Investigando malware

Fórum do BABOO

Regras do Fórum

Ajuda Busca Membros Calendário

Acelerador do BABOO

Áreas mais acessadas: Windows 7 Windows XP Malwares Segurança Hardware Compra e Venda Placas de vídeo Notebook e Portáteis Jogos Celulares Web Office

Bem-vindo, visitante ( Ver novos posts | Entrar | Registrar )

Fórum do BABOO > Segurança e Redes > Malwares

Reply to this topic

Start new topic

Investigando malware

rjng_jau Visualizar perfil	16/12/08 Post #1
Grupo: Participantes Posts: 1.985 De: Jaú - SP	aew é, to com um malware aqui!! oba! Bom, vamos lá, vo descreve a história, quero a opinião e ajuda de vcs. Tudo começou quando o Avira identificava, logo após a inicialização do win, os arquivos: C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\YX0NZZ6N\jsphhaxcauoojdi[1].exe e C:\WINDOWS\system32\jsphhaxcauoojdi.exe sempre dava delete, deny access, quarentena.... sempre eu reiniciava e ele tava la ok, passei um scan completo pelo avira aparentemente nao mudou nada passei o SUPERAntiSpyware ele identificou o arquivo ctfnom.exe em system32, assim como uma entrada para sua inicialização com o windows mandei tudo para quarentena logo mais notei: qdo o win abre, da um erro: nao acha o system32 para abrir, no entanto nao aparece mais esses dois arquivos supracitados tah, restaurei o ctfnom.exe, reiniciei o avira identificou os 2 arquivos (só identificava na inicialização, depois nao mais), eu deletei como sempre.... no gerenciador de tarefas, estava lah o ctfnom.exe.... finalizei ele e executei ele novamente daqui a poko..... o avira detectou de novo os 2 arquivos eu conclui q esse ctfnom tah criando os 2 arquivos..... o q vcs acham???? tah, o problema eh resolver agora kkkk o q eu fiz sumi com esses ctfnom ai da vida pelo antispyware de novo msg de erro ao inicializar no regedit, eu achei uma chave com o endereço do exe: HKEY_USERS\S-1-5-21-1409082233-1500820517-725345543-500\Software\Microsoft\Windows\ShellNoRoam\MUICache Chave: C:\WINDOWS\system32\CTFNOM.EXE eu tentei, só pra ver, mudar o endereço e colocar system32\kkkCTFNOM.EXE mas na hora q dava o erro ao inicializar, aparecia o ctfnom.exe em minúsculo e sem o kkk o programa autoruns da essa inicialização nele, eu desabilitei, e nada voltei tudo ao normal achei outra chave: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Chave: Explorer.exe ctfnom.exe pensei em apagar o ctfnom.exe da chave e ver o q dava, mas me deu um receio aqui vcs tem essa chave ai?? qual o conteúdo dela?? no log do hijackthis, apareceu uma hora assim (vai um trecho): R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.Microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.Microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.Microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = F2 - REG:system.ini: Shell=Explorer.exe ctfnom.exe O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll aí pensei... do fix no hijack? ou apago tudo ou parte pelo registro???? o q vcs acham?????? acho q estou no caminho, nao?? vo ateh publicar um artigo sobre isso kkkkk acho q eram soh essas minhas evidencias vlwww aeeee --------------------

joram Visualizar perfil	16/12/08 Post #2
Grupo: Colaboradores Ilustres Posts: 2.458 De: Bangu-Rio de Janeiro	Bom Dia! rjng_jau <!> Execute estes procedimentos,obrigatórios,e retorne com o relatório completo do HijackThis: < *Logs do HijackThis - Leia antes de Postar* > Abraços! -------------------- < DigRam >

rjng_jau Visualizar perfil	16/12/08 Post #3
Grupo: Participantes Posts: 1.985 De: Jaú - SP	Bom, em todo o caso: Logfile of HijackThis v1.99.1 Scan saved at 12:32, on 16/12/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\Explorer.exe C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe C:\ARQUIV~1\LAUNCH~1\QtZgAcer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\RTHDCPL.EXE C:\Arquivos de programas\QuickTime\qttask.exe C:\Arquivos de programas\Java\jre6\bin\jusched.exe C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Arquivos de programas\WIDCOMM\Bluetooth Software\BTTray.exe C:\WINDOWS\system32\igfxext.exe C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\RtkBtMnt.exe C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wscntfy.exe C:\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.Microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.Microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.Microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.Microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = F2 - REG:system.ini: Shell=Explorer.exe ctfnom.exe O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [SynTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LManager] C:\ARQUIV~1\LAUNCH~1\QtZgAcer.EXE O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Empowering Technology Launcher.lnk = ? O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Enviar para Dispositivo &Bluetooth... - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.Microsoft.com/intl/br/access/allinone.asp O16 - DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} (Anark Client 4.0 ActiveX Control) - http://install.anark.com/client/version4/w...en/AMClient.cab O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.Microsoft.com/fwlink/?linkid=58813 O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.Microsoft.com/windowsupd...b?1207196000703 O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.DLL O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Avira AntiVir Personal – Free antivírus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free antivírus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing) --------------------

