ndrgomes 0 Denunciar post Postado Janeiro 9, 2011 não consigo alterar a configuração automática de proxy e remover a entrada usar script... "http://www.cearainfo.com/0xf04.pac" segue log do hijackthis... Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:30:53, on 09/01/2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18999) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\DellTPad\Apoint.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE C:\Program Files\DellTPad\ApMsgFwd.exe C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe C:\Program Files\DellTPad\HidFind.exe C:\Program Files\DellTPad\Apntex.exe C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe C:\Windows\system32\igfxext.exe C:\Program Files\USB Disk Security\USBGuard.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe C:\Windows\system32\conime.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\Users\user\Desktop\OTL.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Users\user\Downloads\HiJackThis.exe C:\Windows\system32\SearchFilterHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/5 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ac.gov.br/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www1.la.dell.com/content/default.aspx?c=br&l=pt&s=gen R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.0.21:3128 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files\GbPlugin\gbieh.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe O4 - HKLM\..\Run: [DellControlPoint] "c:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" O4 - HKLM\..\Run: [DellConnectionManager] "C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe" O4 - HKLM\..\Run: [ChangeTPMAuth] C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe /T:NTRU12 O4 - HKLM\..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe O4 - HKLM\..\Run: [uSCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe O4 - HKLM\..\Run: [uSB Antivirus] C:\Program Files\USB Disk Security\RunUSBGuard.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [Google Update] "C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE') O4 - Global Startup: Dell ControlPoint System Manager.lnk = C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL O15 - Trusted Zone: www.bancobrasil.com.br O15 - Trusted Zone: www14.bancobrasil.com.br O15 - Trusted Zone: www2.bancobrasil.com.br O15 - Trusted Zone: www.bb.com.br O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - Winlogon Notify: GbPluginBb - C:\Program Files\GbPlugin\gbieh.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Ambient Light Sensor (alssvc) - Dell Inc. - C:\Program Files\Dell\Ambient Light Sensor\AlsSvc.exe O23 - Service: Avira AntiVir Programador (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: ArcGIS License Manager - Flexera Software, Inc. - C:\Program Files\ArcGIS\License10.0\bin\lmgrd.exe O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Program Files\Fingerprint Sensor\AtService.exe O23 - Service: Dell ControlPoint Button Service (buttonsvc32) - Dell Inc. - C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe O23 - Service: Dell ControlPoint System Manager (dcpsysmgrsvc) - Dell Inc. - c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe O23 - Service: Smith Micro Connection Manager Service (SMManager) - Smith Micro Software, Inc. - C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_d2df6701\STacSV.exe O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: NTRU TSS v1.2.1.29 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- End of file - 13424 bytes Compartilhar este post Link para o post Compartilhar em outros sites
Felipe_88 0 Denunciar post Postado Janeiro 10, 2011 Olá, ndrgomes! Não vi nada relacionado a cearainfo.com/0xf04.pac. Vamos dar uma analisada mais profunda; 1º * Faça o download do DelDomains * Clique com o botão direito no [DelDomains.inf] e clicar em Instalar. * Reinicie a máquina. Obs.: Esse procedimento removerá todas as entradas presentes nos sites confiáveis e nos sites restritos. Caso queira adicionar alguma entrada nos sites restritos, será necessário adicioná-las posteriormente. 2º *Baixe o RSIT e salve-o no desktop *Execute o RSIT e clique em [Continue] *Ao término do processo, cole os relatórios criados em C:\rsit\log.txt e C:\rsit\info.txt Ficamos no aguardo! Compartilhar este post Link para o post Compartilhar em outros sites
ndrgomes 0 Denunciar post Postado Janeiro 11, 2011 segue conteúdo do log.txt Logfile of random's system information tool 1.08 (written by random/random) Run by user at 2011-01-10 20:20:20 Microsoft® Windows Vista™ Business Service Pack 2 System drive C: has 80 GB (34%) free of 236 GB Total RAM: 3538 MB (68% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:21:36, on 10/01/2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18999) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\DellTPad\Apoint.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\DellTPad\HidFind.exe C:\Program Files\DellTPad\Apntex.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe C:\Program Files\DAEMON Tools Lite\DTLite.exe C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe C:\Windows\system32\igfxext.exe C:\Program Files\USB Disk Security\USBGuard.exe C:\Users\user\Desktop\RSIT.exe C:\Program Files\trend micro\user.exe C:\Windows\system32\SearchFilterHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/5 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ac.gov.br/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www1.la.dell.com/content/default.aspx?c=br&l=pt&s=gen R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.0.21:3128 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files\GbPlugin\gbieh.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe O4 - HKLM\..\Run: [DellControlPoint] "c:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" O4 - HKLM\..\Run: [DellConnectionManager] "C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe" O4 - HKLM\..\Run: [uSCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe O4 - HKLM\..\Run: [uSB Antivirus] C:\Program Files\USB Disk Security\RunUSBGuard.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [Google Update] "C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE') O4 - Global Startup: Dell ControlPoint System Manager.lnk = C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - Winlogon Notify: GbPluginBb - C:\Program Files\GbPlugin\gbieh.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Ambient Light Sensor (alssvc) - Dell Inc. - C:\Program Files\Dell\Ambient Light Sensor\AlsSvc.exe O23 - Service: Avira AntiVir Programador (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: ArcGIS License Manager - Flexera Software, Inc. - C:\Program Files\ArcGIS\License10.0\bin\lmgrd.exe O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Program Files\Fingerprint Sensor\AtService.exe O23 - Service: Dell ControlPoint Button Service (buttonsvc32) - Dell Inc. - C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe O23 - Service: Dell ControlPoint System Manager (dcpsysmgrsvc) - Dell Inc. - c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe O23 - Service: Smith Micro Connection Manager Service (SMManager) - Smith Micro Software, Inc. - C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_d2df6701\STacSV.exe O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: NTRU TSS v1.2.1.29 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- End of file - 12655 bytes ======Scheduled tasks folder====== C:\Windows\tasks\GlaryInitialize.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2832116611-4279327628-2808801757-1000Core.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2832116611-4279327628-2808801757-1000UA.job C:\Windows\tasks\RockMeltUpdateTaskUserS-1-5-21-2832116611-4279327628-2808801757-1000Core.job C:\Windows\tasks\RockMeltUpdateTaskUserS-1-5-21-2832116611-4279327628-2808801757-1000UA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}] Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22 191792] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}] Windows Live Messenger Companion Helper - C:\Program Files\Windows Live\Companion\companioncore.dll [2010-09-23 393600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}] Adobe PDF Conversion Toolbar Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2009-12-21 349640] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540000}] GbIehObj Class - C:\Program Files\GbPlugin\gbieh.dll [2010-12-28 351624] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-09-15 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}] SmartSelect Class - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2009-12-21 349640] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2009-12-21 349640] {32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25 968000] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Apoint"=C:\Program Files\DellTPad\Apoint.exe [2009-06-19 249856] "IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-02-27 141848] "HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-02-27 173592] "Persistence"=C:\Windows\system32\igfxpers.exe [2009-02-27 150552] "IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2009-02-11 186904] "Broadcom Wireless Manager UI"=C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [2010-03-06 3888640] "DellControlPoint"=c:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe [2009-06-11 656384] "DellConnectionManager"=C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe [2009-10-05 1826816] "USCService"=C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe [2009-07-05 15872] "USB Antivirus"=C:\Program Files\USB Disk Security\RunUSBGuard.exe [2009-12-10 81920] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-09-03 281768] "GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072] "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696] "Google Update"=C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-30 136176] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2009-12-21 640440] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2009-12-22 38840] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent] C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe [2010-03-26 1234216] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RockMelt Update] C:\Users\user\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2010-11-16 136336] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe [2009-07-31 458844] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Waiting1690] C:\Windows\stid1690.exe [2007-06-05 60416] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Dell ControlPoint System Manager.lnk - C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginBb] C:\Program Files\GbPlugin\gbieh.dll [2010-12-28 351624] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\Windows\system32\igfxdev.dll [2009-02-27 210432] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848] "{E37CB5F0-51F5-4395-A808-5FA49E399F83}"=C:\Program Files\GbPlugin\gbieh.dll [2010-12-28 351624] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "authentication packages"=msv1_0 wvauth [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "EnableLUA"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 "EnableLinkedConnections"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "BindDirectlyToPropertySetStorage"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 months====== 2011-01-10 20:20:21 ----D---- C:\Program Files\trend micro 2011-01-10 20:20:20 ----D---- C:\rsit 2011-01-09 16:30:29 ----D---- C:\Users\user\AppData\Roaming\Avira 2011-01-05 08:42:52 ----D---- C:\Windows\system32\Wave Systems Corp 2011-01-03 00:44:04 ----A---- C:\Windows\system32\win32k.sys 2011-01-03 00:43:48 ----A---- C:\Windows\system32\schedsvc.dll 2011-01-03 00:43:47 ----A---- C:\Windows\system32\wmicmiplugin.dll 2011-01-03 00:43:47 ----A---- C:\Windows\system32\taskschd.dll 2011-01-03 00:43:47 ----A---- C:\Windows\system32\taskeng.exe 2011-01-03 00:43:47 ----A---- C:\Windows\system32\taskcomp.dll 2011-01-03 00:43:37 ----A---- C:\Windows\system32\consent.exe 2011-01-03 00:43:35 ----A---- C:\Windows\system32\fontsub.dll 2011-01-03 00:43:35 ----A---- C:\Windows\system32\atmlib.dll 2011-01-03 00:43:35 ----A---- C:\Windows\system32\atmfd.dll 2011-01-03 00:43:32 ----A---- C:\Windows\system32\iertutil.dll 2011-01-03 00:43:31 ----A---- C:\Windows\system32\mshtml.dll 2011-01-03 00:43:30 ----A---- C:\Windows\system32\mstime.dll 2011-01-03 00:43:30 ----A---- C:\Windows\system32\ieframe.dll 2011-01-03 00:43:30 ----A---- C:\Windows\system32\ie4uinit.exe 2011-01-03 00:43:29 ----A---- C:\Windows\system32\wininet.dll 2011-01-03 00:43:29 ----A---- C:\Windows\system32\urlmon.dll 2011-01-03 00:43:29 ----A---- C:\Windows\system32\occache.dll 2011-01-03 00:43:29 ----A---- C:\Windows\system32\mshtmled.dll 2011-01-03 00:43:29 ----A---- C:\Windows\system32\msfeedssync.exe 2011-01-03 00:43:29 ----A---- C:\Windows\system32\msfeedsbs.dll 2011-01-03 00:43:29 ----A---- C:\Windows\system32\msfeeds.dll 2011-01-03 00:43:29 ----A---- C:\Windows\system32\licmgr10.dll 2011-01-03 00:43:29 ----A---- C:\Windows\system32\jsproxy.dll 2011-01-03 00:43:29 ----A---- C:\Windows\system32\ieUnatt.exe 2011-01-03 00:43:29 ----A---- C:\Windows\system32\ieui.dll 2011-01-03 00:43:29 ----A---- C:\Windows\system32\iesysprep.dll 2011-01-03 00:43:29 ----A---- C:\Windows\system32\iesetup.dll 2011-01-03 00:43:29 ----A---- C:\Windows\system32\iernonce.dll 2011-01-03 00:43:29 ----A---- C:\Windows\system32\iepeers.dll 2011-01-03 00:43:29 ----A---- C:\Windows\system32\iedkcs32.dll 2011-01-03 00:38:36 ----A---- C:\Windows\system32\tzres.dll ======List of files/folders modified in the last 1 months====== 2011-01-10 20:21:37 ----D---- C:\Windows\Temp 2011-01-10 20:20:21 ----RD---- C:\Program Files 2011-01-10 20:18:58 ----AD---- C:\Windows\system32\drivers 2011-01-10 20:18:57 ----D---- C:\ProgramData\GbPlugin 2011-01-10 20:18:53 ----D---- C:\Program Files\GbPlugin 2011-01-09 23:42:46 ----D---- C:\Windows 2011-01-09 17:30:48 ----SHD---- C:\System