source Name: Dhcp Time Written: 20101206123852.000000+270 Event Type: Erro User: Computer Name: ZERO-8BC894AD9D Event Code: 1003 Message: O computador não pôde renovar o endereço na rede (pelo servidor DHCP) para a placa de rede com endereço de rede 001E8C15CB77. Erro: A operação foi cancelada pelo usuário. . O computador continuará tentando obter um endereço do servidor (DHCP) de endereços de rede. Record Number: 2922 Source Name: Dhcp Time Written: 20101206123841.000000+270 Event Type: aviso User: Computer Name: ZERO-8BC894AD9D Event Code: 4201 Message: O sistema detectou que o adaptador de rede \DEVICE\TCPIP_{7005D663-4033-4C16-8BAB-24800CBFA957} foi conectado à rede e iniciou uma operação normal no adaptador de rede. Record Number: 2921 Source Name: Tcpip Time Written: 20101206123841.000000+270 Event Type: Informações User: Computer Name: ZERO-8BC894AD9D Event Code: 4201 Message: O sistema detectou que o adaptador de rede \DEVICE\TCPIP_{7005D663-4033-4C16-8BAB-24800CBFA957} foi conectado à rede e iniciou uma operação normal no adaptador de rede. Record Number: 2920 Source Name: Tcpip Time Written: 20101206123836.000000+270 Event Type: Informações User: =====Application event log===== Computer Name: ZERO-8BC894AD9D Event Code: 0 Message: Record Number: 526 Source Name: hpqddsvc Time Written: 20101206165712.000000+270 Event Type: Informações User: Computer Name: ZERO-8BC894AD9D Event Code: 1000 Message: Os contadores de desempenho para o serviço WmiApRpl (WmiApRpl) foram carregados com êxito. A página 'Registrar dados' contém os novos valores de índice atribuídos ao serviço. Record Number: 525 Source Name: LoadPerf Time Written: 20101206153736.000000+270 Event Type: Informações User: Computer Name: ZERO-8BC894AD9D Event Code: 1001 Message: Os contadores de desempenho para o serviço WmiApRpl (WmiApRpl) foram removidos com êxito. A página 'Registrar dados' contém os novos valores das entradas Last Counter e Last Help do Registro do sistema. Record Number: 524 Source Name: LoadPerf Time Written: 20101206153736.000000+270 Event Type: Informações User: Computer Name: ZERO-8BC894AD9D Event Code: 0 Message: Record Number: 523 Source Name: hpqcxs08 Time Written: 20101206153337.000000+270 Event Type: Informações User: Computer Name: ZERO-8BC894AD9D Event Code: 1800 Message: O Serviço da Central de Segurança do Windows foi iniciado. Record Number: 522 Source Name: SecurityCenter Time Written: 20101206153335.000000+270 Event Type: Informações User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Arquivos de programas\Embarcadero\RAD Studio\7.0\bin;C:\Documents and Settings\All Users\Documentos\RAD Studio\7.0\Bpl;C:\Arquivos de programas\NVIDIA Corporation\PhysX\Common;c:\Arquivos de programas\Microsoft SQL Server\100\Tools\Binn;c:\Arquivos de programas\Microsoft SQL Server\100\DTS\Binn "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 7, GenuineIntel "PROCESSOR_REVISION"=0407 "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "CG_BOOST_ROOT"=C:\Arquivos de programas\Embarcadero\RAD Studio\7.0\include\boost_1_39 -----------------EOF----------------- Compartilhar este post Link para o post Compartilhar em outros sites
Felipe_88 0 Denunciar post Postado Dezembro 18, 2010 Sefyrus, 1º *Baixe o AD-Remover e salve-o no desktop *Duplo clique em AD-R.exe *Clique em [Clean]...aguarde o término. A reinicialização do PC poderá ser solicitada pelo programa. *Cole o relatório criado em C:\Ad-Report-CLEAN.log 2º * Baixe o programa HostsXpert * Salve-o e descompacte em uma pasta temporária; * Execute o arquivo [HostsXpert.exe]; * Em "File Handling" > clique em [Restore MS Hosts File]; * Uma caixa de confirmação será exibida, clique em [OK]; *Feche o HostsXpert. Novo Log do RSIT. Compartilhar este post Link para o post Compartilhar em outros sites
Sefyrus 0 Denunciar post Postado Dezembro 20, 2010 . ======= LOGFILE OF AD-REMOVER 1.1.4.6_G | ONLY XP/VISTA/7 ======= . Updated by C_XX on 03.01.2010 at 17:35 Contact: AdRemover.contact@gmail.com Website: http://pagesperso-orange.fr/NosTools/ad_remover.html . Launch at: 0:06:01, seg 20/12/2010 | Normal Boot | Option: SCAN Executed from: C:\Arquivos de programas\Ad-Remover\ Operating system: Microsoft® Windows XP™ Service Pack 3 versÆo 5.1.2600 Computer Name: ZERO-8BC894AD9D | Current user: Felipe . ============== FOUND ELEMENT(S) ============== . C:\Arquivos de programas\Ask.com . HKCU\software\Ask.com HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96 HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8 HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01 HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472 HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888 HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E HKU\s-1-5-21-1935655697-484061587-1614895754-1003\software\Ask.com . ============== Added scan ============== . . * Mozilla FireFox Version 3.6.13 [pt-BR] * . ProfilePath: nd9rw8ik.default (Felipe) . (Felipe, prefs.js) Browser.download.lastDir, C:\Documents and Settings\Felipe\Meus documentos\ThaÃs (Felipe, prefs.js) Browser.startup.homepage, www.google.com.br (Felipe, prefs.js) Extensions.enabledItems, {20a82645-c095-46ed-80e3-08825760534b}:1.2.1,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13 . . * Internet Explorer Version 8.0.6001.18702 * . [HKEY_CURRENT_USER\..