joram Visualizar perfil	17/12/08 Post #4
Grupo: Colaboradores Ilustres Posts: 2.458 De: Bangu-Rio de Janeiro	Bom Dia! rjng_jau <!> Abra o HijackThis --> Clique: Do a system scan only QUOTE F2 - REG:system.ini: Shell=Explorer.exe ctfnom.exe <!> Marque,àcima,esta entrada. --> Clique: Fix checked ------------------------- <@> Baixe: < ComboFix.exe > ( ...by sUBs ) <@> Salve-o no Desktop! <@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! ) <@> Feche todas as janelas e execute a ferramenta! <@> Na solicitação: "Negação de garantia de software" --> Clique em Sim! <@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo! QUOTE <!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download. <!> Salve-a no desktop,renomeada como: Kombo.exe <!> Ps: Nomeie durante o salvamento,e não após salvá-la! <!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança. <-- Link! <!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde! <!> Ps: Evite executar,voluntariamente,esta ferramenta!Siga,àcima,todas as recomendações propostas. <@> Abrir-se-á a janela Auto Scan. --> Aguarde! <@> Àfim de completar as remoções,o ComboFix poderá reiniciar o computador. <@> Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter! <@> Aguarde a conclusão! <@> Durante o scan,evite manusear o mouse ou teclado! <-- *Importante!* <@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter! ---------------------- <@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado. Abraços! -------------------- < DigRam >