Volume Information 2011-01-09 17:14:54 ----D---- C:\Windows\rescache 2011-01-09 16:52:26 ----D---- C:\Program Files\Glary Utilities 2011-01-09 16:50:00 ----D---- C:\Windows\Tasks 2011-01-08 15:12:59 ----D---- C:\Windows\system32\catroot2 2011-01-06 23:05:20 ----D---- C:\Windows\inf 2011-01-06 23:05:20 ----AD---- C:\Windows\System32 2011-01-06 23:05:20 ----A---- C:\Windows\system32\PerfStringBackup.INI 2011-01-05 23:29:33 ----D---- C:\Windows\Debug 2011-01-04 21:57:21 ----D---- C:\Windows\winsxs 2011-01-04 21:44:57 ----D---- C:\Windows\Prefetch 2011-01-04 21:42:05 ----D---- C:\Program Files\Windows Mail 2011-01-04 21:42:04 ----D---- C:\Program Files\Internet Explorer 2011-01-04 21:42:03 ----D---- C:\Windows\system32\migration 2011-01-04 21:41:58 ----D---- C:\Program Files\Microsoft Silverlight 2011-01-03 02:23:37 ----SHD---- C:\Windows\Installer 2011-01-03 02:23:30 ----D---- C:\ProgramData\Microsoft Help 2011-01-03 02:21:01 ----D---- C:\Windows\system32\pt-BR 2011-01-03 02:19:36 ----D---- C:\Windows\system32\catroot 2011-01-03 02:17:12 ----A---- C:\Windows\system32\mrt.exe 2011-01-03 00:25:46 ----D---- C:\Windows\system32\config 2011-01-03 00:25:35 ----D---- C:\Windows\system32\spool 2011-01-03 00:25:35 ----D---- C:\Windows\system32\Msdtc 2011-01-03 00:25:31 ----D---- C:\Windows\system32\wbem 2011-01-03 00:25:31 ----D---- C:\Windows\registration 2010-12-30 19:53:19 ----D---- C:\Windows\system32\Tasks ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 GbpKm;Gbp KernelMode; C:\Windows\system32\drivers\gbpkm.sys [2010-12-28 46600] R0 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iastor.sys [2009-04-28 329752] R0 PBADRV;PBADRV; C:\Windows\system32\DRIVERS\PBADRV.sys [2008-06-04 26608] R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2007-11-14 43840] R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-10-17 691696] R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608] R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2011-01-09 135096] R1 hwinterface;hwinterface; C:\Windows\System32\Drivers\hwinterface.sys [2010-04-01 3026] R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520] R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2008-08-14 74720] R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2011-01-09 61960] R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2009-04-03 48128] R2 Sentinel;Sentinel; C:\Windows\System32\Drivers\SENTINEL.SYS [2006-03-14 90176] R2 WavxDMgr;WavxDMgr; C:\Windows\system32\DRIVERS\WavxDMgr.sys [2009-06-12 205624] R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\Windows\system32\DRIVERS\Apfiltr.sys [2009-11-24 217136] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2008-07-01 210432] R3 BCM42RLY;BCM42RLY; C:\Windows\system32\drivers\BCM42RLY.sys [2010-03-06 18424] R3 BCM43XX;Controlador da Placa WLAN sem Fios Dell; C:\Windows\system32\DRIVERS\bcmwl6.sys [2010-03-06 1666040] R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-02-27 4568064] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI; C:\Windows\system32\drivers\IntcHdmi.sys [2009-02-27 112128] R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2010-10-09 47360] R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088] R3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\DRIVERS\stwrt.sys [2009-07-31 409088] S3 aalvvlx9;aalvvlx9; C:\Windows\system32\drivers\aalvvlx9.sys [] S3 CAM1690;USB 2.0 Compliance JPEG Video Camera; C:\Windows\System32\Drivers\cam1690.sys [2007-08-29 153856] S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632] S3 e1express;Driver do Intel® PRO/1000 PCI Express Network Connection; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-01-20 220672] S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-23 39272] S3 grmnusb;Garmin USB Driver; C:\Windows\system32\drivers\grmnusb.sys [2009-04-17 9344] S3 MSKSSRV;Proxy de serviço de streaming Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192] S3 MSPCLOCK;Proxy do relógio de streaming Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888] S3 MSPQM;Proxy de gerenciador de qualidade de streaming Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504] S3 MSTEE;Conversor em T entre Coletores de streaming Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016] S3 NvtSp50;NvtSp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\NvtSp50.sys [] S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032] S3 usbser;USB Serial emulation modem driver; C:\Windows\system32\DRIVERS\usbser.sys [2009-04-11 27648] S3 usbvideo;Dispositivo de vídeo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-20 134016] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-09-30 40448] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328] S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2009-04-11 6656] S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616] S4 rimspci;rimspci; C:\Windows\system32\drivers\rimspe86.sys [2009-04-03 45056] S4 rimsptsk;rimsptsk; C:\Windows\system32\drivers\rimsptsk.sys [2009-04-03 45056] S4 risdpcie;risdpcie; C:\Windows\system32\drivers\risdpe86.sys [2009-04-03 48640] S4 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\drivers\rixdptsk.sys [2009-04-03 38400] S4 rixdpcie;rixdpcie; C:\Windows\system32\drivers\rixdpe86.sys [2009-04-03 38400] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 alssvc;Ambient Light Sensor; C:\Program Files\Dell\Ambient Light Sensor\AlsSvc.exe [2008-06-03 382232] R2 AntiVirSchedulerService;Avira AntiVir Programador; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-09-03 135336] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2011-01-09 267944] R2 ArcGIS License Manager;ArcGIS License Manager; C:\Program Files\ArcGIS\License10.0\bin\lmgrd.exe [2010-07-12 1377104] R2 ATService;AuthenTec Fingerprint Service; C:\Program Files\Fingerprint Sensor\AtService.exe [2009-05-15 1803512] R2 buttonsvc32;Dell ControlPoint Button Service; C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe [2009-04-27 293968] R2 dcpsysmgrsvc;Dell ControlPoint System Manager; c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2009-07-16 382752] R2 GbpSv;Gbp Service; C:\PROGRA~1\GbPlugin\GbpSv.exe [2010-12-28 54664] R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2009-02-11 354840] R2 NAUpdate;@C:\Program Files\Nero\Update\NASvc.exe,-200; C:\Program Files\Nero\Update\NASvc.exe [2010-03-25 490280] R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-09-22 249136] R2 SentinelProtectionServer;Sentinel Protection Server; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [2006-03-14 206400] R2 SMManager;Smith Micro Connection Manager Service; C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [2009-10-05 76288] R2 STacSV;Audio Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_d2df6701\STacSV.exe [2009-07-31 221266] R2 TdmService;TdmService; C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe [2009-06-11 1622016] R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464] R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE [2010-03-06 26112] S2 tcsd_win32.exe;NTRU TSS v1.2.1.29 TCS; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [2008-11-12 1273856] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-11-20 867080] S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-20 21504] S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2010-09-23 1493352] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2008-01-20 21504] S3 SecureStorageService;SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [2009-06-03 1019904] S3 stllssvr;stllssvr; c:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2009-01-16 74392] -----------------EOF----------------- segue conteúdo do info.txt info.txt logfile of random's system information tool 1.08 2011-01-10 20:21:42 ======Uninstall list====== Adobe Acrobat 9 Pro - English, Français, Deutsch-->msiexec /I {AC76BA86-1033-F400-7760-000000000004} Adobe Acrobat 9 Pro - English, Français, Deutsch-->msiexec /I {AC76BA86-1033-F400-7760-000000000004} Adobe Acrobat 9.3.1 - CPSID_50570-->msiexec /I {AC76BA86-1033-F400-7760-000000000004} Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E} Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8} Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0} Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191} Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02} Adobe Color EU Extra Settings CS4-->MsiExec.exe /I{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4} Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F} Adobe Color NA Recommended Settings CS4-->MsiExec.exe /I{00ADFB20-AE75-46F4-AD2C-F48B15AC3100} Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D} Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF} Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683} Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A} Adobe Drive CS4-->MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C} Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5} Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972} Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe -maintain activex Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10l_Plugin.exe -maintain plugin Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794} Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67} Adobe Media Player-->msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C} Adobe Media Player-->MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C} Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A} Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353} Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD} Adobe Photoshop CS4-->C:\Program Files\Common Files\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\Setup.exe --uninstall=1 Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494} Adobe Photoshop CS4-->MsiExec.exe /I{E4848436-0345-47E2-B648-8B522FCDA623} Adobe Reader 9.4.0 - Português-->MsiExec.exe /I{AC76BA86-7AD7-1046-7B44-A94000000001} Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA} Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7} Adobe Setup-->MsiExec.exe /I{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23} Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230} Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755} Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF} Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739} AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4} AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4} All Day Battery Life Configuration-->MsiExec.exe /X{2220CF3A-EBD6-4070-94D0-0C7337B537A7} Ambient Light Sensor-->MsiExec.exe /X{5AF4F4C5-C71C-418F-B0B1-3903A345BD71} ArcGIS Desktop 10-->"C:\Program Files\Common Files\ArcGIS\Support\ESRI.exe" msiexec.exe /i {64665955-E1A1-4A8B-BFFA-673A95318909} ArcGIS License Manager 10-->"C:\Program Files\ArcGIS\License10.0\Support\ESRI.exe" msiexec.exe /i {1DD1D1E9-FC96-4B17-BE0A-A5481F8B0D67} Arquivo do WinRAR-->C:\Program Files\WinRAR\uninstall.exe Atualização do produto Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0416-0000-0000000FF1CE} /uninstall {717C9095-8AAE-41CB-B046-BD6E8399F4F3} Atualização do produto Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0416-0000-0000000FF1CE} /uninstall {5016CB22-B9A7-44FB-AA72-AF28B27B15EA} Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0416-0000-0000000FF1CE} /uninstall {BE3A7C0C-0081-4694-B5F9-980DD66BDDF8} Atualização do produto Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0416-0000-0000000FF1CE} /uninstall {7297E3A9-FCD4-4E0E-A306-7A90359E50E3} AuthenTec Fingerprint Software-->MsiExec.exe /I{59333B51-EA3C-4D7B-9AFE-96AD51B3C266} Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE BioAPI Framework-->MsiExec.exe /X{AF7E4468-E364-4991-BC2A-6E8293E1055B} CamStudio-->C:\Program Files\CamStudio\uninstall.exe CCleaner-->"C:\Program Files\CCleaner\uninst.exe" Chicken Invaders 3 Free Trial-->"C:\Program Files\ChickenInvaders3\unins000.exe" Cisco EAP-FAST Module-->MsiExec.exe /I{9BFD5911-93E3-42BB-BFCD-50E4BA5B8D67} Cisco LEAP Module-->MsiExec.exe /I{99A4344A-C723-4661-A507-D9D939480358} Cisco PEAP Module-->MsiExec.exe /I{CD344FA5-6657-47CD-940F-8727EED35595} Color LaserJet 2600n-->C:\Program Files\Zenographics\{EBEF01A9-14C7-487C-9FC4-7A38CB125A29}\SETUP.EXE -u "HPCLJKCInstaller.dll=CLJ2600.INF" Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D} ConvertXtoDVD 4.0.12.327-->"C:\Program Files\VSO\ConvertX\4\unins000.exe" Corel Graphics - Windows Shell Extension-->c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellUninst.exe -ProductCode {51DD370C-6690-424E-9674-5F14468B323F} -arp Corel Graphics - Windows Shell Extension-->MsiExec.exe /X{51DD370C-6690-424E-9674-5F14468B323F} CorelDRAW Graphics Suite X5 - IPM-->MsiExec.exe /I{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F} CorelDRAW Graphics Suite X5 - WT-->MsiExec.exe /I{9244E956-5939-4B88-930C-0699D4AB2B95} CorelDRAW® Graphics Suite X5-->c:\Program Files\Corel\CorelDRAW Graphics Suite X5\Setup\SetupARP.exe /arp D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF} DAEMON Tools Toolbar-->C:\Program Files\DAEMON Tools Toolbar\uninst.exe DCP32MMWrapper-->MsiExec.exe /I{7B088773-4913-46E1-813E-CD1A0FA9CB03} Dell Control Point-->MsiExec.exe /I{3872C2B2-1C00-4742-83F5-D0797278E9EF} Dell ControlPoint Connection Manager-->MsiExec.exe /I{E63A7E64-AD93-47E7-AC5C-BA042AA740CA} Dell ControlPoint Security Manager-->"C:\Program Files\InstallShield Installation Information\{F4487649-7368-4217-AEA3-1E04DB3E2C5C}\setup.exe" -runfromtemp -l0x0416 -removeonly Dell ControlPoint System Manager-->MsiExec.exe /I{9143F2FA-BF20-4311-8618-4CCF51B1B80C} Dell Edoc Viewer-->MsiExec.exe /I{3138EAD3-700B-4A10-B617-B3F8096EE30D} Dell Embassy Trust Suite by Wave Systems-->C:\Windows\Downloaded Installations\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}\Installer.exe Dell Security Device Driver Pack-->"C:\Program Files\InstallShield Installation Information\{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}\setup.exe" -runfromtemp -l0x0416 -removeonly Dell Touchpad-->C:\Program Files\DellTPad\Uninstap.exe ADDREMOVE Dell Wireless WLAN Card Utility-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card" Divulga 2010 versão 1.1.0-->"C:\Program Files\Justiça Eleitoral\Divulga 2010\unins000.exe" Document Manager Lite-->C:\Program Files\InstallShield Installation Information\{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}\setup.exe -runfromtemp -l0x0416 DVD Data Rescue 2.1-->"C:\Program Files\dvddr\unins000.exe" DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe" EMBASSY Security Center-->C:\Program Files\InstallShield Installation Information\{EEAFE1E5-076B-430A-96D9-B567792AFA88}\setup.exe -runfromtemp -l0x0416 EMBASSY Security Setup-->C:\Program Files\InstallShield Installation Information\{53333479-6A52-4816-8497-5C52B67ED339}\setup.exe -runfromtemp -l0x0416 ESC Home Page Plugin-->C:\Program Files\InstallShield Installation Information\{E738A392-F690-4A9D-808E-7BAF80E0B398}\setup.exe -runfromtemp -l0x0409 Garmin USB Drivers-->MsiExec.exe /X{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E} Gemalto-->MsiExec.exe /I{BC52E419-B185-488F-9973-049A88E5DCBE} Glary Utilities 2.30.0.1066-->"C:\Program Files\Glary Utilities\unins000.exe" GPS TrackMaker Professional-->MsiExec.exe /X{08E0DD99-935D-4AF3-AF63-5774C3D8B1A4} GPS TrackMaker-->MsiExec.exe /X{572DDD41-B104-4D5C-BA1B-7A22E92E7A0C} High-Definition Video Playback 10-->MsiExec.exe /X{237CCB62-8454-43E3-B158-3ACD0134852E} Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)-->C:\Windows\system32\msiexec.exe /package {AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)-->C:\Windows\system32\msiexec.exe /package {AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)-->C:\Windows\system32\msiexec.exe /package {AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)-->C:\Windows\system32\msiexec.exe /package {AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)-->C:\Windows\system32\msiexec.exe /package {AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB} /uninstall /qb+ REBOOTPROMPT="" Intel® Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall Intel® TV Wizard-->C:\Windows\system32\TVWizudlg.exe -uninstall Intel® Matrix Storage Manager-->C:\Program Files\Intel\Intel Matrix Storage Manager\Uninstall\imsmudlg.exe -uninstall Java 6 Update 22-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216017FF} JPEG Camera v1.02-->MsiExec.exe /I{8527C3D5-BA1D-46E9-88D2-AF25544311A3} Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4} K-Lite Mega Codec Pack 6.2.0-->"C:\Program Files\K-Lite Codec Pack\unins000.exe" kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243} Map of South America-->MsiExec.exe /X{BB7C0C8E-CF0B-44C5-B838-9ED93D15DBDF} Mapa do Brasil 1.6-->MsiExec.exe /X{96598552-B825-460A-AD2C-5726CA3CABDB} Messenger Companion-->MsiExec.exe /I{3889988F-762B-4B85-AB17-71C9CC3AE445} Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe" Microsoft .NET Framework 3.5 Language Pack SP1 - ptb-->MsiExec.exe /I{1438B41C-658C-35B7-9253-780F2E0A0B8E} Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0416-0000-0000000FF1CE} /uninstall {02A880E2-B8B9-4BF5-8822-EA1374734E2E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0416-0000-0000000FF1CE} /uninstall {02A880E2-B8B9-4BF5-8822-EA1374734E2E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0416-0000-0000000FF1CE} /uninstall {02A880E2-B8B9-4BF5-8822-EA1374734E2E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0416-0000-0000000FF1CE} /uninstall {02A880E2-B8B9-4BF5-8822-EA1374734E2E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0416-0000-0000000FF1CE} /uninstall {02A880E2-B8B9-4BF5-8822-EA1374734E2E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0416-0000-0000000FF1CE} /uninstall {02A880E2-B8B9-4BF5-8822-EA1374734E2E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0416-0000-0000000FF1CE} /uninstall {02A880E2-B8B9-4BF5-8822-EA1374734E2E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0416-0000-0000000FF1CE} /uninstall {9A141B2B-7C5E-47D2-8E9E-9AC6018F3C42} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0416-0000-0000000FF1CE} /uninstall {02A880E2-B8B9-4BF5-8822-EA1374734E2E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0416-0000-0000000FF1CE} /uninstall {02A880E2-B8B9-4BF5-8822-EA1374734E2E} Microsoft Office Access MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0015-0416-0000-0000000FF1CE} Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE} Microsoft Office Excel MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0016-0416-0000-0000000FF1CE} Microsoft Office Groove MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-00BA-0416-0000-0000000FF1CE} Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0044-0416-0000-0000000FF1CE} Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-00A1-0416-0000-0000000FF1CE} Microsoft Office Outlook Connector-->MsiExec.exe /X{95140000-007A-0416-0000-0000000FF1CE} Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-001A-0416-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0018-0416-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-001F-0416-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-002C-0416-0000-0000000FF1CE} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0416-0000-0000000FF1CE} /uninstall {75EBE365-7FC5-4720-A7D3-804BF550D1BC} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9} Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0019-0416-0000-0000000FF1CE} Microsoft Office Shared MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-006E-0416-0000-0000000FF1CE} Microsoft Office Word MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-001B-0416-0000-0000000FF1CE} Microsoft Primary Interoperability Assemblies 2005-->MsiExec.exe /X{D24DB8B9-BB6C-4334-9619-BA1C650E13D3} Microsoft Search Enhancement Pack-->MsiExec.exe /X{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft SQL Server 2008 Native Client-->MsiExec.exe /I{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3} Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c} Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} Microsoft Visual Studio Tools for Applications 2.0 - ENU-->MsiExec.exe /X{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB} Microsoft Visual Studio Tools for Applications 2.0 Runtime-->MsiExec.exe /X{299C0434-4F4E-341F-A916-4E07AEB35E79} MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F} MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} Nero 10 Menu TemplatePack Basic-->MsiExec.exe /X{63AA3EAB-23BB-48B2-9AD0-44F878075604} Nero 10 Movie ThemePack Basic-->MsiExec.exe /X{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7} Nero BackItUp 10 Help (CHM)-->MsiExec.exe /X{08C8666B-C502-4AB3-B4CB-D74AC42D14FE} Nero BackItUp 10-->MsiExec.exe /X{68AB6930-5BFF-4FF6-923B-516A91984FE6} Nero Burning ROM 10-->MsiExec.exe /X{7A5D731D-B4B3-490E-B339-75685712BAAB} Nero BurningROM 10 Help (CHM)-->MsiExec.exe /X{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345} Nero BurnRights 10 Help (CHM)-->MsiExec.exe /X{555868C6-49FB-484F-BB43-8980651A1B00} Nero BurnRights 10-->MsiExec.exe /X{943CFD7D-5336-47AF-9418-E02473A5A517} Nero Control Center 10-->MsiExec.exe /X{6DFB899F-17A2-48F0-A533-ED8D6866CF38} Nero ControlCenter 10 Help (CHM)-->MsiExec.exe /X{523B2B1B-D8DB-4B41-90FF-C4D799E2758A} Nero Core Components 10-->MsiExec.exe /X{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F} Nero CoverDesigner 10 Help (CHM)-->MsiExec.exe /X{C3273C55-E1E4-41FF-8D69-0158090DB8D8} Nero CoverDesigner 10-->MsiExec.exe /X{FCF00A6E-FB58-477A-ABE9-232907105521} Nero DiscCopy Gadget 10-->MsiExec.exe /X{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5} Nero DiscCopyGadget 10 Help (CHM)-->MsiExec.exe /X{5F548A02-80BC-404D-BAE6-F05F9BF6B449} Nero DiscSpeed 10 Help (CHM)-->MsiExec.exe /X{C18A0418-442A-4186-AF98-D08F5054A2FC} Nero DiscSpeed 10-->MsiExec.exe /X{34490F4E-48D0-492E-8249-B48BECF0537C} Nero Dolby Files 10-->MsiExec.exe /X{C3580AC4-C827-4332-B935-9A282ED5BB97} Nero Express 10 Help (CHM)-->MsiExec.exe /X{33643918-7957-4839-92C7-EA96CB621A98} Nero Express 10-->MsiExec.exe /X{70550193-1C22-445C-8FA4-564E155DB1A7} Nero InfoTool 10 Help (CHM)-->MsiExec.exe /X{66049135-9659-4AAD-9169-9CCA269EBB3E} Nero InfoTool 10-->MsiExec.exe /X{F412B4AF-388C-4FF5-9B2F-33DB1C536953} Nero MediaHub 10 Help (CHM)-->MsiExec.exe /X{F467862A-D9CA-47ED-8D81-B4B3C9399272} Nero MediaHub 10-->MsiExec.exe /X{1F7FB68F-52F6-46A3-B42F-38CE46295AE5} Nero Multimedia Suite 10-->MsiExec.exe /I{277C1559-4CF7-44FF-8D07-98AA9C13AABD} Nero Recode 10 Help (CHM)-->MsiExec.exe /X{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF} Nero Recode 10-->MsiExec.exe /X{8ECEC853-5C3D-4B10-B5C7-FF11FF724807} Nero RescueAgent 10 Help (CHM)-->MsiExec.exe /X{92E25238-61A3-4ACD-A407-3C480EEF47A7} Nero RescueAgent 10-->MsiExec.exe /X{E337E787-CF61-4B7B-B84F-509202A54023} Nero SoundTrax 10 Help (CHM)-->MsiExec.exe /X{16987E99-C95C-4513-9239-7B44A0A71DB5} Nero SoundTrax 10-->MsiExec.exe /X{E1EE5339-5D32-458F-BAAB-B19F6301BCE2} Nero StartSmart 10 Help (CHM)-->MsiExec.exe /X{F6117F9C-ADB5-4590-9BE4-12C7BEC28702} Nero StartSmart 10-->MsiExec.exe /X{F61D489E-6C44-49AC-AD02-7DA8ACA73A65} Nero Update-->MsiExec.exe /X{65BB0407-4CC8-4DC7-952E-3EEFDF05602A} Nero Vision 10 Help (CHM)-->MsiExec.exe /X{329411A0-19F3-4740-874F-17400B126F27} Nero Vision 10-->MsiExec.exe /X{9A4297F3-2A51-4ED9-92CA-4BCB8380947E} Nero WaveEditor 10 Help (CHM)-->MsiExec.exe /X{7A295D8F-484B-4FFB-89AB-C1FD497591FE} Nero WaveEditor 10-->MsiExec.exe /X{EDCDFAD5-DF80-4600-A493-E9DAD6810230} NTRU TCG Software Stack-->MsiExec.exe /I{BB93D30B-B395-44BB-A9ED-A0E057F07E53} Pacote de Driver do Windows - AuthenTec Inc. (ATSwpWDF) Biometric (05/13/2009 8.4.2.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\DPInst32.exe /u C:\Windows\System32\DriverStore\FileRepository\atswpwdf.inf_4586d866\atswpwdf.inf Pacote de Driver do Windows - Dell Inc. PBADRV System (01/07/2008 1.0.1.5)-->C:\PROGRA~1\DIFX\270581355A767BF1\DPInst.exe /u C:\Windows\system32\DRVSTORE\pbadrv_D8D224CEC214CACEA7B42A3CB4D1B2E57B753A54\pbadrv.inf Pacote de Idiomas do Microsoft .NET Framework 3.5 SP1 - PTB-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - ptb\setup.exe PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9} Phonesuite ZTC B2 V1.0-->"C:\Program Files\Phonesuite ZTC B2\unins000.exe" Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8} Preboot Manager-->MsiExec.exe /I{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6} Private Information Manager-->C:\Program Files\InstallShield Installation Information\{0B0A2153-58A6-4244-B458-25EDF5FCD809}\setup.exe -runfromtemp -l0x0416 Python 2.5 numpy-1.0.3-->C:\Python25\\UNWISE.EXE C:\Python25\\Lib\site-packages\INSTALL.LOG Python 2.5.1-->C:\Python25\\UNWISE.EXE C:\Python25\\INSTALL.LOG Roxio Creator Audio-->MsiExec.exe /I{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83} Roxio Creator Copy-->MsiExec.exe /I{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD} Roxio Creator Data-->MsiExec.exe /I{08E81ABD-79F7-49C2-881F-FD6CB0975693} Roxio Creator DE 10.3-->C:\ProgramData\Uninstall\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}\setup.exe /x {09760D42-E223-42AD-8C3E-55B47D0DDAC3} Roxio Creator DE 10.3-->MsiExec.exe /I{ED439A64-F018-4DD4-8BA5-328D85AB09AB} Roxio Creator Tools-->MsiExec.exe /I{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4} Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA} Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E} Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D} Security Update for 2007 Microsoft Office System (KB2288931)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CD769337-C8AC-46DB-A7DC-643E50089263} Security Update for 2007 Microsoft Office System (KB2289158)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {210B16C0-CEBD-4DE9-B474-04A7E8735E16} Security Update for 2007 Microsoft Office System (KB2344875)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6FC5C4C1-D7AE-44C3-94B7-6424FC3E752F} Security Update for 2007 Microsoft Office System (KB2345043)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {536FB502-775F-4494-BACE-C02CC90B7A5B} Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08} Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A} Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT="" Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1142CCEC-ACA9-484B-BA90-C3A5CA1988C5} Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5A4E43D5-858F-49BD-BA72-8F30E1793060} Security Update for Microsoft Office Excel 2007 (KB2345035)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B23002DD-34EC-4988-B810-A5E2A0BF04F1} Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1109D0B3-EFA3-4553-AAED-4C3E9AD130E8} Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB} Security Update for Microsoft Office Outlook 2007 (KB2288953)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8B772E1C-7C05-42D2-839D-3EC2D39EFF22} Security Update for Microsoft Office PowerPoint 2007 (KB982158)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F5B70033-E79C-4569-90BF-BC9B4E4F3F46} Security Update for Microsoft Office PowerPoint Viewer (KB2413381)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3DED0A62-44C8-4E00-A785-5212F297A9D9} Security Update for Microsoft Office Publisher 2007 (KB2284697)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3A4CDE54-2403-483D-8D9A-15E3264410DF} Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF} Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC} Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D} Security Update for Microsoft Office Word 2007 (KB2344993)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48} Security Wizards-->C:\Program Files\InstallShield Installation Information\{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}\setup.exe -runfromtemp -l0x0416 Segoe UI-->MsiExec.exe /I{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA} Sentinel Protection Installer 7.2.2-->MsiExec.exe /I{6DC0632A-A838-4B34-AC19-0FA18E1C533C} Skype