\Internet Explorer\Main] . Do404Search: 01000000 Show_ToolBar: yes Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Enable Browser Extensions: yes Start Page: hxxp://www.google.com.br/ Start Page Redirect Cache_TIMESTAMP: 609bf2f03582cb01 Start Page Redirect Cache AcceptLangs: pt-br . [HKEY_LOCAL_MACHINE\..\Internet Explorer\Main] . Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157 Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896 Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896 Delete_Temp_Files_On_Exit: yes Start Page: hxxp://go.microsoft.com/fwlink/?LinkId=69157 . [HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS] . Tabs: res://ieframe.dll/tabswelcome.htm . ============== Suspect (Cracks, Serials, ...) ============== . C:\Documents and Settings\Felipe\Configura‡äes locais\temp\Patcher\Patcher2716\PBSLocalizedStrings\PBSLocalizedStrings.zip C:\Documents and Settings\Felipe\Configura‡äes locais\temp\Patcher\Patcher3336\PBSLocalizedStrings\PBSLocalizedStrings.zip C:\Documents and Settings\Felipe\Configura‡äes locais\temp\Patcher\Patcher3336\RTPatch\patch.exe C:\Documents and Settings\Felipe\Configura‡äes locais\temp\Patcher\Patcher3336\ZippedStagingArea\PatchFiles.zip C:\Documents and Settings\Felipe\Configura‡äes locais\temp\Patcher\Patcher3364\PBSLocalizedStrings\PBSLocalizedStrings.zip C:\Documents and Settings\Felipe\Configura‡äes locais\temp\Patcher\Patcher3364\RTPatch\patch.exe C:\Documents and Settings\Felipe\Configura‡äes locais\temp\Patcher\Patcher3364\ZippedStagingArea\PatchFiles.zip C:\Documents and Settings\Felipe\Configura‡äes locais\temp\Patcher\Patcher3844\PBSLocalizedStrings\PBSLocalizedStrings.zip C:\Documents and Settings\Felipe\Configura‡äes locais\temp\Patcher\Patcher3844\RTPatch\patch.exe C:\Documents and Settings\Felipe\Configura‡äes locais\temp\Patcher\Patcher3844\ZippedStagingArea\PatchFiles.zip C:\Documents and Settings\Felipe\Configura‡äes locais\temp\Patcher\Patcher3992\PBSLocalizedStrings\PBSLocalizedStrings.zip C:\Documents and Settings\Felipe\Configura‡äes locais\temp\Patcher\Patcher880\PBSLocalizedStrings\PBSLocalizedStrings.zip C:\Documents and Settings\Felipe\Meus documentos\Dead Space\Crack._www.therebels.de_.by.FuManchuu.rar C:\Documents and Settings\Felipe\Meus documentos\Felipe\CS\_Patch_v23.zip C:\Documents and Settings\Felipe\Meus documentos\Felipe\FL\Fruity Loops Studio 7 Full + Crack\Hitman505.nfo C:\Documents and Settings\Felipe\Meus documentos\Tha¡s\Outros\autopatcher.rar . =================================== . 4714 Byte(s) - C:\Ad-Report-SCAN[1].log . 173 File(s) - C:\DOCUME~1\Felipe\CONFIG~1\Temp 12 File(s) - C:\WINDOWS\Temp 79 File(s) - C:\WINDOWS\Prefetch . 2 File(s) - C:\Arquivos de programas\Ad-Remover\BACKUP 0 File(s) - C:\Arquivos de programas\Ad-Remover\QUARANTINE . End at: 0:38:44 | seg 20/12/2010 - SCAN[1] . ============== E.O.F ============== . Logfile of random's system information tool 1.08 (written by random/random) Run by Felipe at 2010-12-20 10:51:03 Microsoft Windows XP Professional Service Pack 3 System drive C: has 47 GB (31%) free of 153 GB Total RAM: 2047 MB (68% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:51:31, on 20/12/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Netropa\Multimedia Keyboard\nhksrv.exe C:\Arquivos de programas\Embarcadero\RAD Studio\7.0\bin\BSQLServer.exe C:\Arquivos de programas\Bonjour\mDNSResponder.exe C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\RUNDLL32.EXE c:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Arquivos de programas\VIA\VIAudioi\EnvyADeck\EnMixCPL.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Netropa\Multimedia Keyboard\MMKeybd.exe C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\PixArt\PAC7302\Monitor.exe C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe C:\Arquivos de programas\Netropa\Multimedia Keyboard\TrayMon.exe C:\Arquivos de programas\Netropa\Onscreen Display\OSD.exe C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqbam08.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgpc01.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe C:\Documents and Settings\Felipe\Desktop\RSIT.exe C:\Arquivos de programas\trend micro\Felipe.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~3\Office12\GRA8E1~1.DLL O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] C:\Arquivos de programas\NVIDIA Corporation\nView\nwiz.exe /installquiet O4 - HKLM\..\Run: [EnvyHFCPL] C:\Arquivos de programas\VIA\VIAudioi\EnvyADeck\EnMixCPL.exe 1 O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Arquivos de programas\Netropa\Multimedia Keyboard\MMKeybd.exe O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" /startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O17 - HKLM\System\CCS\Services\Tcpip\..