rjng_jau Visualizar perfil	18/12/08 Post #5
Grupo: Participantes Posts: 1.985 De: Jaú - SP	aew uma vez eu usei o combofix, e foi bem útil, mas eu notei alguns problemas depois sabe.... talvez ateh nem seja problema dele, mas eu fiquei meio assim eu acabei tentando passar o sdfix é a mesma coisa???? o log do hijackthis foi: Logfile of HijackThis v1.99.1 Scan saved at 14:35, on 18/12/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe C:\ARQUIV~1\LAUNCH~1\QtZgAcer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\igfxsrvc.exe C:\Arquivos de programas\QuickTime\qttask.exe C:\Arquivos de programas\Java\jre6\bin\jusched.exe C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe C:\Arquivos de programas\Arquivos comuns\Pure Networks Shared\Platform\nmctxth.exe C:\Arquivos de programas\Pure Networks\Network Magic\nmapp.exe C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Arquivos de programas\WIDCOMM\Bluetooth Software\BTTray.exe C:\WINDOWS\system32\igfxext.exe C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\RtkBtMnt.exe C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\Arquivos de programas\Arquivos comuns\Pure Networks Shared\Platform\nmsrvc.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\system32\wscntfy.exe C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe C:\Arquivos de programas\Windows Media Player\wmplayer.exe C:\HijackThis\HijackThis.exe C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avwsc.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.Microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.Microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.Microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.Microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [SynTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LManager] C:\ARQUIV~1\LAUNCH~1\QtZgAcer.EXE O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [nmctxth] "C:\Arquivos de programas\Arquivos comuns\Pure Networks Shared\Platform\nmctxth.exe" O4 - HKLM\..\Run: [nmapp] "C:\Arquivos de programas\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Empowering Technology Launcher.lnk = ? O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Enviar para Dispositivo &Bluetooth... - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.Microsoft.com/intl/br/access/allinone.asp O16 - DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} (Anark Client 4.0 ActiveX Control) - http://install.anark.com/client/version4/w...en/AMClient.cab O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.Microsoft.com/fwlink/?linkid=58813 O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.Microsoft.com/windowsupd...b?1207196000703 O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Arquivos de programas\Arquivos comuns\Pure Networks Shared\Platform\puresp4.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.DLL O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Avira AntiVir Personal – Free antivírus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free antivírus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing) O23 - Service: Pure Networks Net2Go Service (nmraapache) - Unknown owner - C:\Arquivos de programas\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe" -k runservice (file missing) O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Arquivos de programas\Arquivos comuns\Pure Networks Shared\Platform\nmsrvc.exe e do sdfix: SDFix: Version 1.240 Run by Administrador on ter 16/12/2008 at 19:08 Microsoft Windows XP [versÆo 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\WINDOWS\Keygen.exe - Deleted Folder C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 - Removed Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-16 19:24:08 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:2df9c43f "s2"=dword:110480d0 "h0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:b8,1d,8e,70,3b,ec,ac,61,8e,23,1a,2c,fd,c4,54,ad,b0,0b,cf,0b,a8,.. "p0"="C:\Arquivos de programas\DAEMON Tools Lite\" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,a8,5e,40,0c,08,fd,55,bb,68,d4,53,8b,4c,2c,de,ff,ae,.. "khjeh"=hex:cc,fe,35,4d,01,69,80,d7,e1,34,74,10,ee,f5,f7,cd,d8,86,0d,c1,2f,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:1d,af,39,89,7f,ef,ba,68,82,6f,87,84,9d,d6,a2,41,0b,9d,6a,14,01,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:b8,1d,8e,70,3b,ec,ac,61,8e,23,1a,2c,fd,c4,54,ad,b0,0b,cf,0b,a8,.. "p0"="C:\Arquivos de programas\DAEMON Tools Lite\" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,a8,5e,40,0c,08,fd,55,bb,68,d4,53,8b,4c,2c,de,ff,ae,.. "khjeh"=hex:cc,fe,35,4d,01,69,80,d7,e1,34,74,10,ee,f5,f7,cd,d8,86,0d,c1,2f,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:1d,af,39,89,7f,ef,ba,68,82,6f,87,84,9d,d6,a2,41,0b,9d,6a,14,01,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:b8,1d,8e,70,3b,ec,ac,61,8e,23,1a,2c,fd,c4,54,ad,b0,0b,cf,0b,a8,.. "p0"="C:\Arquivos de programas\DAEMON Tools Lite\" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,a8,5e,40,0c,08,fd,55,bb,68,d4,53,8b,4c,2c,de,ff,ae,.. "khjeh"=hex:cc,fe,35,4d,01,69,80,d7,e1,34,74,10,ee,f5,f7,cd,d8,86,0d,c1,2f,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:1d,af,39,89,7f,ef,ba,68,82,6f,87,84,9d,d6,a2,41,0b,9d,6a,14,01,.. scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}] "DisplayName"="Alcohol 120%" scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\\Arquivos de programas\\eMule\\emule.exe"="C:\\Arquivos de programas\\eMule\\emule.exe::Enabled:eMule" "C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe::Enabled:Microsoft DirectPlay Voice Test" "C:\\Arquivos de programas\\Ares\\Ares.exe"="C:\\Arquivos de programas\\Ares\\Ares.exe::Enabled:Ares p2p for windows" "C:\\Arquivos de programas\\Counter-Strike 1.6\\hl.exe"="C:\\Arquivos de programas\\Counter-Strike 1.6\\hl.exe::Disabled:Half-Life Launcher" "C:\\SIERRA\\Half-Life\\hl.exe"="C:\\SIERRA\\Half-Life\\hl.exe::Enabled:Half-Life Launcher" "C:\\Arquivos de programas\\uTorrent\\uTorrent.exe"="C:\\Arquivos de programas\\uTorrent\\uTorrent.exe::Enabled:æTorrent" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe::Enabled:Windows Live Messenger" "C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe::Enabled:Windows Live Messenger (Phone)" "C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"="C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe::Enabled:Skype" "C:\\Arquivos de programas\\Megacubo\\megacubo.exe"="C:\\Arquivos de programas\\Megacubo\\megacubo.exe::Enabled:MegaCubo" "C:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE::Enabled:Microsoft Office Groove" "C:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE::Enabled:Microsoft Office Outlook" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe::Enabled:Windows Live Messenger" "C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe::Enabled:Windows Live Messenger (Phone)" Remaining Files : File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Sun 29 Jun 2008 24 ..SH. --- "C:\WINDOWS\S56DEC0BC.tmp" Sun 13 Apr 2008 1,695,232 ..SH. --- "C:\Arquivos de programas\Messenger\msmsgs.exe" Mon 20 Oct 2003 73,688 ..SHR --- "C:\Arquivos de programas\Autodesk\Autodesk DWF Viewer\Setup.exe" Sat 24 Jan 2004 5,120 A.SHR --- "C:\Arquivos de programas\Autodesk\Autodesk DWF Viewer\_Setupx.dll" Sat 12 Apr 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Sat 7 Jun 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BIT3.tmp" Sat 7 Jun 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BIT2.tmp" Sat 7 Jun 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2769b111678c52099a3b3123b12f2325\BIT6.tmp" Sat 7 Jun 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b2278ac3b8a7d329217f0fb7c7d9ee91\BIT7.tmp" Sat 7 Jun 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cacdd1fedba0fe9a5b113a33f1a018a0\BIT4.tmp" Sat 7 Jun 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f27fd20411af7f646de7b03ed7660aa5\BIT5.tmp" Finished! será q tem mais alguma coisa??? vlw!! --------------------

joram Visualizar perfil	19/12/08 Post #6
Grupo: Colaboradores Ilustres Posts: 2.458 De: Bangu-Rio de Janeiro	Bom Dia! rjng_jau QUOTE uma vez eu usei o combofix, e foi bem útil, mas eu notei alguns problemas depois sabe.... talvez ateh nem seja problema dele, mas eu fiquei meio assim eu acabei tentando passar o sdfix é a mesma coisa???? <!> Infelizmente,não é a mesma coisa. ------------------------- <@> Baixe: < RSIT > <@> Salve-o,diretamente,no Disco Local ( C )! <@> Dê um duplo clique em RSIT.exe,para executar a ferramenta. <@> Na janela que abrir,disclamer,clique em "Continue". <@> Terminando,abrir-se-à o Bloco de Notas com o relatório: log.txt <-- Relatório para postagem! <@> Poste,também,na sua resposta: info.txt,que estará em C:\rsit\info.txt <-- Abraços! -------------------- < DigRam >