Toolbars-->MsiExec.exe /I{981029E0-7FC9-4CF3-AB39-6F133621921A} Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36} SO32MMWrapper-->MsiExec.exe /I{14237138-900C-4C0A-AF63-1888F2671F9D} Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434} Trusted Drive Manager-->MsiExec.exe /I{A093D83F-429A-4AB2-A0CD-1F7E9C7B764A} Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D} Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF} Update for Outlook 2007 Junk Email Filter (KB2466076)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {EE71630C-C756-4343-B620-DB5958609E3D} UPEK TouchChip Fingerprint Reader-->MsiExec.exe /X{C3FA63E2-AFD3-41FD-B48F-1D942CC71943} USB Disk Security-->"C:\Program Files\USB Disk Security\unins000.exe" VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421} Wave Infrastructure Installer-->MsiExec.exe /I{79B520D5-CE72-4661-A054-804BC3412516} Wave Support Software-->C:\Program Files\InstallShield Installation Information\{07D618CD-B016-438A-ADC9-A75BD23F85CE}\setup.exe -runfromtemp -l0x0416 Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)-->rundll32.exe C:\PROGRA~1\DIFX\15B7F172FC21855D\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\Windows\System32\DriverStore\FileRepository\grmnusb.inf_0efc767c\grmnusb.inf Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066} Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe Windows Live Essentials-->MsiExec.exe /I{43B43577-2514-4CE0-B14A-7E85C17C0453} Windows Live Family Safety-->MsiExec.exe /I{65CD9858-1F02-46C8-80DA-62B29D2BA176} Windows Live Family Safety-->MsiExec.exe /X{F53D678E-238F-4A71-9742-08BB6774E9DC} Windows Live Galeria de Fotos-->MsiExec.exe /X{F7A46527-DF1F-4B0F-9637-98547E189442} Windows Live ID Sign-in Assistant-->MsiExec.exe /I{61AD15B2-50DB-4686-A739-14FE180D4429} Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917} Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30} Windows Live Mail-->MsiExec.exe /I{9DA3F03B-2CEE-4344-838E-117861E61FAF} Windows Live Messenger Companion Core-->MsiExec.exe /I{78A96B4C-A643-4D0F-98C2-A8E16A6669F9} Windows Live Messenger-->MsiExec.exe /X{D54A52A8-DF24-4CE8-850B-074CA47DFA74} Windows Live Messenger-->MsiExec.exe /X{EB4DF488-AAEF-406F-A341-CB2AAA315B90} Windows Live MIME IFilter-->MsiExec.exe /I{AF844339-2F8A-4593-81B3-9F4C54038C4E} Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38} Windows Live Movie Maker-->MsiExec.exe /X{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4} Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3} Windows Live Photo Common-->MsiExec.exe /X{B33B61FE-701F-425F-98AB-2B85725CBF68} Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1} Windows Live PIMT Platform-->MsiExec.exe /I{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A} Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F} Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4} Windows Live Sync-->MsiExec.exe /X{9E2EE2F7-33BD-4D30-9E5D-8469A9F32009} Windows Live UX Platform Language Pack-->MsiExec.exe /I{5CADEAC5-0A9C-4680-B850-6A9085ADD23B} Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2} Windows Live Writer Resources-->MsiExec.exe /X{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5} Windows Live Writer-->MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04} Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF} Windows Live Writer-->MsiExec.exe /X{B3BE54A4-8DFE-4593-8E66-56AB7133B812} XTools Pro 5.3-->MsiExec.exe /I{38920060-BFA6-48E3-81A8-9967E99C6715} ======Hosts File====== 127.0.0.1 adobeereg.com 127.0.0.1 activate.adobe.com ======Security center information====== AS: Windows Defender ======System event log====== Computer Name: manejo2-note Event Code: 7036 Message: O serviço Telefonia entrou no estado executando. Record Number: 34733 Source Name: Service Control Manager Time Written: 20100426194139.000000-000 Event Type: Informações User: Computer Name: manejo2-note Event Code: 7036 Message: O serviço Conexões de Rede entrou no estado executando. Record Number: 34732 Source Name: Service Control Manager Time Written: 20100426194139.000000-000 Event Type: Informações User: Computer Name: manejo2-note Event Code: 7036 Message: O serviço Serviço SSTP entrou no estado executando. Record Number: 34731 Source Name: Service Control Manager Time Written: 20100426194139.000000-000 Event Type: Informações User: Computer Name: manejo2-note Event Code: 7036 Message: O serviço Cliente da Web entrou no estado executando. Record Number: 34730 Source Name: Service Control Manager Time Written: 20100426194139.000000-000 Event Type: Informações User: Computer Name: manejo2-note Event Code: 7036 Message: O serviço Avira AntiVir Programador entrou no estado executando. Record Number: 34729 Source Name: Service Control Manager Time Written: 20100426194139.000000-000 Event Type: Informações User: =====Application event log===== Computer Name: manejo2-note Event Code: 1035 Message: O Windows Installer reconfigurou o produto. Nome do Produto: Adobe Color - Photoshop Specific CS4. Versão do Produto: 2.0. Idioma do Produto: 0. Status de erro ou êxito da reconfiguração: 0. Record Number: 11205 Source Name: MsiInstaller Time Written: 20100628135038.000000-000 Event Type: Informações User: AUTORIDADE NT\SYSTEM Computer Name: manejo2-note Event Code: 1035 Message: O Windows Installer reconfigurou o produto. Nome do Produto: MSXML 4.0 SP2 (KB973688). Versão do Produto: 4.20.9876.0. Idioma do Produto: 1033. Status de erro ou êxito da reconfiguração: 0. Record Number: 11204 Source Name: MsiInstaller Time Written: 20100628135038.000000-000 Event Type: Informações User: AUTORIDADE NT\SYSTEM Computer Name: manejo2-note Event Code: 1035 Message: O Windows Installer reconfigurou o produto. Nome do Produto: Security Wizards. Versão do Produto: 01.07.00.016. Idioma do Produto: 1046. Status de erro ou êxito da reconfiguração: 0. Record Number: 11203 Source Name: MsiInstaller Time Written: 20100628135038.000000-000 Event Type: Informações User: AUTORIDADE NT\SYSTEM Computer Name: manejo2-note Event Code: 1035 Message: O Windows Installer reconfigurou o produto. Nome do Produto: Adobe PDF Library Files CS4. Versão do Produto: 9.0. Idioma do Produto: 0. Status de erro ou êxito da reconfiguração: 0. Record Number: 11202 Source Name: MsiInstaller Time Written: 20100628135038.000000-000 Event Type: Informações User: AUTORIDADE NT\SYSTEM Computer Name: manejo2-note Event Code: 1035 Message: O Windows Installer reconfigurou o produto. Nome do Produto: Adobe XMP Panels CS4. Versão do Produto: 2.0. Idioma do Produto: 0. Status de erro ou êxito da reconfiguração: 0. Record Number: 11201 Source Name: MsiInstaller Time Written: 20100628135038.000000-000 Event Type: Informações User: AUTORIDADE NT\SYSTEM =====Security event log===== Computer Name: user-PC Event Code: 4648 Message: Tentativa de logon com uso de credenciais explícitas. Requerente: Identificação de segurança: S-1-5-18 Nome da conta: DB13B4M1$ Domínio da conta: WORKGROUP Identificação de logon: 0x3e7 Identificação de logon: {00000000-0000-0000-0000-000000000000} Conta cujas credenciais foram utilizadas: Nome da conta: user Domínio da conta: user-PC GUID de logon: {00000000-0000-0000-0000-000000000000} Servidor de destino: Nome do servidor de destino: localhost Informações adicionais: localhost Informações do processo: Identificação do processo: 0x240 Nome do processo: C:\Windows\System32\winlogon.exe Informações da rede: Endereço da rede: 127.0.0.1 Porta: 0 Este evento é gerado quando um processo tenta efetuar o logon em uma conta, especificando explicitamente suas credenciais. Comumente, ele ocorre em configurações do tipo lote como em tarefas programadas, ou quando se utiliza o comando RUNAS. Record Number: 787 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100317191217.690400-000 Event Type: Sucesso da Auditoria User: Computer Name: user-PC Event Code: 4672 Message: Privilégios especiais atribuídos a um novo logon. Requerente: Identificação de segurança: S-1-5-18 Nome da conta: SYSTEM Domínio da conta: AUTORIDADE NT Identificação de logon: 0x3e7 Privilégios: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 786 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100317183753.135348-000 Event Type: Sucesso da Auditoria User: Computer Name: user-PC Event Code: 4624 Message: O logon de uma conta foi efetuado com sucesso. Requerente: Identificação de segurança: S-1-5-18 Nome da conta: DB13B4M1$ Domínio da conta: WORKGROUP Identificação de logon: 0x3e7 Tipo de logon: 5 Novo logon: Identificação de segurança: S-1-5-18 Nome da conta: SYSTEM Domínio da conta: AUTORIDADE NT Identificação de logon: 0x3e7 GUID de logon: {00000000-0000-0000-0000-000000000000} Informações do processo: Identificação do processo: 0x268 Nome do processo: C:\Windows\System32\services.exe Informações da rede: Nome da estação de trabalho: Endereço da rede de origem: - Porta de origem: - Informações detalhadas da autenticação: Processo de logon: Advapi Pacote de autenticação: Negotiate Serviços transitados: - Nome do pacote (somente NTLM): - Comprimento da chave: 0 Este evento é gerado quando uma sessão de logon é criada. Ele é gerado no computador acessado. Os campos do assunto indicam a conta do sistema local que solicitou o logon. Comumente, isto é um serviço como o de servidor ou um processo local como Winlogon.exe ou Services.exe. O campo tipo de logon indica o tipo de logon ocorrido. Os tipos mais comuns são 2 (interativo) e 3 (em rede). Os campos Novo logon indicam as contas para a qual o novo logon foi criada, isto é, a conta na qual o logon foi efetuado. Os campos de rede indicam onde a solicitação de logon remoto se originou. O nome da estação de trabalho nem sempre está disponível e pode ser deixado em branco em alguns casos. Os campos de informações de autenticação fornecem informações detalhadas sobre esta solicitação específica de logon. -O GUID de logon é um identificador exclusivo que pode ser usado para correlacionar este evento com um evento de KDC. - Serviços transitados indicam qual serviço intermediário participou desta solicitação de logon. - Nome de pacote indica qual subprotocolo foi usado, entre os protocolos NTLM. - Comprimento da chave indica o comprimento da chave da sessão gerada. Ele será 0 se nenhuma chave de sessão foi solicitada. Record Number: 785 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100317183753.135348-000 Event Type: Sucesso da Auditoria User: Computer Name: user-PC Event Code: 4648 Message: Tentativa de logon com uso de credenciais explícitas. Requerente: Identificação de segurança: S-1-5-18 Nome da conta: DB13B4M1$ Domínio da conta: WORKGROUP Identificação de logon: 0x3e7 Identificação de logon: {00000000-0000-0000-0000-000000000000} Conta cujas credenciais foram utilizadas: Nome da conta: SYSTEM Domínio da conta: AUTORIDADE NT GUID de logon: {00000000-0000-0000-0000-000000000000} Servidor de destino: Nome do servidor de destino: localhost Informações adicionais: localhost Informações do processo: Identificação do processo: 0x268 Nome do processo: C:\Windows\System32\services.exe Informações da rede: Endereço da rede: - Porta: - Este evento é gerado quando um processo tenta efetuar o logon em uma conta, especificando explicitamente suas credenciais. Comumente, ele ocorre em configurações do tipo lote como em tarefas programadas, ou quando se utiliza o comando RUNAS. Record Number: 784 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100317183753.135348-000 Event Type: Sucesso da Auditoria User: Computer Name: user-PC Event Code: 1102 Message: O log de auditoria foi apagado. Requerente: ID de segurança: S-1-5-21-2832116611-4279327628-2808801757-1000 Nome da conta: user Nome do domínio: user-PC ID de logon: 0x6d3b9 Record Number: 783 Source Name: Microsoft-Windows-Eventlog Time Written: 20100317183613.227348-000 Event Type: Sucesso da Auditoria User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=C:\Program Files\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Dell\Dell Wireless WLAN Card;C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\Wave Systems Corp\Gemalto\Access Client\v5\;c:\Program Files\Common Files\Roxio Shared\DLLShared\;c:\Program Files\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files\Windows Live\Shared "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel "PROCESSOR_REVISION"=170a "NUMBER_OF_PROCESSORS"=2 "TRACE_FORMAT_SEARCH_PATH"=\\winseqfe\release\Windows6.0\lh_sp2rtm\6002.18005.090410-1830\x86fre\symbols.pri\TraceFormat "DFSTRACINGON"=FALSE "PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\ "RoxioCentral"=c:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\ "AGSDESKTOPJAVA"=C:\Program Files\ArcGIS\Desktop10.0\ -----------------EOF----------------- Compartilhar este post Link para o post Compartilhar em outros sites
Felipe_88 0 Denunciar post Postado Janeiro 11, 2011 ndrgomes, 1. *Abra o bloco de notas e cole nele o código abaixo: REGEDIT 5 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings] "AutoConfigURL"="" *Salve o arquivo, no desktop, como fix.reg*Execute o fix.reg e aceite a entrada no registro *Reinicie o PC Poste um novo Log do Hijackthis. Compartilhar este post Link para o post Compartilhar em outros sites