\{054019F8-5302-451E-AC42-A8A7055596AF}: NameServer = 200.204.0.10 200.204.0.138 O17 - HKLM\System\CS1\Services\Tcpip\..\{054019F8-5302-451E-AC42-A8A7055596AF}: NameServer = 200.204.0.10 200.204.0.138 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~3\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe O23 - Service: BlackfishSQL - CodeGear - C:\Arquivos de programas\Embarcadero\RAD Studio\7.0\bin\BSQLServer.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InterBase 2009 Guardian gds_db (IBG_gds_db) - Embarcadero Technologies, Inc. - C:\CodeGear\InterBase\bin\ibguard.exe O23 - Service: InterBase 2009 Server gds_db (IBS_gds_db) - Embarcadero Technologies, Inc. - C:\CodeGear\InterBase\bin\ibserver.exe O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Arquivos de programas\Netropa\Multimedia Keyboard\nhksrv.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 9041 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AWC AutoSweep.job C:\WINDOWS\tasks\AWC Update.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}] HP Print Enhancer - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22 328248] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\ARQUIV~1\MICROS~3\Office12\GRA8E1~1.DLL [2006-10-27 2210608] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Auxiliar de Conexão do Windows Live - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}] HP Smart BHO Class - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22 517688] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-10-16 110696] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-10-16 13851752] "nwiz"=C:\Arquivos de programas\NVIDIA Corporation\nView\nwiz.exe [2010-08-26 1753192] "EnvyHFCPL"=C:\Arquivos de programas\VIA\VIAudioi\EnvyADeck\EnMixCPL.exe [2009-08-07 2654208] "MULTIMEDIA KEYBOARD"=C:\Arquivos de programas\Netropa\Multimedia Keyboard\MMKeybd.exe [2003-09-30 425984] "avast5"=C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe [2010-09-07 2838912] "GrooveMonitor"=C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016] "PAC7302_Monitor"=C:\WINDOWS\PixArt\PAC7302\Monitor.exe [2006-11-03 319488] "Adobe Reader Speed Launcher"=C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760] "Adobe ARM"=C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288] "HP Software Update"=C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe [2009-11-18 54576] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"=C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200] "Advanced SystemCare 3"=C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe [2010-09-28 2408144] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ManyCam] C:\Arquivos de programas\ManyCam 2.3\ManyCam.exe [2008-10-14 1791272] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe [2010-04-16 3872080] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] C:\Arquivos de programas\Skype\Phone\Skype.exe [2009-10-09 25623336] C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar HP Digital Imaging Monitor.lnk - C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-19 133632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\ARQUIV~1\MICROS~3\Office12\GRA8E1~1.DLL [2006-10-27 2210608] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"=1 "NoResolveSearch"=1 "NoDriveAutoRun"=67108863 "NoDriveTypeAutoRun"=323 "NoDrives"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\Arquivos de programas\Microsoft Office\Office12\GROOVE.EXE"="C:\Arquivos de programas\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove" "C:\Arquivos de programas\Microsoft Office\Office12\ONENOTE.EXE"="C:\Arquivos de programas\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote" "C:\Arquivos de programas\Electronic Arts\Dead Space\Dead Space.exe"="C:\Arquivos de programas\Electronic Arts\Dead Space\Dead Space.exe:*:Enabled:Dead Space ™" "C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe"="C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe" "C:\Arquivos de programas\HP\Digital Imaging\bin\hpqste08.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe" "C:\Arquivos de programas\HP\Digital Imaging\bin\hposid01.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe" "C:\Arquivos de programas\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe" "C:\Arquivos de programas\HP\Digital Imaging\bin\hpqcopy2.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe" "C:\Arquivos de programas\HP\Digital Imaging\bin\hpfcCopy.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe" "C:\Arquivos de programas\HP\Digital Imaging\bin\hpoews01.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe" "C:\Arquivos de programas\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe" "C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgplgtupl.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe" "C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgpc01.