rjng_jau Visualizar perfil	21/12/08 Post #7
Grupo: Participantes Posts: 1.985 De: Jaú - SP	log Logfile of random's system information tool 1.05 (written by random/random) Run by Administrador at 2008-12-21 20:39:26 Microsoft Windows XP Professional Service Pack 3 System drive C: has 20 GB (38%) free of 53 GB Total RAM: 2038 MB (58% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:39, on 21/12/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe C:\ARQUIV~1\LAUNCH~1\QtZgAcer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\RTHDCPL.EXE C:\Arquivos de programas\QuickTime\qttask.exe C:\Arquivos de programas\Java\jre6\bin\jusched.exe C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Arquivos de programas\WIDCOMM\Bluetooth Software\BTTray.exe C:\WINDOWS\system32\igfxext.exe C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\RtkBtMnt.exe C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe C:\Arquivos de programas\Windows Media Player\wmplayer.exe C:\RSIT.exe C:\Arquivos de programas\trend micro\Administrador.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.Microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.Microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.Microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.Microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [SynTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LManager] C:\ARQUIV~1\LAUNCH~1\QtZgAcer.EXE O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Empowering Technology Launcher.lnk = ? O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Enviar para Dispositivo &Bluetooth... - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.Microsoft.com/intl/br/access/allinone.asp O16 - DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} (Anark Client 4.0 ActiveX Control) - http://install.anark.com/client/version4/w...en/AMClient.cab O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.Microsoft.com/fwlink/?linkid=58813 O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.Microsoft.com/windowsupd...b?1207196000703 O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: Avira AntiVir Personal – Free antivírus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free antivírus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe -- End of file - 9123 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}] Skype add-on (mastermind) - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-11-07 1088296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java™ Plug-In SSV Helper - C:\Arquivos de programas\Java\jre6\bin\ssv.dll [2008-12-06 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java™ Plug-In 2 SSV Helper - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll [2008-12-06 34816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-06 73728] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"=C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe [2007-08-28 860160] "LManager"=C:\ARQUIV~1\LAUNCH~1\QtZgAcer.EXE [2007-08-28 707080] "IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-03-17 135168] "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-03-17 159744] "Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-03-17 131072] "avgnt"=C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-07-17 266497] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-03-26 16859136] "Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632] "QuickTime Task"=C:\Arquivos de programas\QuickTime\qttask.exe [2008-07-23 98304] "SunJavaUpdateSched"=C:\Arquivos de programas\Java\jre6\bin\jusched.exe [2008-12-06 136600] "GrooveMonitor"=C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648] "KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k [] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"=C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-12-09 1809648] [HKEY_LOCAL_MACHINE\software\Microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Arquivos de programas\QuickTime\qttask.exe [2008-07-23 98304] [HKEY_LOCAL_MACHINE\software\Microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2007-06-13 528384] [HKEY_LOCAL_MACHINE\software\Microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Inicializar^MagicDisc.lnk] C:\ARQUIV~1\MAGICD~1\MAGICD~1.EXE [2008-05-27 547840] C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar BTTray.lnk - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\BTTray.exe Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Inicializar Recorte de tela e Iniciador do OneNote 2007.lnk - C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon] C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.DLL [2008-12-09 352256] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxdev.dll [2008-03-17 208896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Arquivos de programas\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=msapsspc.dll schannel.dll digest.dll msnsspc.