ndrgomes 0 Denunciar post Postado Janeiro 12, 2011 feito... mas o danado continua lá... mesmo que desativada a opção. segue Log do Hijackthis. Logfile of random's system information tool 1.08 (written by random/random) Run by user at 2011-01-11 23:26:54 Microsoft® Windows Vista™ Business Service Pack 2 System drive C: has 80 GB (34%) free of 236 GB Total RAM: 3538 MB (65% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 23:27:36, on 11/01/2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18999) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\DellTPad\Apoint.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe C:\Program Files\DAEMON Tools Lite\DTLite.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe C:\Program Files\DellTPad\HidFind.exe C:\Program Files\DellTPad\Apntex.exe C:\Windows\system32\igfxext.exe C:\Program Files\USB Disk Security\USBGuard.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe C:\Users\user\Desktop\RSIT.exe C:\Program Files\trend micro\user.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/5 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ac.gov.br/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www1.la.dell.com/content/default.aspx?c=br&l=pt&s=gen R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.0.21:3128 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files\GbPlugin\gbieh.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe O4 - HKLM\..\Run: [DellControlPoint] "c:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" O4 - HKLM\..\Run: [DellConnectionManager] "C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe" O4 - HKLM\..\Run: [uSCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe O4 - HKLM\..\Run: [uSB Antivirus] C:\Program Files\USB Disk Security\RunUSBGuard.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [Google Update] "C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE') O4 - Global Startup: Dell ControlPoint System Manager.lnk = C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - Winlogon Notify: GbPluginBb - C:\Program Files\GbPlugin\gbieh.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Ambient Light Sensor (alssvc) - Dell Inc. - C:\Program Files\Dell\Ambient Light Sensor\AlsSvc.exe O23 - Service: Avira AntiVir Programador (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: ArcGIS License Manager - Flexera Software, Inc. - C:\Program Files\ArcGIS\License10.0\bin\lmgrd.exe O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Program Files\Fingerprint Sensor\AtService.exe O23 - Service: Dell ControlPoint Button Service (buttonsvc32) - Dell Inc. - C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe O23 - Service: Dell ControlPoint System Manager (dcpsysmgrsvc) - Dell Inc. - c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe O23 - Service: Smith Micro Connection Manager Service (SMManager) - Smith Micro Software, Inc. - C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_d2df6701\STacSV.exe O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: NTRU TSS v1.2.1.29 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- End of file - 12827 bytes ======Scheduled tasks folder====== C:\Windows\tasks\GlaryInitialize.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2832116611-4279327628-2808801757-1000Core.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2832116611-4279327628-2808801757-1000UA.job C:\Windows\tasks\RockMeltUpdateTaskUserS-1-5-21-2832116611-4279327628-2808801757-1000Core.job C:\Windows\tasks\RockMeltUpdateTaskUserS-1-5-21-2832116611-4279327628-2808801757-1000UA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}] Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22 191792] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}] Windows Live Messenger Companion Helper - C:\Program Files\Windows Live\Companion\companioncore.dll [2010-09-23 393600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}] Adobe PDF Conversion Toolbar Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2009-12-21 349640] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540000}] GbIehObj Class - C:\Program Files\GbPlugin\gbieh.dll [2010-12-28 351624] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-09-15 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}] SmartSelect Class - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2009-12-21 349640] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2009-12-21 349640] {32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25 968000] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Apoint"=C:\Program Files\DellTPad\Apoint.exe [2009-06-19 249856] "IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-02-27 141848] "HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-02-27 173592] "Persistence"=C:\Windows\system32\igfxpers.exe [2009-02-27 150552] "IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2009-02-11 186904] "Broadcom Wireless Manager UI"=C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [2010-03-06 3888640] "DellControlPoint"=c:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe [2009-06-11 656384] "DellConnectionManager"=C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe [2009-10-05 1826816] "USCService"=C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe [2009-07-05 15872] "USB Antivirus"=C:\Program Files\USB Disk Security\RunUSBGuard.exe [2009-12-10 81920] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-09-03 281768] "GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072] "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696] "Google Update"=C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-30 136176] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2009-12-21 640440] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2009-12-22 38840] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent] C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe [2010-03-26 1234216] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RockMelt Update] C:\Users\user\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2010-11-16 136336] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe [2009-07-31 458844] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Waiting1690] C:\Windows\stid1690.exe [2007-06-05 60416] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Dell ControlPoint System Manager.lnk - C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginBb] C:\Program Files\GbPlugin\gbieh.dll [2010-12-28 351624] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\Windows\system32\igfxdev.dll [2009-02-27 210432] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848] "{E37CB5F0-51F5-4395-A808-5FA49E399F83}"=C:\Program Files\GbPlugin\gbieh.dll [2010-12-28 351624] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "authentication packages"=msv1_0 wvauth [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "EnableLUA"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 "EnableLinkedConnections"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "BindDirectlyToPropertySetStorage"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 3 months====== 2011-01-10 20:20:21 ----D---- C:\Program Files\trend micro 2011-01-10 20:20:20 ----D---- C:\rsit 2011-01-09 16:30:29 ----D---- C:\Users\user\AppData\Roaming\Avira 2011-01-05 08:42:52 ----D---- C:\Windows\system32\Wave Systems Corp 2011-01-03 00:44:04 ----A---- C:\Windows\system32\win32k.sys 2011-01-03 00:43:48 ----A---- C:\Windows\system32\schedsvc.dll 2011-01-03 00:43:47 ----A---- C:\Windows\system32\wmicmiplugin.dll 2011-01-03 00:43:47 ----A---- C:\Windows\system32\taskschd.dll 2011-01-03 00:43:47 ----A---- C:\Windows\system32\taskeng.exe 2011-01-03 00:43:47 ----A---- C:\Windows\system32\taskcomp.dll 2011-01-03 00:43:37 ----A---- C:\Windows\system32\consent.exe 2011-01-03 00:43:35 ----A---- C:\Windows\system32\fontsub.dll 2011-01-03 00:43:35 ----A---- C:\Windows\system32\atmlib.dll 2011-01-03 00:43:35 ----A---- C:\Windows\system32\atmfd.dll 2011-01-03 00:43:32 ----A---- C:\Windows\system32\iertutil.dll 2011-01-03 00:43:31 ----A---- C:\Windows\system32\mshtml.dll 2011-01-03 00:43:30 ----A---- C:\Windows\system32\mstime.dll 2011-01-03 00:43:30 ----A---- C:\Windows\system32\ieframe.dll 2011-01-03 00:43:30 ----A---- C:\Windows\system32\ie4uinit.exe 2011-01-03 00:43:29 ----A---- C:\Windows\system32\wininet.dll 2011-01-03 00:43:29 ----A---- C:\Windows\system32\urlmon.dll 2011-01-03 00:43:29 ----A---- C:\Windows\system32\occache.dll 2011-01-03 00:43:29 ----A---- C:\Windows\system32\mshtmled.dll 2011-01-03 00:43:29 ----A---- C:\Windows\system32\msfeedssync.exe 2011-01-03 00:43:29 ----A---- C:\Windows\system32\msfeedsbs.dll 2011-01-03 00:43:29 ----A---- C:\Windows\system32\msfeeds.dll 2011-01-03 00:43:29 ----A---- C:\Windows\system32\licmgr10.dll 2011-01-03 00:43:29 ----A---- C:\Windows\system32\jsproxy.dll 2011-01-03 00:43:29 ----A---- C:\Windows\system32\ieUnatt.exe 2011-01-03 00:43:29 ----A---- C:\Windows\system32\ieui.dll 2011-01-03 00:43:29 ----A---- C:\Windows\system32\iesysprep.dll 2011-01-03 00:43:29 ----A---- C:\Windows\system32\iesetup.dll 2011-01-03 00:43:29 ----A---- C:\Windows\system32\iernonce.dll 2011-01-03 00:43:29 ----A---- C:\Windows\system32\iepeers.dll 2011-01-03 00:43:29 ----A---- C:\Windows\system32\iedkcs32.dll 2011-01-03 00:38:36 ----A---- C:\Windows\system32\tzres.dll 2010-11-20 13:29:00 ----D---- C:\ProgramData\ESRI 2010-11-20 12:53:10 ----D---- C:\Program Files\Common Files\AnswerWorks 4.0 2010-11-20 12:49:55 ----D---- C:\Python26 2010-11-20 12:49:52 ----D---- C:\Program Files\Common Files\Data Dynamics 2010-11-20 12:49:41 ----D---- C:\Program Files\Common Files\Tom Sawyer Software 2010-11-20 12:49:41 ----D---- C:\Program Files\Common Files\ArcGIS 2010-11-20 12:43:58 ----D---- C:\Windows\system32\1033 2010-11-20 12:43:58 ----D---- C:\Program Files\Microsoft SQL Server 2010-11-18 20:51:37 ----D---- C:\Users\user\AppData\Roaming\Download Manager 2010-11-02 12:52:59 ----A---- C:\Windows\system32\drivers\fssfltr.sys 2010-11-02 12:20:57 ----A---- C:\Windows\system32\XAudio2_5.dll 2010-11-02 12:20:57 ----A---- C:\Windows\system32\XAPOFX1_3.dll 2010-11-02 12:20:57 ----A---- C:\Windows\system32\d3dx10_42.dll 2010-11-02 12:18:00 ----A---- C:\Windows\system32\webservices.dll 2010-10-27 21:25:22 ----A---- C:\Windows\system32\gameux.dll 2010-10-27 21:25:20 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll 2010-10-27 21:25:20 ----A---- C:\Windows\system32\Apphlpdm.dll 2010-10-23 17:13:09 ----AD---- C:\ProgramData\TEMP 2010-10-23 17:12:37 ----D---- C:\Program Files\ChickenInvaders3 2010-10-17 23:30:04 ----A---- C:\Windows\system32\javaws.exe 2010-10-17 23:30:04 ----A---- C:\Windows\system32\javaw.exe 2010-10-17 23:30:04 ----A---- C:\Windows\system32\java.exe 2010-10-17 23:29:25 ----D---- C:\Program Files\DAEMON Tools Toolbar 2010-10-17 23:28:45 ----A---- C:\Windows\system32\drivers\sptd.sys 2010-10-17 23:28:39 ----D---- C:\Program Files\DAEMON Tools Lite 2010-10-17 23:27:11 ----D---- C:\Users\user\AppData\Roaming\DAEMON Tools Lite 2010-10-17 23:26:29 ----D---- C:\ProgramData\DAEMON Tools Lite 2010-10-16 21:31:54 ----D---- C:\Program Files\DVD Decrypter 2010-10-14 21:08:34 ----A---- C:\Windows\system32\wmp.dll 2010-10-14 21:08:32 ----A---- C:\Windows\system32\wmploc.DLL 2010-10-14 21:08:02 ----A---- C:\Windows\system32\srvsvc.dll 2010-10-14 21:08:02 ----A---- C:\Windows\system32\drivers\srvnet.sys 2010-10-14 21:08:02 ----A---- C:\Windows\system32\drivers\srv.sys 2010-10-14 21:08:01 ----A---- C:\Windows\system32\netevent.dll 2010-10-14 21:08:01 ----A---- C:\Windows\system32\drivers\srv2.sys 2010-10-14 21:07:39 ----A---- C:\Windows\system32\schannel.dll 2010-10-14 21:07:35 ----A---- C:\Windows\system32\ole32.dll 2010-10-14 21:07:28 ----A---- C:\Windows\system32\t2embed.dll 2010-10-14 21:06:23 ----A---- C:\Windows\system32\mfc40u.dll 2010-10-14 21:06:23 ----A---- C:\Windows\system32\mfc40.dll 2010-10-14 21:05:56 ----A---- C:\Windows\system32\msshsq.dll 2010-10-14 21:05:29 ----A---- C:\Windows\system32\wmpmde.dll 2010-10-14 21:05:28 ----A---- C:\Windows\system32\comctl32.dll ======List of files/folders modified in the last 3 months====== 2011-01-11 23:27:11 ----D---- C:\Windows\Temp 2011-01-10 21:27:54 ----D---- C:\Windows\inf 2011-01-10 21:27:54 ----AD---- C:\Windows\System32 2011-01-10 21:27:54 ----A---- C:\Windows\system32\PerfStringBackup.INI 2011-01-10 20:20:21 ----RD---- C:\Program Files 2011-01-10 20:18:58 ----AD---- C:\Windows\system32\drivers 2011-01-10 20:18:57 ----D---- C:\ProgramData\GbPlugin 2011-01-10 20:18:53 ----D---- C:\Program Files\GbPlugin 2011-01-09 23:42:46 ----D---- C:\Windows 2011-01-09 17:30:48 ----SHD---- C:\System Volume Information 2011-01-09 17:14:54 ----D---- C:\Windows\rescache 2011-01-09 16:52:26 ----D---- C:\Program Files\Glary Utilities 2011-01-09 16:50:00 ----D---- C:\Windows\Tasks 2011-01-08 15:12:59 ----D---- C:\Windows\system32\catroot2 2011-01-05 23:29:33 ----D---- C:\Windows\Debug 2011-01-04 21:57:21 ----D---- C:\Windows\winsxs 2011-01-04 21:44:57 ----D---- C:\Windows\Prefetch 2011-01-04 21:42:05 ----D---- C:\Program Files\Windows Mail 2011-01-04 21:42:04 ----D---- C:\Program Files\Internet Explorer 2011-01-04 21:42:03 ----D---- C:\Windows\system32\migration 2011-01-04 21:41:58 ----D---- C:\Program Files\Microsoft Silverlight 2011-01-03 02:23:37 ----SHD---- C:\Windows\Installer 2011-01-03 02:23:30 ----D---- C:\ProgramData\Microsoft Help 2011-01-03 02:21:01 ----D---- C:\Windows\system32\pt-BR 2011-01-03 02:19:36 ----D---- C:\Windows\system32\catroot 2011-01-03 02:17:12 ----A---- C:\Windows\system32\mrt.exe 2011-01-03 00:25:46 ----D---- C:\Windows\system32\config 2011-01-03 00:25:35 ----D---- C:\Windows\system32\spool 2011-01-03 00:25:35 ----D---- C:\Windows\system32\Msdtc 2011-01-03 00:25:31 ----D---- C:\Windows\system32\wbem 2011-01-03 00:25:31 ----D---- C:\Windows\registration 2010-12-30 19:53:19 ----D---- C:\Windows\system32\Tasks 2010-12-06 11:06:24 ----HD---- C:\Windows\system32\GroupPolicy 2010-12-06 11:06:24 ----HD---- C:\ProgramData 2010-11-29 15:04:25 ----D---- C:\Users\user\AppData\Roaming\Vso 2010-11-29 00:02:35 ----D---- C:\Users\user\AppData\Roaming\skypePM 2010-11-28 12:25:03 ----D---- C:\Users\user\AppData\Roaming\Skype 2010-11-26 10:49:07 ----A---- C:\Windows\NeroDigital.ini 2010-11-25 03:21:56 ----D---- C:\ProgramData\Adobe 2010-11-25 03:20:05 ----D---- C:\Program Files\Adobe 2010-11-24 19:22:02 ----D---- C:\Windows\system32\WDI 2010-11-20 13:41:29 ----D---- C:\ProgramData\FLEXnet 2010-11-20 13:40:22 ----D---- C:\Program Files\ArcGIS 2010-11-20 13:24:00 ----RSD---- C:\Windows\assembly 2010-11-20 12:53:10 ----D---- C:\Program Files\Common Files 2010-11-20 12:49:50 ----RSD---- C:\Windows\Fonts 2010-11-18 20:51:37 ----SD---- C:\Windows\Downloaded Program Files 2010-11-18 19:48:30 ----D---- C:\Program Files\Common Files\ESRI 2010-11-02 13:02:13 ----D---- C:\Windows\pt-BR 2010-11-02 