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe" "C:\Arquivos de programas\HP\Digital Imaging\bin\hpqusgm.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe" "C:\Arquivos de programas\HP\Digital Imaging\bin\hpqusgh.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe" "C:\Arquivos de programas\HP\HP Software Update\hpwucli.exe"="C:\Arquivos de programas\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe" "C:\Arquivos de programas\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe"="C:\Arquivos de programas\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe" "C:\Arquivos de programas\uTorrent\uTorrent.exe"="C:\Arquivos de programas\uTorrent\uTorrent.exe:*:Enabled:µTorrent" "C:\Arquivos de programas\Winamp\winamp.exe"="C:\Arquivos de programas\Winamp\winamp.exe:*:Enabled:Winamp" "C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe"="C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager" "C:\Documents and Settings\Felipe\Desktop\snes\ZSNESW.EXE"="C:\Documents and Settings\Felipe\Desktop\snes\ZSNESW.EXE:*:Enabled:ZSNESW" "C:\Arquivos de programas\Bonjour\mDNSResponder.exe"="C:\Arquivos de programas\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe"="C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster" "C:\Level Up Games\Grand Chase\main.exe"="C:\Level Up Games\Grand Chase\main.exe:*:Enabled:GrandChase" "C:\Arquivos de programas\Skype\Phone\Skype.exe"="C:\Arquivos de programas\Skype\Phone\Skype.exe:*:Enabled:Skype" "C:\Documents and Settings\Felipe\Desktop\GTA2_www.baixebr.org\gta2.exe"="C:\Documents and Settings\Felipe\Desktop\GTA2_www.baixebr.org\gta2.exe:*:Enabled:GTA2 main executable" "C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe"="C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe" "C:\Arquivos de programas\HP\Digital Imaging\bin\hpqste08.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe" "C:\Arquivos de programas\HP\Digital Imaging\bin\hposid01.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe" "C:\Arquivos de programas\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe" "C:\Arquivos de programas\HP\Digital Imaging\bin\hpqcopy2.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe" "C:\Arquivos de programas\HP\Digital Imaging\bin\hpfcCopy.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe" "C:\Arquivos de programas\HP\Digital Imaging\bin\hpoews01.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe" "C:\Arquivos de programas\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe" "C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgplgtupl.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe" "C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgpc01.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe" "C:\Arquivos de programas\HP\Digital Imaging\bin\hpqusgm.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe" "C:\Arquivos de programas\HP\Digital Imaging\bin\hpqusgh.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe" "C:\Arquivos de programas\HP\HP Software Update\hpwucli.exe"="C:\Arquivos de programas\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe" "C:\Arquivos de programas\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe"="C:\Arquivos de programas\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe" "C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe"="C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster" ======List of files/folders created in the last 1 months====== 2010-12-20 00:05:53 ----D---- C:\Arquivos de programas\Ad-Remover 2010-12-18 21:51:21 ----D---- C:\Documents and Settings\Felipe\Dados de aplicativos\HK-Software 2010-12-18 21:50:33 ----D---- C:\Arquivos de programas\HK-Software 2010-12-18 12:42:30 ----D---- C:\Arquivos de programas\Valve 2010-12-18 12:24:53 ----SHD---- C:\Config.Msi 2010-12-18 00:43:36 ----A---- C:\WINDOWS\system32\npptNT2.sys 2010-12-18 00:42:43 ----D---- C:\Program Files 2010-12-18 00:22:49 ----D---- C:\rsit 2010-12-18 00:22:49 ----D---- C:\Arquivos de programas\trend micro 2010-12-17 19:40:33 ----D---- C:\Level Up Games 2010-12-17 09:49:52 ----D---- C:\Documents and Settings\Felipe\Dados de aplicativos\Malwarebytes 2010-12-17 09:49:45 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2010-12-17 09:49:43 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes 2010-12-17 09:49:15 ----D---- C:\Arquivos de programas\Malwarebytes' Anti-Malware 2010-12-17 09:49:15 ----A---- C:\WINDOWS\system32\drivers\mbam.sys 2010-12-17 09:40:28 ----D---- C:\!KillBox 2010-12-17 09:28:08 ----HDC---- C:\WINDOWS\$NtUninstallKB2296199$ 2010-12-17 09:27:52 ----HDC---- C:\WINDOWS\$NtUninstallKB2443105$ 2010-12-17 09:26:04 ----HDC---- C:\WINDOWS\$NtUninstallKB2440591$ 2010-12-17 09:25:38 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$ 2010-12-17 09:25:10 ----HDC---- C:\WINDOWS\$NtUninstallKB2443685$ 2010-12-17 09:21:03 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$ 2010-12-17 09:19:13 ----HDC---- C:\WINDOWS\$NtUninstallKB2436673$ 