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\Arquivos de programas\eMule\emule.exe"="C:\Arquivos de programas\eMule\emule.exe::Enabled:eMule" "C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe::Enabled:Microsoft DirectPlay Voice Test" "C:\Arquivos de programas\Ares\Ares.exe"="C:\Arquivos de programas\Ares\Ares.exe::Enabled:Ares p2p for windows" "C:\Arquivos de programas\Counter-Strike 1.6\hl.exe"="C:\Arquivos de programas\Counter-Strike 1.6\hl.exe::Disabled:Half-Life Launcher" "C:\SIERRA\Half-Life\hl.exe"="C:\SIERRA\Half-Life\hl.exe::Enabled:Half-Life Launcher" "C:\Arquivos de programas\uTorrent\uTorrent.exe"="C:\Arquivos de programas\uTorrent\uTorrent.exe::Enabled:µTorrent" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe::Enabled:Windows Live Messenger" "C:\Arquivos de programas\Windows Live\Messenger\livecall.exe"="C:\Arquivos de programas\Windows Live\Messenger\livecall.exe::Enabled:Windows Live Messenger (Phone)" "C:\Arquivos de programas\Megacubo\megacubo.exe"="C:\Arquivos de programas\Megacubo\megacubo.exe::Enabled:MegaCubo" "C:\Arquivos de programas\Microsoft Office\Office12\GROOVE.EXE"="C:\Arquivos de programas\Microsoft Office\Office12\GROOVE.EXE::Enabled:Microsoft Office Groove" "C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE::Enabled:Microsoft Office Outlook" "C:\Arquivos de programas\Skype\Phone\Skype.exe"="C:\Arquivos de programas\Skype\Phone\Skype.exe::Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe::Enabled:Windows Live Messenger" "C:\Arquivos de programas\Windows Live\Messenger\livecall.exe"="C:\Arquivos de programas\Windows Live\Messenger\livecall.exe::Enabled:Windows Live Messenger (Phone)" [HKEY_CURRENT_USER\software\Microsoft\windows\currentversion\explorer\mountpoints2\{0a2c3a1c-38ea-11dd-8013-001b24ee4866}] shell\AutoRun\command - F:\autorun\autorun.exe [HKEY_CURRENT_USER\software\Microsoft\windows\currentversion\explorer\mountpoints2\{27061a84-0249-11dd-bf80-001b24ee4866}] shell\AutoRun\command - I:\ilwzzt.exe shell\explore\command - I:\ilwzzt.exe shell\open\command - I:\ilwzzt.exe [HKEY_CURRENT_USER\software\Microsoft\windows\currentversion\explorer\mountpoints2\{390cefa2-5134-11dd-806e-001b24ee4866}] shell\AutoRun\command - H:\ilwzzt.exe shell\explore\command - H:\ilwzzt.exe shell\open\command - H:\ilwzzt.exe [HKEY_CURRENT_USER\software\Microsoft\windows\currentversion\explorer\mountpoints2\{68990d70-c851-11dd-823f-001b24ee4866}] shell\AutoRun\command - H:\ilwzzt.exe shell\explore\command - H:\ilwzzt.exe shell\open\command - H:\ilwzzt.exe [HKEY_CURRENT_USER\software\Microsoft\windows\currentversion\explorer\mountpoints2\{7abf47bd-3fa0-11dd-801c-001b24ee4866}] shell\AutoRun\command - NTruntr.exe shell\explore\command - NTruntr.exe shell\open\command - NTruntr.exe ======File associations====== .scr - open - "C:\Arquivos de programas\Internet Explorer\Iexplore.exe" %1 ======List of files/folders created in the last 1 months====== 2008-12-21 20:38:54 ----D---- C:\Arquivos de programas\trend micro 2008-12-21 20:38:53 ----D---- C:\rsit 2008-12-21 20:37:07 ----A---- C:\RSIT.exe 2008-12-17 16:59:13 ----D---- C:\Arquivos de programas\Pure Networks 2008-12-16 19:05:26 ----D---- C:\WINDOWS\ERUNT 2008-12-16 19:00:15 ----D---- C:\SDFix 2008-12-15 23:06:12 ----D---- C:\Arquivos de programas\Microsoft.NET 2008-12-15 23:05:58 ----D---- C:\Arquivos de programas\Microsoft Visual Studio 2008-12-13 00:13:47 ----HD---- C:\WINDOWS\system32\GroupPolicy 2008-12-12 15:07:54 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$ 2008-12-12 15:04:27 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$ 2008-12-12 15:03:36 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$ 2008-12-12 15:03:25 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$ 2008-12-10 17:00:24 ----D---- C:\PenClean 2008-12-09 15:08:49 ----A---- C:\WINDOWS\system32\wmvdmoe.dll 2008-12-09 15:08:49 ----A---- C:\WINDOWS\system32\wmvcore2.dll 2008-12-09 15:08:49 ----A---- C:\WINDOWS\system32\wmv8dmoe.dll 2008-12-09 15:08:49 ----A---- C:\WINDOWS\system32\wmv8dmod.dll 2008-12-09 15:07:26 ----D---- C:\Arquivos de programas\coolpro2 2008-12-09 11:17:14 ----D---- C:\WINDOWS\ie7updates 2008-12-09 00:22:12 ----A---- C:\atual.txt 2008-12-08 21:45:32 ----D---- C:\Documents and Settings\Administrador\Dados de aplicativos\pokerth 2008-12-07 23:36:31 ----D---- C:\WINDOWS\WBEM 2008-12-07 23:35:20 ----HDC---- C:\WINDOWS\ie7 2008-12-07 23:35:07 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$ 2008-12-07 23:34:29 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$ 2008-12-06 22:41:42 ----A---- C:\WINDOWS\system32\javaws.exe 2008-12-06 22:41:42 ----A---- C:\WINDOWS\system32\javaw.exe 2008-12-06 22:41:42 ----A---- C:\WINDOWS\system32\java.exe 2008-12-05 18:42:18 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$ 2008-12-05 18:42:11 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$ 2008-12-05 18:42:05 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$ 2008-12-05 18:41:58 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$ 2008-12-05 