12:58:11 ----D---- C:\Windows\Microsoft.NET 2010-11-02 12:54:16 ----D---- C:\Program Files\Windows Live 2010-11-02 12:52:59 ----DC---- C:\Windows\system32\DRVSTORE 2010-11-02 12:26:00 ----SD---- C:\ProgramData\Microsoft 2010-11-02 12:25:37 ----D---- C:\Program Files\Common Files\microsoft shared 2010-10-29 18:10:49 ----D---- C:\Windows\AppPatch 2010-10-19 10:41:44 ----N---- C:\Windows\system32\MpSigStub.exe 2010-10-17 23:29:46 ----D---- C:\Program Files\Java 2010-10-15 22:25:06 ----D---- C:\Program Files\Windows Media Player ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 GbpKm;Gbp KernelMode; C:\Windows\system32\drivers\gbpkm.sys [2010-12-28 46600] R0 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iastor.sys [2009-04-28 329752] R0 PBADRV;PBADRV; C:\Windows\system32\DRIVERS\PBADRV.sys [2008-06-04 26608] R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2007-11-14 43840] R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-10-17 691696] R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608] R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2011-01-09 135096] R1 hwinterface;hwinterface; C:\Windows\System32\Drivers\hwinterface.sys [2010-04-01 3026] R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520] R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2008-08-14 74720] R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2011-01-09 61960] R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2009-04-03 48128] R2 Sentinel;Sentinel; C:\Windows\System32\Drivers\SENTINEL.SYS [2006-03-14 90176] R2 WavxDMgr;WavxDMgr; C:\Windows\system32\DRIVERS\WavxDMgr.sys [2009-06-12 205624] R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\Windows\system32\DRIVERS\Apfiltr.sys [2009-11-24 217136] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2008-07-01 210432] R3 BCM42RLY;BCM42RLY; C:\Windows\system32\drivers\BCM42RLY.sys [2010-03-06 18424] R3 BCM43XX;Controlador da Placa WLAN sem Fios Dell; C:\Windows\system32\DRIVERS\bcmwl6.sys [2010-03-06 1666040] R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-02-27 4568064] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI; C:\Windows\system32\drivers\IntcHdmi.sys [2009-02-27 112128] R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2010-10-09 47360] R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088] R3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\DRIVERS\stwrt.sys [2009-07-31 409088] S3 a95sk7vh;a95sk7vh; C:\Windows\system32\drivers\a95sk7vh.sys [] S3 CAM1690;USB 2.0 Compliance JPEG Video Camera; C:\Windows\System32\Drivers\cam1690.sys [2007-08-29 153856] S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632] S3 e1express;Driver do Intel® PRO/1000 PCI Express Network Connection; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-01-20 220672] S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-23 39272] S3 grmnusb;Garmin USB Driver; C:\Windows\system32\drivers\grmnusb.sys [2009-04-17 9344] S3 MSKSSRV;Proxy de serviço de streaming Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192] S3 MSPCLOCK;Proxy do relógio de streaming Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888] S3 MSPQM;Proxy de gerenciador de qualidade de streaming Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504] S3 MSTEE;Conversor em T entre Coletores de streaming Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016] S3 NvtSp50;NvtSp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\NvtSp50.sys [] S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032] S3 usbser;USB Serial emulation modem driver; C:\Windows\system32\DRIVERS\usbser.sys [2009-04-11 27648] S3 usbvideo;Dispositivo de vídeo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-20 134016] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-09-30 40448] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328] S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2009-04-11 6656] S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616] S4 rimspci;rimspci; C:\Windows\system32\drivers\rimspe86.sys [2009-04-03 45056] S4 rimsptsk;rimsptsk; C:\Windows\system32\drivers\rimsptsk.sys [2009-04-03 45056] S4 risdpcie;risdpcie; C:\Windows\system32\drivers\risdpe86.sys [2009-04-03 48640] S4 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\drivers\rixdptsk.sys [2009-04-03 38400] S4 rixdpcie;rixdpcie; C:\Windows\system32\drivers\rixdpe86.sys [2009-04-03 38400] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 alssvc;Ambient Light Sensor; C:\Program Files\Dell\Ambient Light Sensor\AlsSvc.exe [2008-06-03 382232] R2 AntiVirSchedulerService;Avira AntiVir Programador; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-09-03 135336] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2011-01-09 267944] R2 ArcGIS License Manager;ArcGIS License Manager; C:\Program Files\ArcGIS\License10.0\bin\lmgrd.exe [2010-07-12 1377104] R2 ATService;AuthenTec Fingerprint Service; C:\Program Files\Fingerprint Sensor\AtService.exe [2009-05-15 1803512] R2 buttonsvc32;Dell ControlPoint Button Service; C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe [2009-04-27 293968] R2 dcpsysmgrsvc;Dell ControlPoint System Manager; c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2009-07-16 382752] R2 GbpSv;Gbp Service; C:\PROGRA~1\GbPlugin\GbpSv.exe [2010-12-28 54664] R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2009-02-11 354840] R2 NAUpdate;@C:\Program Files\Nero\Update\NASvc.exe,-200; C:\Program Files\Nero\Update\NASvc.exe [2010-03-25 490280] R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-09-22 249136] R2 SentinelProtectionServer;Sentinel Protection Server; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [2006-03-14 206400] R2 SMManager;Smith Micro Connection Manager Service; C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [2009-10-05 76288] R2 STacSV;Audio Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_d2df6701\STacSV.exe [2009-07-31 221266] R2 TdmService;TdmService; C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe [2009-06-11 1622016] R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464] R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE [2010-03-06 26112] S2 tcsd_win32.exe;NTRU TSS v1.2.1.29 TCS; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [2008-11-12 1273856] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-11-20 867080] S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-20 21504] S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2010-09-23 1493352] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2008-01-20 21504] S3 SecureStorageService;SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [2009-06-03 1019904] S3 stllssvr;stllssvr; c:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2009-01-16 74392] -----------------EOF----------------- Compartilhar este post Link para o post Compartilhar em outros sites
Felipe_88 0 Denunciar post Postado Janeiro 12, 2011 ndrgomes, Vamos tentar o seguinte... *No IE, clique em [Ferramentas] > [Opções da Internet] *Na aba "Conexões", clique [Configurações da Lan] *Verifique em “Usar script de configuração automática” verifique se existe a URL http://www.cearainfo.com/0xf04.pac Caso use Firefox... *Clique [Ferramentas] > [Opções] *Na aba "Avançado" clique [Rede] > [Configurar Conexão] *Em “Endereço para configuração automática de proxy” verifique se existe a URL http://www.cearainfo.com/0xf04.pac Compartilhar este post Link para o post Compartilhar em outros sites
ndrgomes 0 Denunciar post Postado Janeiro 13, 2011 Sim a URL http://www.cearainfo.com/0xf04.pac está lá... mesmo após apagar e reiniciar o navegador ela volta novemente... O mesmo com o crhome e rockmelt... Compartilhar este post Link para o post Compartilhar em outros sites
Felipe_88 0 Denunciar post Postado Janeiro 14, 2011 ndrgomes, *Baixe o OTL e salve-o no desktop *Execute o OTL e selecione as opções: [X] Verificar All Users Exame Extra do Registro: [X] Nenhum [X] Ignorar Arquivos Microsoft [X] Usar WhiteList para Nomes de Companhias [X] Verificar Purity *Clique [Verificar] *Cole o relatório OTL.txt apresentado Compartilhar este post Link para o post Compartilhar em outros sites
ndrgomes 0 Denunciar post Postado Janeiro 18, 2011 Desculpe-me a demora... mas fiquei sem net uns dias... segue relatório OTL.txt OTL logfile created on: 17/01/2011 20:13:20 - Run 1 OTL by OldTimer - Version 3.2.20.2 Folder = C:\Users\user\Desktop Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18999) Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 51,00% Memory free 7,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 230,75 Gb Total Space | 76,68 Gb Free Space | 33,23% Space Free | Partition Type: NTFS Drive D: | 2,00 Gb Total Space | 1,09 Gb Free Space | 54,35% Space Free | Partition Type: NTFS Computer Name: MANEJO2-NOTE | User Name: user | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/01/17 20:11:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe PRC - [2011/01/09 16:30:05 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe PRC - [2010/12/28 10:43:18 | 000,054,664 | ---- | M] ( ) -- C:\Arquivos de programas\GbPlugin\gbpsv.exe PRC - [2010/11/02 03:03:13 | 000,638,232 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Internet Explorer\iexplore.exe PRC - [2010/09/22 12:03:38 | 000,316,208 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe PRC - [2010/09/22 12:03:38 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2010/09/21 14:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Arquivos de programas\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2010/09/21 14:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Arquivos de programas\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2010/09/03 15:44:26 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe PRC - [2010/09/03 15:44:21 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe PRC - [2010/07/12 10:11:52 | 001,377,104 | ---- | M] (Flexera Software, Inc.) -- C:\Arquivos de programas\ArcGIS\License10.0\bin\lmgrd.exe PRC - [2010/04/01 06:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe PRC - [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) -- C:\Arquivos de programas\Nero\Update\NASvc.exe PRC - [2010/03/06 09:44:23 | 003,888,640 | ---- | M] (Dell Inc.) -- C:\Arquivos de programas\Dell\Dell Wireless WLAN Card\WLTRAY.EXE PRC - [2010/03/06 09:44:23 | 000,026,112 | ---- | M] () -- C:\Arquivos de programas\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE PRC - [2010/03/06 09:44:20 | 002,916,864 | ---- | M] (Dell Inc.) -- C:\Arquivos de programas\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE PRC - [2010/01/14 22:11:42 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe PRC - [2009/12/14 14:33:22 | 000,819,200 | ---- | M] (Zbshareware Lab) -- C:\Arquivos de programas\USB Disk Security\USBGuard.exe PRC - [2009/10/05 19:40:58 | 001,826,816 | ---- | M] (Smith Micro Software, Inc.) -- C:\Arquivos de programas\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe PRC - [2009/10/05 19:40:40 | 000,076,288 | ---- | M] (Smith Micro Software, Inc.) -- C:\Arquivos de programas\Dell\Dell ControlPoint\Connection Manager\SMManager.exe PRC - [2009/07/31 21:16:12 | 000,221,266 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_d2df6701\stacsv.exe PRC - [2009/07/16 12:13:34 | 001,245,472 | ---- | M] (Dell Inc.) -- C:\Arquivos de programas\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe PRC - [2009/07/16 12:10:22 | 000,382,752 | ---- | M] (Dell Inc.) -- c:\Arquivos de programas\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe PRC - [2009/07/05 16:56:34 | 000,015,872 | ---- | M] (Broadcom Corporation) -- C:\Arquivos de programas\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe PRC - [2009/06/19 19:57:40 | 000,249,856 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Arquivos de programas\DellTPad\Apoint.exe PRC - [2009/06/11 21:46:46 | 000,656,384 | ---- | M] (Dell Inc.) -- C:\Arquivos de programas\Dell\Dell ControlPoint\Dell.ControlPoint.exe PRC - [2009/06/11 18:43:08 | 001,622,016 | ---- | M] (Wave Systems Corp.) -- C:\Arquivos de programas\Wave Systems Corp\Trusted Drive Manager\TdmService.exe PRC - [2009/05/15 17:33:40 | 001,803,512 | ---- | M] (AuthenTec, Inc.) -- C:\Arquivos de programas\Fingerprint Sensor\AtService.exe PRC - [2009/04/27 13:40:26 | 000,293,968 | ---- | M] (Dell Inc.) -- C:\Arquivos de programas\Dell\Dell ControlPoint\DCPButtonSvc.exe PRC - [2009/04/11 10:19:56 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/04/11 10:19:52 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2009/02/27 03:03:54 | 000,173,080 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxext.exe PRC - [2009/02/11 17:38:40 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Arquivos de programas\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2009/02/11 17:38:38 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Arquivos de programas\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009/02/01 05:15:38 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Arquivos de programas\DellTPad\ApntEx.exe PRC - [2009/02/01 03:43:30 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Arquivos de programas\DellTPad\hidfind.exe PRC - [2008/11/24 18:56:46 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Arquivos de programas\DellTPad\ApMsgFwd.exe PRC - [2008/10/25 11:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe PRC - [2008/06/03 15:16:30 | 000,382,232 | ---- | M] (Dell Inc.) -- C:\Arquivos de programas\Dell\Ambient Light Sensor\AlsSvc.exe PRC - [2008/01/20 23:25:56 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Windows Media Player\wmpnetwk.exe PRC - [2006/10/20 03:04:10 | 000,551,424 | ---- | M] () -- C:\Arquivos de programas\ArcGIS\License10.0\bin\ARCGIS.exe PRC - [2006/03/14 07:22:00 | 000,206,400 | ---- | M] (SafeNet, Inc) -- C:\Arquivos de programas\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe ========== Modules (SafeList) ========== MOD - [2011/01/17 20:11:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe MOD - [2010/12/28 10:42:04 | 000,351,624 | ---- | M] (Banco do Brasil) -- C:\Arquivos de programas\GbPlugin\gbieh.dll MOD - [2010/08/31 12:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll MOD - [2009/04/11 10:20:01 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IPHLPAPI.DLL MOD - [2009/04/11 10:19:45 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll MOD - [2008/01/20 23:25:11 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winnsi.dll ========== Win32 Services (SafeList) ========== SRV - [2011/01/09 16:30:05 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010/12/28 10:43:18 | 000,054,664 | ---- | M] ( ) [unknown | Running] -- C:\Arquivos de Programas\GbPlugin\gbpsv.exe -- (GbpSv) SRV - [2010/11/20 13:23:44 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010/09/23 00:21:24 | 001,493,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc) SRV - [2010/09/22 12:03:38 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2010/09/03 15:44:26 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010/07/12 10:11:52 | 001,377,104 | ---- | M] (Flexera Software, Inc.) [Auto | Running] -- C:\Arquivos de Programas\ArcGIS\License10.0\bin\lmgrd.exe -- (ArcGIS License Manager) SRV - [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2010/03/06 14:06:16 | 000,943,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2010/03/06 09:44:23 | 000,026,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc) SRV - [2009/10/05 19:40:40 | 000,076,288 | ---- | M] (Smith Micro Software, Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe -- (SMManager) SRV - [2009/09/24 22:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009/07/31 21:16:12 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_d2df6701\stacsv.exe -- (STacSV) SRV - [2009/07/16 12:10:22 | 000,382,752 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc) SRV - [2009/06/11 18:43:08 | 001,622,016 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService) SRV - [2009/06/03 12:15:24 | 001,019,904 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService) SRV - [2009/05/15 17:33:40 | 001,803,512 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Arquivos de Programas\Fingerprint Sensor\AtService.exe -- (ATService) SRV - [2009/04/27 13:40:26 | 000,293,968 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe -- (buttonsvc32) SRV - [2009/02/11 17:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Arquivos de Programas\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel® SRV - [2008/11/12 13:25:48 | 001,273,856 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe) SRV - [2008/06/03 15:16:30 | 000,382,232 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\Ambient Light Sensor\AlsSvc.exe -- (alssvc) SRV - [2008/01/20 23:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de Programas\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2006/03/14 07:22:00 | 000,206,400 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer) ========== Driver Services (SafeList) ========== DRV - [2011/01/09 16:30:28 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011/01/09 16:30:26 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010/12/28 10:46:30 | 000,046,600 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\gbpkm.sys -- (GbpKm) DRV - [2010/10/17 23:28:46 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2010/09/23 00:21:24 | 000,039,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr) DRV - [2010/06/17 15:29:17 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010/04/01 17:02:40 | 000,003,026 | ---- | M] (Logix4u) [Kernel | System | Running] -- C:\Windows\System32\drivers\hwinterface.sys -- (hwinterface) DRV - [2010/03/06 09:44:21 | 001,666,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX) DRV - [2010/03/06 09:44:19 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY) DRV - [2009/11/24 20:30:34 | 000,217,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2009/07/31 21:16:12 | 000,409,088 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2009/06/12 15:51:02 | 000,205,624 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\WavxDMgr.sys -- (WavxDMgr) DRV - [2009/04/28 03:47:34 | 000,329,752 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor) DRV - [2009/04/11 10:19:26 | 000,069,096 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2009/04/03 09:25:52 | 000,038,400 | ---- | M] (REDC) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2009/04/03 09:25:50 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2009/04/03 09:25:50 | 000,045,056 | ---- | M] (REDC) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2009/04/03 09:25:42 | 000,038,400 | ---- | M] (REDC) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\rixdpe86.sys -- (rixdpcie) DRV - [2009/04/03 09:25:40 | 000,048,640 | ---- | M] (REDC) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\risdpe86.sys -- (risdpcie) DRV - [2009/04/03 09:25:40 | 000,045,056 | ---- | M] (REDC) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\rimspe86.sys -- (rimspci) DRV - [2009/02/27 03:04:26 | 000,112,128 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel® DRV - [2009/02/27 03:03:50 | 004,568,064 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx) DRV - [2009/02/13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Arquivos de Programas\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\adfs.sys -- (adfs) DRV - [2008/07/01 03:08:16 | 000,210,432 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x) DRV - [2008/06/04 14:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\PBADRV.sys -- (PBADRV) DRV - [2008/01/20 23:23:51 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR) DRV - [2008/01/20 23:23:51 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2008/01/20 23:23:51 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2008/01/20 23:23:51 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2008/01/20 23:23:50 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2008/01/20 23:23:50 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Driver do Intel® DRV - [2008/01/20 23:23:50 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2008/01/20 23:23:50 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2008/01/20 23:23:49 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2008/01/20 23:23:49 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel® DRV - [2008/01/20 23:23:49 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2008/01/20 23:23:48 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2008/01/20 23:23:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2008/01/20 23:23:48 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2008/01/20 23:23:47 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2008/01/20 23:23:47 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2008/01/20 23:23:47 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2008/01/20 23:23:46 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2008/01/20 23:23:45 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2008/01/20 23:23:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2008/01/20 23:23:45 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2008/01/20 23:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2008/01/20 23:23:26 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2008/01/20 23:23:26 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2008/01/20 23:23:26 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2007/08/29 12:00:28 | 000,153,856 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cam1690.sys -- (CAM1690) DRV - [2006/11/02 06:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006/11/02 06:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006/11/02 06:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006/11/02 06:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006/11/02 06:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006/11/02 06:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006/11/02 06:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006/11/02 06:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006/11/02 06:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006/11/02 06:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006/11/02 06:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006/11/02 05:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006/11/02 05:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006/11/02 05:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006/11/02 05:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006/11/02 05:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006/11/02 05:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006/11/02 04:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006/11/02 04:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2006/03/14 07:22:00 | 000,090,176 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\Drivers\SENTINEL.SYS -- (Sentinel) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www1.la.dell.com/content/default.aspx?c=br&l=pt&s=gen IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www1.la.dell.com/content/default.aspx?c=br&l=pt&s=gen IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2832116611-4279327628-2808801757-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/5 IE - HKU\S-1-5-21-2832116611-4279327628-2808801757-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ac.gov.br/ IE - HKU\S-1-5-21-2832116611-4279327628-2808801757-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2832116611-4279327628-2808801757-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local IE - HKU\S-1-5-21-2832116611-4279327628-2808801757-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 172.16.0.21:3128 O1 HOSTS File: ([2010/09/25 16:52:44 | 000,000,835 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 activate.adobe.com O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de Programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de Programas\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Arquivos de Programas\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de Programas\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Arquivos de Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de Programas\GbPlugin\gbieh.dll (Banco do Brasil) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Arquivos de Programas\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Arquivos de Programas\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de Programas\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-21-2832116611-4279327628-2808801757-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-2832116611-4279327628-2808801757-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Arquivos de Programas\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKU\S-1-5-21-2832116611-4279327628-2808801757-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de Programas\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [Apoint] C:\Arquivos de Programas\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [broadcom Wireless Manager UI] C:\Arquivos de Programas\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.) O4 - HKLM..\Run: [DellConnectionManager] C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe (Smith Micro Software, Inc.) O4 - HKLM..\Run: [DellControlPoint] c:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell Inc.) O4 - HKLM..\Run: [iAAnotif] C:\Arquivos de Programas\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [uSB Antivirus] C:\Arquivos de Programas\USB Disk Security\RunUSBGuard.exe (Zbshareware Lab) O4 - HKLM..\Run: [uSCService] C:\Arquivos de Programas\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-2832116611-4279327628-2808801757-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de Programas\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Arquivos de Programas\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de Programas\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de Programas\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Arquivos de Programas\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class) O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab (DLM Control) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 201.10.128.2 201.10.1.2 192.168.0.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de Programas\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de Programas\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - c:\Arquivos de Programas\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de Programas\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Arquivos de Programas\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Arquivos de Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de Programas\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Arquivos de Programas\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\ GbPluginBb: DllName - C:\Program Files\GbPlugin\gbieh.dll - C:\Arquivos de Programas\GbPlugin\gbieh.dll (Banco do Brasil) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\dell.bmp O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\dell.bmp O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Arquivos de Programas\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Arquivos de Programas\GbPlugin\gbieh.dll (Banco do Brasil) O30 - LSA: Authentication Packages - (wvauth) - C:\Windows\System32\wvauth.dll (Wave Systems Corp.