2010-12-17 09:18:59 ----HDC---- C:\WINDOWS\$NtUninstallKB2467659$ 2010-12-17 09:15:48 ----D---- C:\78efc4f9092b91be2a 2010-12-17 00:34:54 ----D---- C:\34654db5720f1e69fc9d5b2d4c 2010-12-17 00:29:50 ----D---- C:\Arquivos de programas\MSXML 4.0 2010-12-17 00:27:40 ----A---- C:\WINDOWS\imsins.BAK 2010-12-17 00:27:36 ----HDC---- C:\WINDOWS\$NtUninstallKB2423089$ 2010-12-16 22:13:48 ----A---- C:\ComboFix.txt 2010-12-16 19:54:21 ----D---- C:\Documents and Settings\Felipe\Dados de aplicativos\Mozilla 2010-12-16 19:21:26 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\PMB Files 2010-12-16 19:20:21 ----D---- C:\Arquivos de programas\Pando Networks 2010-12-16 14:09:39 ----A---- C:\Boot.bak 2010-12-16 14:09:34 ----RASHD---- C:\cmdcons 2010-12-16 14:06:01 ----A---- C:\WINDOWS\zip.exe 2010-12-16 14:06:01 ----A---- C:\WINDOWS\SWREG.exe 2010-12-16 14:06:01 ----A---- C:\WINDOWS\PEV.exe 2010-12-16 14:06:01 ----A---- C:\WINDOWS\NIRCMD.exe 2010-12-16 14:06:01 ----A---- C:\WINDOWS\MBR.exe 2010-12-16 14:06:00 ----A---- C:\WINDOWS\SWXCACLS.exe 2010-12-16 14:06:00 ----A---- C:\WINDOWS\SWSC.exe 2010-12-16 14:06:00 ----A---- C:\WINDOWS\sed.exe 2010-12-16 14:06:00 ----A---- C:\WINDOWS\grep.exe 2010-12-16 14:05:09 ----D---- C:\WINDOWS\ERDNT 2010-12-16 14:04:22 ----D---- C:\Qoobox 2010-12-16 12:47:10 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy 2010-12-16 12:47:10 ----D---- C:\Arquivos de programas\Spybot - Search & Destroy 2010-12-16 12:45:15 ----D---- C:\Arquivos de programas\Microsoft Silverlight 2010-12-16 10:23:52 ----A---- C:\WINDOWS\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.0.1600.22.dll 2010-12-16 10:23:35 ----A---- C:\WINDOWS\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.0.1600.22.dll 2010-12-16 10:22:07 ----D---- C:\WINDOWS\system32\RsFx 2010-12-16 10:19:26 ----D---- C:\Arquivos de programas\MSXML 6.0 2010-12-16 10:10:18 ----HDC---- C:\WINDOWS\$NtUninstallKB942288-v3$ 2010-12-16 10:09:24 ----D---- C:\Arquivos de programas\Microsoft SQL Server 2010-12-16 10:08:26 ----D---- C:\Arquivos de programas\Microsoft Synchronization Services 2010-12-16 10:08:25 ----D---- C:\Arquivos de programas\Microsoft SQL Server Compact Edition 2010-12-16 09:58:58 ----D---- C:\Arquivos de programas\Microsoft.NET 2010-12-16 09:58:58 ----D---- C:\Arquivos de programas\Microsoft Visual Studio 9.0 2010-12-16 09:56:57 ----D---- C:\Arquivos de programas\Microsoft SDKs 2010-12-15 19:57:32 ----A---- C:\WINDOWS\system32\ivint21s.dll 2010-12-15 19:57:32 ----A---- C:\WINDOWS\system32\ivint21r.dll 2010-12-15 19:57:32 ----A---- C:\WINDOWS\system32\ivint21.dll 2010-12-15 19:57:31 ----A---- C:\WINDOWS\system32\ivicu21.dll 2010-12-15 19:57:25 ----D---- C:\Arquivos de programas\datadirect 2010-12-15 19:55:58 ----D---- C:\CodeGear 2010-12-15 19:53:13 ----D---- C:\Documents and Settings\Felipe\Dados de aplicativos\CodeGear 2010-12-15 19:44:58 ----D---- C:\Documents and Settings\Felipe\Dados de aplicativos\Embarcadero 2010-12-15 19:44:58 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Embarcadero 2010-12-15 19:44:58 ----D---- C:\Arquivos de programas\Arquivos comuns\CodeGear Shared 2010-12-15 19:43:35 ----D---- C:\Arquivos de programas\Arquivos comuns\Borland Shared 2010-12-15 19:32:04 ----HD---- C:\Documents and Settings\All Users\Dados de aplicativos\{2D559015-4C05-4AE5-8C8B-7E13E1EAB09D} 2010-12-15 19:10:00 ----HDC---- C:\Documents and Settings\All Users\Dados de aplicativos\{2563F97A-045F-4E4C-9DB1-D5D26C269882} 2010-12-15 19:06:32 ----D---- C:\Arquivos de programas\Embarcadero 2010-12-15 18:41:26 ----D---- C:\WINDOWS\system32\XPSViewer 2010-12-15 18:41:14 ----D---- C:\WINDOWS\system32\en-US 2010-12-15 18:41:02 ----D---- C:\Arquivos de programas\Reference Assemblies 2010-12-15 18:39:51 ----N---- C:\WINDOWS\system32\xpssvcs.dll 2010-12-15 18:39:51 ----N---- C:\WINDOWS\system32\xpsshhdr.dll 2010-12-15 18:39:51 ----N---- C:\WINDOWS\system32\prntvpt.dll 2010-12-15 18:39:50 ----D---- C:\7f9ef9b76f876aeb2cc8f2d8f961efa9 2010-12-15 18:38:50 ----RSD---- C:\WINDOWS\assembly 2010-12-15 18:37:55 ----D---- C:\WINDOWS\Microsoft.NET 2010-12-15 12:26:02 ----A---- C:\WINDOWS\system32\GDS32.DLL 2010-12-15 12:25:56 ----D---- C:\Arquivos de programas\Firebird 2010-12-15 00:27:45 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\FLEXnet 2010-12-15 00:24:59 ----D---- C:\Arquivos de programas\Bonjour 2010-12-15 00:17:04 ----D---- C:\Arquivos de programas\Arquivos comuns\Macrovision Shared 2010-12-14 10:35:31 ----D---- C:\Documents and Settings\Felipe\Dados de aplicativos\skypePM 2010-12-11 20:15:48 ----N---- C:\WINDOWS\system32\SETCB.tmp 2010-12-10 15:45:21 ----ASH---- C:\pagefile.sys 2010-12-02 08:15:44 ----D---- C:\Arquivos de programas\Marcos Velasco Security 2010-12-02 08:13:02 ----D---- C:\Documents and Settings\Felipe\Dados de aplicativos\Dev-Cpp 2010-12-02 08:12:46 ----D---- C:\Dev-Cpp 2010-12-01 18:36:06 ----D---- C:\Arquivos de programas\Winamp Detect 2010-12-01 18:35:46 ----D---- C:\Documents and Settings\Felipe\Dados