18:41:49 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$ 2008-12-05 18:41:42 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$ 2008-12-05 18:41:32 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$ 2008-12-05 18:39:46 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$ 2008-12-05 18:39:10 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$ 2008-12-05 18:38:52 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$ 2008-12-05 18:36:09 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$ 2008-12-05 18:36:03 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$ 2008-12-05 18:35:55 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$ 2008-12-05 18:35:48 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$ 2008-12-05 18:35:41 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$ 2008-12-05 18:34:24 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$ 2008-12-05 18:34:18 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$ 2008-12-05 18:34:11 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$ 2008-12-05 18:33:57 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$ 2008-12-05 18:32:45 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$ 2008-11-30 10:18:11 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Office Genuine Advantage 2008-11-30 10:15:13 ----A---- C:\WINDOWS\system32\OGACheckControl.DLL 2008-11-23 16:54:02 ----A---- C:\WINDOWS\system32\pthreadGC2.dll 2008-11-23 13:54:07 ----D---- C:\Arquivos de programas\Lead Pursuit ======List of files/folders modified in the last 1 months====== 2008-12-21 20:38:54 ----RD---- C:\Arquivos de programas 2008-12-21 19:45:38 ----A---- C:\WINDOWS\NeroDigital.ini 2008-12-21 19:27:28 ----D---- C:\WINDOWS\Microsoft.NET 2008-12-21 17:15:49 ----D---- C:\Arquivos de programas\Mozilla Firefox 2008-12-21 16:39:09 ----D---- C:\WINDOWS\temp 2008-12-21 16:38:44 ----D---- C:\WINDOWS 2008-12-21 15:02:03 ----A---- C:\WINDOWS\SchedLgU.Txt 2008-12-20 12:31:22 ----D---- C:\WINDOWS\system32\CatRoot2 2008-12-20 09:40:23 ----SHD---- C:\WINDOWS\Installer 2008-12-20 09:40:23 ----D---- C:\Config.Msi 2008-12-20 09:40:19 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help 2008-12-20 09:39:44 ----A---- C:\WINDOWS\win.ini 2008-12-20 01:23:14 ----D---- C:\Arquivos de programas\Stellarium 2008-12-19 23:36:17 ----D---- C:\WINDOWS\system32 2008-12-19 16:51:20 ----D---- C:\Documents and Settings\Administrador\Dados de aplicativos\uTorrent 2008-12-19 16:30:08 ----AD---- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP 2008-12-19 13:58:18 ----HD---- C:\WINDOWS\inf 2008-12-19 13:58:12 ----RSHDC---- C:\WINDOWS\system32\dllcache 2008-12-19 13:56:33 ----HD---- C:\WINDOWS\$hf_mig$ 2008-12-18 20:01:02 ----DC---- C:\WINDOWS\system32\DRVSTORE 2008-12-18 20:01:01 ----D---- C:\WINDOWS\system32\drivers 2008-12-18 20:00:55 ----D---- C:\Arquivos de programas\Arquivos comuns 2008-12-18 14:35:48 ----D---- C:\HijackThis 2008-12-16 21:44:39 ----D---- C:\WINDOWS\Prefetch 2008-12-16 19:24:07 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2008-12-16 19:24:05 ----SHD---- C:\RECYCLER 2008-12-16 19:07:56 ----A---- C:\WINDOWS\ntbtlog.txt 2008-12-16 16:28:58 ----D---- C:\Arquivos de programas\WinRAR 2008-12-15 23:11:19 ----D---- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared 2008-12-15 23:09:29 ----D---- C:\Arquivos de programas\Microsoft Office 2008-12-15 23:09:28 ----D---- C:\Arquivos de programas\Arquivos comuns\System 2008-12-15 23:09:15 ----D---- C:\WINDOWS\SHELLNEW 2008-12-15 23:06:12 ----RSD---- C:\WINDOWS\Fonts 2008-12-15 23:05:58 ----D---- C:\Arquivos de programas\MSBuild 2008-12-13 19:33:57 ----SH---- C:\boot.ini 2008-12-13 19:33:57 ----A---- C:\WINDOWS\system.ini 2008-12-13 15:56:46 ----D---- C:\Arquivos de programas\eMule 2008-12-13 13:28:38 ----D---- C:\Arquivos de programas\SpywareBlaster 2008-12-13 03:37:59 ----A---- C:\WINDOWS\system32\mshtml.dll 2008-12-13 00:07:12 ----D---- C:\WINDOWS\Minidump 2008-12-12 15:07:58 ----A---- C:\WINDOWS\imsins.BAK 2008-12-12 15:07:41 ----D---- C:\Arquivos de programas\Internet Explorer 2008-12-11 18:46:24 ----D---- C:\Arquivos de programas\Valve 2008-12-11 18:46:10 ----D---- C:\Arquivos de programas\sXe Injected 2008-12-10 14:23:50 ----A---- C:\WINDOWS\bsl.ini 2008-12-10 13:44:57 ----D---- C:\Documents and Settings\Administrador\Dados de aplicativos\Thinstall 2008-12-09 20:24:37 ----A---- C:\WINDOWS\system32\MRT.exe 2008-12-09 17:57:03 ----D---- C:\Arquivos de programas\SUPERAntiSpyware 2008-12-09 15:09:07 ----D---- C:\temp 2008-12-09 11:17:44 ----D---- C:\WINDOWS\system32\pt-br 2008-12-08 18:21:25 ----D---- C:\WINDOWS\system32\CatRoot 2008-12-08 18:17:44 ----D---- C:\WINDOWS\Help 2008-12-07 23:36:40 ----D---- C:\WINDOWS\system32\config 2008-12-07 23:36:24 ----D---- C:\WINDOWS\Media 2008-12-07 14:36:52 ----D---- C:\Arquivos de programas\uTorrent 2008-12-06 22:41:25 ----A---- C:\WINDOWS\system32\deploytk.dll 2008-12-06 22:40:02 ----A---- C:\WINDOWS\asym.ini 2008-12-06 22:39:58 ----D---- C:\ATLAS 2008-12-05 18:42:27 ----D---- C:\Arquivos de programas\Microsoft Silverlight 2008-12-05 18:42:13 ----RSD---- C:\WINDOWS\assembly 2008-12-05 18:42:06 ----D---- C:\Arquivos de programas\Messenger 2008-12-05 18:39:43 ----D---- C:\Arquivos de programas\Virtual Earth 3D 2008-12-05 18:34:25 ----D---- C:\WINDOWS\WinSxS 2008-12-05 07:35:20 ----D---- C:\Documents and Settings\Administrador\Dados de aplicativos\Skype 2008-12-04 16:16:41 ----D---- C:\Documents and Settings\Administrador\Dados de aplicativos\skypePM 2008-12-03 19:34:22 ----D---- C:\Arquivos de programas\CDlyse 2008-11-30 11:04:31 ----D---- C:\Arquivos de programas\Arquivos comuns\DESIGNER 2008-11-30 10:18:07 ----SD---- C:\WINDOWS\Downloaded Program Files 2008-11-29 23:19:03 ----D---- C:\Arquivos de programas\NovaLogic 2008-11-23 22:22:00 ----D---- C:\Program Files 2008-11-22 22:07:23 ----D---- C:\rms ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-11-26 75072] R1 intelppm;Driver de Processador Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40448] R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14720] R1 SASDIFSV;SASDIFSV; \??\C:\Arquivos de programas\SUPERAntiSpyware\SASDIFSV.SYS [] R1 SASKUTIL;SASKUTIL; \??\C:\Arquivos de programas\SUPERAntiSpyware\SASKUTIL.sys [] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352] R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832] R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672] R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936] R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496] R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2007-03-21 37376] R3 Arp1394;Protocolo cliente 1394 ARP; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 avgntflt;avgntflt; \??\C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [] R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2008-05-12 175104] R3 btaudio;Dispositivo de áudio Bluetooth; C:\WINDOWS\system32\drivers\btaudio.sys [2007-08-28 539072] R3 BTDriver;Driver de comunicação virtual Bluetooth; C:\WINDOWS\system32\DRIVERS\btport.sys [2007-08-28 37424] R3 BTKRNL;Enumerador de barramento Bluetooth; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2007-08-28 876384] R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952] R3 DKbFltr;Dritek Keyboard Filter Driver; C:\WINDOWS\system32\DRIVERS\DKbFltr.sys [2007-08-28 16896] R3 HDAudBus;Driver de Barramento Microsoft UAA para High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 hidshim;Service for HID-KMDF Shim layer; C:\WINDOWS\system32\DRIVERS\hidshim.sys [2007-05-08 5632] R3 HidUsb;Driver de classe HID da Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2007-03-01 988032] R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2007-03-01 210688] R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-03-17 5955872] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-03-26 4713472] R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2008-05-27 96896] R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-09-05 12288] R3 NETw4x32;Driver do Adaptador Intel® Wireless WiFi Link para Windows XP 32 bits; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-08-28 2211456] R3 NIC1394;Driver de rede 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 SASENUM;SASENUM; \??\C:\Arquivos de programas\SUPERAntiSpyware\SASENUM.SYS [] R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232] R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-08-28 208064] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 usbvideo;Dispositivo de vídeo USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984] R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000] R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2007-03-01 731136] R3 winbondhidcir;Winbond HID CIR Receiver; C:\WINDOWS\system32\DRIVERS\winbondhidcir.sys [2007-05-08 21504] S3 afyjv882;afyjv882; C:\WINDOWS\system32\drivers\afyjv882.sys [] S3 BTWDNDIS;Driver de acesso à rede local Bluetooth; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2007-08-28 149123] S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2007-08-28 55352] S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\catchme.sys [] S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys [] S3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688] S3 MSTEE;Conversor em T entre locais de fluxo contínuo Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Conexão de TV e vídeo da Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 nhcDriverDevice;Notebook Hardware Control Driver; \??