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 18:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{06e48ab5-3da3-11df-8f5f-a4badba64579}\Shell\AutoRun\command - "" = F:\affi8l.exe O33 - MountPoints2\{06e48ab5-3da3-11df-8f5f-a4badba64579}\Shell\open\Command - "" = F:\affi8l.exe O33 - MountPoints2\{a23246de-544b-11df-84df-a4badba64579}\Shell\AutoRun\command - "" = G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe O33 - MountPoints2\{a23246de-544b-11df-84df-a4badba64579}\Shell\open\command - "" = G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe O33 - MountPoints2\{a23246e4-544b-11df-84df-a4badba64579}\Shell\AutoRun\command - "" = ws.exe O33 - MountPoints2\{a23246e4-544b-11df-84df-a4badba64579}\Shell\open\Command - "" = ws.exe O33 - MountPoints2\{b5e28ce2-8c65-11df-917a-a4badba64579}\Shell\AutoRun\command - "" = autorun.exe O33 - MountPoints2\{b5e28ce2-8c65-11df-917a-a4badba64579}\Shell\open\command - "" = autorun.exe O33 - MountPoints2\{c5eb36ef-4ec8-11df-873c-a4badba64579}\Shell\AutoRun\command - "" = r3fhr.exe O33 - MountPoints2\{c5eb36ef-4ec8-11df-873c-a4badba64579}\Shell\open\Command - "" = r3fhr.exe O33 - MountPoints2\{cb712c6b-b554-11df-a454-a4badba64579}\Shell\AutoRun\command - "" = I:\PMBP_Win.exe O33 - MountPoints2\{fc7d199e-9106-11df-a19c-a4badba64579}\Shell\AutoRun\command - "" = autorun.exe O33 - MountPoints2\{fc7d199e-9106-11df-a19c-a4badba64579}\Shell\open\command - "" = autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/01/17 20:11:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe [2011/01/10 20:20:21 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\trend micro [2011/01/10 20:20:20 | 000,000,000 | ---D | C] -- C:\rsit [2011/01/09 16:30:29 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Avira [2011/01/05 08:42:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wave Systems Corp [2010/12/30 20:10:03 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2010/12/30 19:52:55 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Google [2010/10/09 17:34:15 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\user\AppData\Roaming\pcouffin.sys [1 C:\Users\user\*.tmp files -> C:\Users\user\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/01/17 20:11:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe [2011/01/17 20:03:43 | 000,000,308 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job [2011/01/17 20:03:37 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011/01/17 20:03:37 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011/01/17 20:03:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/01/17 20:03:27 | 000,001,024 | ---- | M] () -- C:\.rnd [2011/01/17 20:03:24 | 3711,086,592 | -HS- | M] () -- C:\hiberfil.sys [2011/01/15 21:21:50 | 000,000,998 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2832116611-4279327628-2808801757-1000Core.job [2011/01/15 21:16:46 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2832116611-4279327628-2808801757-1000UA.job [2011/01/15 21:16:46 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\RockMeltUpdateTaskUserS-1-5-21-2832116611-4279327628-2808801757-1000UA.job [2011/01/12 01:54:00 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\RockMeltUpdateTaskUserS-1-5-21-2832116611-4279327628-2808801757-1000Core.job [2011/01/11 23:17:45 | 000,000,114 | ---- | M] () -- C:\Users\user\Desktop\fix.reg [2011/01/10 21:27:54 | 000,631,916 | ---- | M] () -- C:\Windows\System32\prfh0416.dat [2011/01/10 21:27:54 | 000,590,082 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011/01/10 21:27:54 | 000,121,508 | ---- | M] () -- C:\Windows\System32\prfc0416.dat [2011/01/10 21:27:54 | 000,102,094 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011/01/10 20:17:17 | 000,339,991 | ---- | M] () -- C:\Users\user\Desktop\RSIT.exe [2011/01/09 16:52:47 | 000,000,000 | ---- | M] () -- C:\Users\user\AppData\Local\WavXMapDrive.bat [2011/01/09 16:49:59 | 000,000,799 | ---- | M] () -- C:\Users\user\Desktop\Glary Utilities.lnk [2011/01/09 16:30:28 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011/01/09 16:30:26 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2011/01/07 22:32:38 | 000,001,994 | ---- | M] () -- C:\Users\user\Desktop\RockMelt.lnk [2011/01/04 21:45:03 | 002,381,024 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010/12/30 20:10:15 | 000,002,083 | ---- | M] () -- C:\Users\user\Desktop\Google Chrome.lnk [2010/12/28 10:46:30 | 000,046,600 | ---- | M] (GAS Tecnologia) -- C:\Windows\System32\drivers\gbpkm.sys [2010/12/21 16:57:56 | 000,032,768 | ---- | M] () -- C:\Users\user\Desktop\CALENDARIO_CURSOS_2011.xls [2010/12/21 14:52:52 | 000,076,800 | ---- | M] () -- C:\Users\user\Desktop\CALENDARIO_CURSOS_2010.xls [1 C:\Users\user\*.tmp files -> C:\Users\user\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/01/17 20:03:27 | 000,001,024 | ---- | C] () -- C:\.rnd [2011/01/11 23:17:45 | 000,000,114 | ---- | C] () -- C:\Users\user\Desktop\fix.reg [2011/01/10 20:17:17 | 000,339,991 | ---- | C] () -- C:\Users\user\Desktop\RSIT.exe [2011/01/09 16:49:59 | 000,000,799 | ---- | C] () -- C:\Users\user\Desktop\Glary Utilities.lnk [2010/12/30 20:10:15 | 000,002,083 | ---- | C] () -- C:\Users\user\Desktop\Google Chrome.lnk [2010/12/30 19:53:19 | 000,001,050 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2832116611-4279327628-2808801757-1000UA.job [2010/12/30 19:53:19 | 000,000,998 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2832116611-4279327628-2808801757-1000Core.job [2010/12/21 16:23:07 | 000,032,768 | ---- | C] () -- C:\Users\user\Desktop\CALENDARIO_CURSOS_2011.xls [2010/12/21 14:48:16 | 001,677,799 | ---- | C] () -- C:\Users\user\Desktop\folder_calendario_cursos_2010_2.pdf [2010/12/21 14:48:16 | 000,437,183 | ---- | C] () -- C:\Users\user\Desktop\folder_calendario_cursos_2010.pdf [2010/12/21 14:48:16 | 000,076,800 | ---- | C] () -- C:\Users\user\Desktop\CALENDARIO_CURSOS_2010.xls [2010/12/06 11:06:24 | 000,000,446 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010/10/17 23:28:45 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2010/10/09 17:36:14 | 000,001,057 | ---- | C] () -- C:\Users\user\AppData\Roaming\vso_ts_preview.xml [2010/10/09 17:35:44 | 000,000,034 | ---- | C] () -- C:\Users\user\AppData\Roaming\pcouffin.log [2010/10/09 17:34:15 | 000,087,608 | ---- | C] () -- C:\Users\user\AppData\Roaming\inst.exe [2010/10/09 17:34:15 | 000,007,887 | ---- | C] () -- C:\Users\user\AppData\Roaming\pcouffin.cat [2010/10/09 17:34:15 | 000,001,144 | ---- | C] () -- C:\Users\user\AppData\Roaming\pcouffin.inf [2010/10/09 14:25:42 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2010/07/29 19:43:14 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll [2010/07/29 19:43:14 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2010/07/29 19:43:11 | 000,790,528 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2010/07/29 19:43:11 | 000,134,144 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2010/07/29 19:43:10 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2010/06/28 11:33:36 | 000,000,160 | ---- | C] () -- C:\Windows\System32\AddPort.ini [2010/06/28 11:33:35 | 000,003,277 | R--- | C] () -- C:\Windows\System32\hptcpmon.ini [2010/06/28 11:33:27 | 011,202,560 | R--- | C] () -- C:\Windows\System32\zhhp_res.dll [2010/06/28 11:33:27 | 000,749,568 | R--- | C] () -- C:\Windows\System32\agissi.dll [2010/06/28 11:33:27 | 000,114,688 | R--- | C] () -- C:\Windows\System32\vshp2600.dll [2010/06/28 11:32:10 | 000,000,579 | ---- | C] () -- C:\Windows\hpntwksetup.ini [2010/04/30 13:29:21 | 000,006,080 | ---- | C] () -- C:\Users\user\AppData\Local\d3d9caps.dat [2010/03/31 22:01:58 | 000,044,032 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/03/17 15:37:49 | 000,000,000 | ---- | C] () -- C:\Users\user\AppData\Local\WavXMapDrive.bat [2010/03/06 14:09:34 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll [2010/03/06 09:44:44 | 000,055,296 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll [2010/03/06 09:44:44 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll [2010/03/06 09:40:18 | 000,080,368 | ---- | C] () -- C:\Windows\System32\pbadrvdll.dll [2010/03/06 09:23:00 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll [2009/10/05 19:27:16 | 000,143,360 | R--- | C] () -- C:\Windows\System32\preflib.dll [2009/06/05 15:41:18 | 000,557,056 | ---- | C] () -- C:\Windows\System32\AmRes_fr.dll [2009/06/05 15:41:18 | 000,528,384 | ---- | C] () -- C:\Windows\System32\AmRes_en.dll [2009/06/05 15:41:16 | 000,552,960 | ---- | C] () -- C:\Windows\System32\AmRes_it.dll [2009/06/05 15:41:16 | 000,552,960 | ---- | C] () -- C:\Windows\System32\AmRes_es.dll [2009/06/05 15:41:16 | 000,536,576 | ---- | C] () -- C:\Windows\System32\AmRes_ja.dll [2009/06/05 15:41:14 | 000,540,672 | ---- | C] () -- C:\Windows\System32\AmRes_pt-BR.dll [2009/06/05 15:41:14 | 000,520,192 | ---- | C] () -- C:\Windows\System32\AmRes_ko.dll [2009/06/05 15:41:12 | 000,581,632 | ---- | C] () -- C:\Windows\System32\AmRes_ru.dll [2009/06/05 15:41:12 | 000,491,520 | ---- | C] () -- C:\Windows\System32\AmRes_zh-CHT.dll [2009/06/05 15:41:12 | 000,491,520 | ---- | C] () -- C:\Windows\System32\AmRes_zh-CHS.dll [2009/06/05 15:41:10 | 000,557,056 | ---- | C] () -- C:\Windows\System32\AmRes_nl.dll [2009/06/05 15:41:10 | 000,540,672 | ---- | C] () -- C:\Windows\System32\AmRes_cs.dll [2009/06/05 15:41:10 | 000,528,384 | ---- | C] () -- C:\Windows\System32\AmRes_da.dll [2009/06/05 15:41:08 | 000,544,768 | ---- | C] () -- C:\Windows\System32\AmRes_pl.dll [2009/06/05 15:41:08 | 000,532,480 | ---- | C] () -- C:\Windows\System32\AmRes_sv.dll [2009/06/05 15:41:08 | 000,528,384 | ---- | C] () -- C:\Windows\System32\AmRes_no.dll [2009/06/05 15:41:06 | 000,552,960 | ---- | C] () -- C:\Windows\System32\AmRes_el.dll [2009/06/05 15:41:06 | 000,524,288 | ---- | C] () -- C:\Windows\System32\AmRes_ar.dll [2009/06/05 15:41:04 | 000,548,864 | ---- | C] () -- C:\Windows\System32\AmRes_pt-PT.dll [2009/06/05 15:41:04 | 000,544,768 | ---- | C] () -- C:\Windows\System32\AmRes_hu.dll [2009/06/05 15:41:04 | 000,536,576 | ---- | C] () -- C:\Windows\System32\AmRes_fi.dll [2009/06/05 15:41:04 | 000,516,096 | ---- | C] () -- C:\Windows\System32\AmRes_he.dll [2009/06/05 15:41:02 | 000,548,864 | ---- | C] () -- C:\Windows\System32\AmRes_ro.dll [2009/06/05 15:41:00 | 000,540,672 | ---- | C] () -- C:\Windows\System32\AmRes_tr.dll [2009/06/05 15:31:18 | 000,561,152 | ---- | C] () -- C:\Windows\System32\AmRes_de.dll [2009/06/03 13:08:48 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_tr.dll [2009/06/03 13:08:46 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_ro.dll [2009/06/03 13:08:46 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_pt-BR.dll [2009/06/03 13:08:44 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_hu.dll [2009/06/03 13:08:42 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_fi.dll [2009/06/03 13:08:42 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Internationalization_he.dll [2009/06/03 13:08:40 | 000,106,496 | ---- | C] () -- C:\Windows\System32\Internationalization_el.dll [2009/06/03 13:08:38 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_cs.dll [2009/06/03 13:08:36 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Internationalization_ar.dll [2009/06/03 13:08:36 | 000,081,920 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-CHT.dll [2009/06/03 13:08:34 | 000,081,920 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-CHS.dll [2009/06/03 13:08:32 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_sv.dll [2009/06/03 13:08:32 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_ru.dll [2009/06/03 13:08:30 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_pt.dll [2009/06/03 13:08:28 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_pl.dll [2009/06/03 13:08:28 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_no.dll [2009/06/03 13:08:26 | 000,106,496 | ---- | C] () -- C:\Windows\System32\Internationalization_nl.dll [2009/06/03 13:08:24 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Internationalization_ko.dll [2009/06/03 13:08:24 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Internationalization_ja.dll [2009/06/03 13:08:22 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_it.dll [2009/06/03 13:08:20 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_fr.dll [2009/06/03 13:08:20 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_es.dll [2009/06/03 13:08:16 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_de.dll [2009/06/03 13:08:16 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_da.dll [2009/06/03 12:07:50 | 000,010,752 | ---- | C] () -- C:\Windows\System32\Wavx_ESC_Logging.dll [2009/05/18 08:34:04 | 000,249,856 | ---- | C] () -- C:\Windows\System32\wxvault.dll [2009/05/05 10:34:22 | 000,839,680 | ---- | C] () -- C:\Windows\System32\DemoLicense.dll [2009/04/11 10:19:37 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2008/03/25 09:46:00 | 000,077,536 | ---- | C] () -- C:\Windows\System32\xltZlib.dll [2007/08/29 12:00:28 | 000,153,856 | ---- | C] () -- C:\Windows\System32\drivers\cam1690.sys [2007/08/29 09:34:46 | 000,041,053 | ---- | C] () -- C:\Windows\cam1690.ini [2007/07/09 21:42:00 | 000,017,920 | ---- | C] () -- C:\Windows\System32\cam1690.dll [2007/03/09 19:17:16 | 000,045,056 | ---- | C] () -- C:\Windows\System32\cam1690m.dll [2006/11/02 07:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2006/11/02 04:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006/06/30 12:58:44 | 000,176,128 | R--- | C] () -- C:\Windows\System32\bioapi_mds300.dll [2006/06/30 12:58:44 | 000,126,976 | R--- | C] () -- C:\Windows\System32\bioapi100.dll [2004/09/10 13:34:00 | 000,917,504 | ---- | C] () -- C:\Windows\System32\lmgr10.dll [2004/09/10 13:34:00 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ADsSecurity.dll [1997/06/25 15:24:16 | 000,040,448 | ---- | C] () -- C:\Windows\System32\RegObj.dll ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 204 bytes -> C:\Windows\System32\drivers:GbpKmAp.lst @Alternate Data Stream - 2 bytes -> C:\Windows\System32:39556A12_Bb.gbp @Alternate Data Stream - 161 bytes -> C:\ProgramData\TEMP:325064EA < End of report > Compartilhar este post Link para o post Compartilhar em outros sites
Felipe_88 0 Denunciar post Postado Fevereiro 17, 2011 ndrgomes, Estive ausente do Fórum por alguns dias. Resolveu seu problema amigo ou ainda persiste o erro? Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Março 17, 2011 Tópico Arquivado Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado. Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura. Compartilhar este post Link para o post Compartilhar em outros sites