de aplicativos\Winamp 2010-12-01 18:31:21 ----D---- C:\Arquivos de programas\PluginLetras 2010-11-24 19:56:46 ----D---- C:\WINDOWS\element 2010-11-21 19:02:47 ----D---- C:\Pirata ======List of files/folders modified in the last 1 months====== 2010-12-20 10:51:11 ----D---- C:\WINDOWS\Prefetch 2010-12-20 10:45:29 ----D---- C:\WINDOWS\Temp 2010-12-20 10:44:21 ----D---- C:\WINDOWS\system32 2010-12-20 10:44:21 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2010-12-20 10:40:42 ----A---- C:\WINDOWS\Msiosd.ini 2010-12-20 01:04:39 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-12-20 00:05:53 ----RD---- C:\Arquivos de programas 2010-12-20 00:04:30 ----D---- C:\WINDOWS 2010-12-20 00:01:27 ----D---- C:\WINDOWS\system32\drivers 2010-12-19 20:15:15 ----A---- C:\WINDOWS\win.ini 2010-12-19 16:40:36 ----D---- C:\WINDOWS\system32\CatRoot2 2010-12-18 18:41:21 ----D---- C:\Documents and Settings\Felipe\Dados de aplicativos\HPAppData 2010-12-18 13:26:05 ----D---- C:\Documents and Settings\Felipe\Dados de aplicativos\Skype 2010-12-18 12:42:29 ----HD---- C:\Arquivos de programas\InstallShield Installation Information 2010-12-18 12:28:34 ----SHD---- C:\WINDOWS\Installer 2010-12-18 12:26:16 ----D---- C:\WINDOWS\WinSxS 2010-12-18 00:28:19 ----D---- C:\Arquivos de programas\Adobe 2010-12-18 00:19:01 ----D---- C:\Documents and Settings\Felipe\Dados de aplicativos\Adobe 2010-12-18 00:07:30 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Adobe 2010-12-17 09:29:09 ----D---- C:\WINDOWS\system32\CatRoot 2010-12-17 09:28:52 ----HD---- C:\WINDOWS\inf 2010-12-17 09:28:40 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-12-17 09:28:33 ----D---- C:\WINDOWS\ie8updates 2010-12-17 09:27:21 ----D---- C:\Arquivos de programas\Internet Explorer 2010-12-17 09:26:25 ----HD---- C:\WINDOWS\$hf_mig$ 2010-12-17 00:27:45 ----A---- C:\WINDOWS\system32\MRT.exe 2010-12-17 00:27:38 ----D---- C:\Arquivos de programas\Outlook Express 2010-12-16 22:35:36 ----D---- C:\Arquivos de programas\HP 2010-12-16 22:30:00 ----SD---- C:\WINDOWS\Tasks 2010-12-16 22:00:47 ----A---- C:\WINDOWS\system.ini 2010-12-16 21:54:14 ----D---- C:\WINDOWS\AppPatch 2010-12-16 21:54:09 ----D---- C:\Arquivos de programas\Arquivos comuns 2010-12-16 19:54:17 ----D---- C:\Arquivos de programas\Mozilla Firefox 2010-12-16 14:09:40 ----RASH---- C:\boot.ini 2010-12-16 14:02:51 ----D---- C:\WINDOWS\system32\drivers\etc 2010-12-16 12:44:48 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help 2010-12-16 12:38:00 ----D---- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared 2010-12-16 11:10:18 ----D---- C:\Documents and Settings\Felipe\Dados de aplicativos\Media Player Classic 2010-12-16 10:19:12 ----D---- C:\WINDOWS\system32\1033 2010-12-16 10:10:50 ----D---- C:\WINDOWS\system32\mui 2010-12-16 10:08:48 ----SD---- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft 2010-12-16 10:06:23 ----SD---- C:\Documents and Settings\Felipe\Dados de aplicativos\Microsoft 2010-12-16 09:47:38 ----D---- C:\Documents and Settings\Felipe\Dados de aplicativos\uTorrent 2010-12-15 19:57:33 ----A---- C:\WINDOWS\ODBCINST.INI 2010-12-15 18:41:11 ----RSD---- C:\WINDOWS\Fonts 2010-12-15 18:40:36 ----D---- C:\WINDOWS\system32\spool 2010-12-15 00:25:15 ----D---- C:\Arquivos de programas\Arquivos comuns\Adobe 2010-12-14 22:57:34 ----DC---- C:\WINDOWS\system32\DRVSTORE 2010-12-08 17:42:47 ----D---- C:\Documents and Settings\Felipe\Dados de aplicativos\HP 2010-12-04 22:04:58 ----D---- C:\WINDOWS\system32\wbem 2010-12-01 18:36:13 ----D---- C:\Arquivos de programas\Winamp 2010-11-25 18:47:21 ----D---- C:\Documents and Settings\Felipe\Dados de aplicativos\HpUpdate ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-04-29 44944] R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-11-12 691696] R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-09-07 28880] R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-09-07 165584] R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-09-07 46672] R1 intelppm;Driver de Processador Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448] R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14720] R1 msikbd2k;Multimedia Keyboard Filter Driver; C:\WINDOWS\System32\DRIVERS\msikbd2k.sys [2001-12-20 6656] R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-09-07 17744] R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-09-07 100176] R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-09-07 23376] R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l251x86.sys [2007-07-03 29696] R3 Envy24HFS;ICE Envy24 Family Audio Controller WDM; C:\WINDOWS\system32\drivers\Envy24HF.sys [2008-06-04 673600] R3 HDAudBus;Driver de Barramento Microsoft UAA para High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384] R3 hidusb;Driver de classe HID da Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver; C:\WINDOWS\system32\DRIVERS\ManyCam.sys [2008-01-14 21632] R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-10-22 9623680] R3 PAC7302;PC Camera; C:\WINDOWS\system32\DRIVERS\PAC7302.SYS [2007-11-08 458752] R3 usbaudio;Driver de áudio USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608] S3 am01p65t;am01p65t; C:\WINDOWS\system32\drivers\am01p65t.sys [] S3 catchme;catchme; \??\C:\DOCUME~1\Felipe\CONFIG~1\Temp\catchme.sys [] S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2008-10-28 49920] S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2008-10-28 16496] S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2008-10-28 21568] S3 MSTEE;Conversor em T entre locais de fluxo contínuo Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Conexão de TV e vídeo da Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-29 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-29 82944] S4 RsFx0102;RsFx0102 Driver; C:\WINDOWS\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 avast! Antivirus;avast! Antivirus; C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384] R2 BlackfishSQL;BlackfishSQL; C:\Arquivos de programas\Embarcadero\RAD Studio\7.0\bin\BSQLServer.exe [2009-11-19 65536] R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Arquivos de programas\Bonjour\mDNSResponder.exe [2006-02-28 229376] R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance; C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe [2009-02-28 81920] R2 hpqddsvc;Serviço de Descoberta de dispositivos CUE HP; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Arquivos de programas\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2008-07-10 40999448] R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R2 nhksrv;Netropa NHK Server; C:\Arquivos de programas\Netropa\Multimedia Keyboard\nhksrv.exe [2001-08-06 28672] R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-10-16 156776] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R2 SQLWriter;SQL Server VSS Writer; c:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-07-10 98840] R3 avast! Mail Scanner;avast! Mail Scanner; C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384] R3 avast! Web Scanner;avast! Web Scanner; C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384] R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance; C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe [2009-02-28 2732032] R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S2 IBG_gds_db;InterBase 2009 Guardian gds_db; C:\CodeGear\InterBase\bin\ibguard.exe [2009-08-12 36864] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-12-15 654848] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 IBS_gds_db;InterBase 2009 Server gds_db; C:\CodeGear\InterBase\bin\ibserver.exe [2009-08-12 2887680] S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Arquivos de programas\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824] S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2010-12-01 4028784] S3 odserv;Microsoft Office Diagnostics Service; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136] S3 ose;Office Source Engine; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 WMPNetworkSvc;Serviço de Compartilhamento de Rede do Windows Media Player; C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe [2006-11-03 914944] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; c:\Arquivos de programas\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 47128] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); c:\Arquivos de programas\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-10 369688] S4 SQLBrowser;SQL Server Browser; c:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-07-10 258072] -----------------EOF----------------- Compartilhar este post Link para o post Compartilhar em outros sites
Felipe_88 0 Denunciar post Postado Dezembro 21, 2010 Sefyrus, 1º Faça o download do SupressTools *Execute o programa *Clique em [supression] > [OK] O relatório será criado em C:\Report.txt 2º *Baixe o MalwareBytes Anti-Malware e salve-o no desktop *Instale o programa *Se alguma atualização existir,o download será automático. Aguarde... *O programa será aberto automaticamente. *Na aba [Verificação], selecione a opção [Verificação completa] *Clique em [Verificar] e selecione as partições a serem examinadas (geralmente C:\ e D:\) *Ao término do scan, poderá ser interrogado se deseja remover objetos da memória. Clique [sIM] > [OK] > [Mostrar Resultados] *Clique em [Remover Selecionados] *Um relatório (mbam-log-ano-mês-data.txt) será apresentado. *Cole-o na sua próxima resposta Compartilhar este post Link para o post Compartilhar em outros sites
Sefyrus 0 Denunciar post Postado Dezembro 21, 2010 Rapport Supress'tools Supress'tools a été éxécuté le 21/12/2010 à 10 : 01 Par Felipe Système d'exploitation : WIN_XP / X86 / Service Pack 3 Mode | Suppression | ¤¤¤¤¤¤¤ C:\ ¤¤¤¤¤¤¤ ComboFix.txt Supprimé Qoobox Supprimé ! rsit Supprimé ! ¤¤¤¤¤¤¤ C:\Documents and Settings\Felipe\Desktop\ ¤¤¤¤¤¤¤ RSIT.exe Supprimé ! AD-R.exe Supprimé ! ComboFix.exe Supprimé ! ¤¤¤¤¤¤¤ C:\Documents and Settings\Felipe\Meus documentos\Téléchargements ¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤ C:\WINDOWS\ ¤¤¤¤¤¤¤ mbr.exe Supprimé ! ¤¤¤¤¤¤¤ C:\Documents and Settings\All Users\Menu Iniciar\Programmes\ ¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤ C:\Arquivos de programas\ ¤¤¤¤¤¤¤ trend micro\ Supprimé ! Ad-Remover\ Supprimé ! ¤¤¤¤¤¤¤ C:\WINDOWS\Prefetch\ ¤¤¤¤¤¤¤ RSIT.EXE-04374CB4.pf Supprimé ! AD-R.EXE-0D19273D.pf Supprimé ! ¤¤¤¤¤¤¤ Registre ¤¤¤¤¤¤¤ HKEY_CURRENT_USER\Software\Ad-Remover Supprimée! ((((((((((((((( EOF ))))))))))))))) Malwarebytes' Anti-Malware 1.50 www.malwarebytes.org Versão da Base de Dados: 5342 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 17/12/2010 10:09:01 mbam-log-2010-12-17 (10-09-01).txt Tipo de Verificação: Verificação Rápida Objetos escaneados: 136054 Tempo decorrido: 5 minuto(s), 49 segundo(s) Processos de Memória Infectados: 0 Módulos de Memória Infectados: 0 Chaves de Registro Infectadas: 1 Valores de Registro Infectados: 0 Itens de Dados no Registro Infectados: 1 Pastas Infectadas: 0 Arquivos Infectados: 1 Processos de Memória Infectados: (Não foram detectados ítens maliciosos) Módulos de Memória Infectados: (Não foram detectados ítens maliciosos) Chaves de Registro Infectadas: HKEY_CURRENT_USER\SOFTWARE\JP595IR86O (Trojan.FakeAlert) -> Quarantined and deleted successfully. Valores de Registro Infectados: (Não foram detectados ítens maliciosos) Itens de Dados no Registro Infectados: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Pastas Infectadas: (Não foram detectados ítens maliciosos) Arquivos Infectados: c:\windows\drimaa.exe (Trojan.FraudPack) -> Quarantined and deleted successfully. Tem uns itens em quarentena ...devo fazer alguma coisa? Compartilhar este post Link para o post Compartilhar em outros sites
Felipe_88 0 Denunciar post Postado Dezembro 21, 2010 Sefyrus, Você fez o procedimento em Verificação Rápida. Por gentileza, refaça o procedimento com o MalwaresBytes e esteja atento ao seguinte detalhe: *Na aba [Verificação], selecione a opção [Verificação completa] Concluído a verificação clique em [Mostrar Resultados] > Clique em [Remover Selecionados] Depois poste o resultado. Compartilhar este post Link para o post Compartilhar em outros sites
Sefyrus 0 Denunciar post Postado Dezembro 22, 2010 Malwarebytes' Anti-Malware 1.50 www.malwarebytes.org Versão da Base de Dados: 5366 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 22/12/2010 11:18:20 mbam-log-2010-12-22 (11-18-20).txt Tipo de Verificação: Verificação Completa (C:\|) Objetos escaneados: 247615 Tempo decorrido: 1 hora(s), 23 minuto(s), 41 segundo(s) Processos de Memória Infectados: 0 Módulos de Memória Infectados: 0 Chaves de Registro Infectadas: 0 Valores de Registro Infectados: 0 Itens de Dados no Registro Infectados: 0 Pastas Infectadas: 0 Arquivos Infectados: 0 Processos de Memória Infectados: (Não foram detectados ítens maliciosos) Módulos de Memória Infectados: (Não foram detectados ítens maliciosos) Chaves de Registro Infectadas: (Não foram detectados ítens maliciosos) Valores de Registro Infectados: (Não foram detectados ítens maliciosos) Itens de Dados no Registro Infectados: (Não foram detectados ítens maliciosos) Pastas Infectadas: (Não foram detectados ítens maliciosos) Arquivos Infectados: (Não foram detectados ítens maliciosos) Compartilhar este post Link para o post Compartilhar em outros sites
Felipe_88 0 Denunciar post Postado Dezembro 24, 2010 Sefyrus, 1º *Faça um scan online com o NOD32 *Ao término cole o relatório criado em C:\Arquivos de programas\EsetOnlineScanner\log 2º *Baixe o ATF Cleaner e salve-o no desktop *Duplo clique em ATF-Cleaner *Selecione: [] Select All *Clique em [Empty Selected] =>Caso use Firefox ou Opera: *Clique na aba "Firefox" ou em "Opera" *Selecione: [] Select All *Clique em [sim] > [Empty Selected] > [sim] *Clique em [Exit] ou no [X] para sair do programa ->OK 3º *Baixe e instale o CCleaner *Abra o programa e na aba "Windows", desça até a opção "Avançado" e selecione "Dados Prefetch antigos" *Clique em [Executar Limpeza] *Em seguida, clique em [Registro] -> [Procurar erros] -> [Corrigir Erros Selecionados] -> [Corrigir Todos os Erros Selecionados] ->Teve muitos erros mais corrigiu todos * Por gentileza, use regularmente o ATFCleaner e o CCleaner para manter o PC em ordem. Como está o PC após esses procedimentos? Ainda lento e travando? Compartilhar este post Link para o post Compartilhar em outros sites
Sefyrus 0 Denunciar post Postado Dezembro 25, 2010 Já não está mais atravando e lento, ficou ótimo! Vou executar os ultimos procedimentos que você me passou para ter mais certeza, mas já notei uma grande melhora! Muito obrigado pela sua ajuda, Boas festas! Compartilhar este post Link para o post Compartilhar em outros sites
Felipe_88 0 Denunciar post Postado Dezembro 27, 2010 PROBLEMA RESOLVIDO Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico. Compartilhar este post Link para o post Compartilhar em outros sites