\C:\WINDOWS\system32\drivers\nhcDriver.sys [] S3 Partizan;Partizan; C:\WINDOWS\system32\drivers\Partizan.sys [2008-11-10 30946] S3 Rasirda;Miniporta de rede remota (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584] S3 s125bus;Sony Ericsson Device 125 driver (WDM); C:\WINDOWS\system32\DRIVERS\s125bus.sys [2007-04-24 83336] S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s125mdfl.sys [2007-04-24 15112] S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s125mdm.sys [2007-04-24 108680] S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s125mgmt.sys [2007-04-24 100488] S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s125obex.sys [2007-04-24 98696] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS [2007-08-28 6909] S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] S4 WS2IFSL;Ambiente de suporte a provedores de serviços não-IFS do Windows Socket 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-28 12032] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirScheduler;Avira AntiVir Personal – Free antivírus Scheduler; C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-24 68865] R2 AntiVirService;Avira AntiVir Personal – Free antivírus Guard; C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-24 151297] R2 btwdins;Bluetooth Service; C:\Arquivos de programas\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2007-04-01 273256] R2 JavaQuickStarterService;Java Quick Starter; C:\Arquivos de programas\Java\jre6\bin\jqs.exe [2008-12-06 152984] R3 usnjsvc;Serviço de Compartilhamento de Pastas Messenger do USN Journal Reader; C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] S3 AresChatServer;Ares Chatroom server; C:\Arquivos de programas\Ares\chatServer.exe [2007-03-19 263168] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800] S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe [2008-04-04 74360] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Arquivos de programas\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464] S3 odserv;Microsoft Office Diagnostics Service; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776] S3 ose;Office Source Engine; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 WLSetupSvc;Windows Live Setup Service; C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240] S3 WMPNetworkSvc;Serviço de Compartilhamento de Rede do Windows Media Player; C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe [2006-11-02 914944] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880] -----------------EOF----------------- info: info.txt logfile of random's system information tool 1.05 2008-12-21 20:39:14 ======Uninstall list====== -->MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F} -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0416-0000-0000000FF1CE} /uninstall {669EB263-0AFE-4FCB-A068-DB082CA6273C} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0416-0000-0000000FF1CE} /uninstall {98003BDC-1B68-4970-B28E-ACC8000D2F3E} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8} Acer Crystal Eye webcam-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}\setup.exe" -l0x816 -removeonly Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{58BAA8D0-404E-4585-9FD3-ED1BB72AC2EE} Advanced WindowsCare Personal-->"C:\Arquivos de programas\IObit\Advanced WindowsCare V2\unins000.exe" AlgoLab R2V Conversion Toolkit 2.62-->C:\ARQUIV~1\AlgoLabR2VToolkit\UNWISE.EXE C:\ARQUIV~1\AlgoLabR2VToolkit\INSTALL.LOG Anark Client 4-->C:\Arquivos de programas\Anark\Anark Client 4\AMInstal.exe -uninstall Anatomy Trains-->C:\Arquivos de programas\Primal Pictures\Anatomy Trains\uninst.exe Ares 2.0.9-->"C:\Arquivos de programas\Ares\uninstall.exe" Arquivo do WinRAR-->C:\Arquivos de programas\WinRAR\uninstall.exe Atualização de Segurança para o Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Atualização de Segurança para o Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe" Atualização de Segurança para o Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe" Atualização de Segurança para Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe" Atualização de Segurança para Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Atualização de Segurança para Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe" Atualização de Segurança para Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Atualização para Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Atualização para Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Atualização para Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" AutoCAD 2005 - English-->MsiExec.exe /I{5783F2D7-0301-0409-0002-0060B0CE6BBA} Autodesk DWF Viewer-->C:\ARQUIV~1\Autodesk\AUTODE~1\Setup.exe /remove Avira AntiVir Personal - Free antivírus-->C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE AVS Video Converter 4.3.1.371-->"C:\Arquivos de programas\AVSMedia\VideoConverter4\unins000.exe" BioEstat 2.0-->C:\WINDOWS\IsUn0416.exe -f"C:\Arquivos de programas\BioEstat 2.0\Uninst.isu" Brain Training for Dummies®-->"C:\Arquivos de programas\Oberon Media\Brain Training for Dummies®\Uninstall.exe" "C:\Arquivos de programas\Oberon Media\Brain Training for Dummies®\install.log" Broadcom Gigabit Integrated Controller-->MsiExec.exe /X{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B} CDlyse 1.3-->"C:\Arquivos de programas\CDlyse\uninstall.exe" Celestia 1.5.1-->"C:\Arquivos de programas\Celestia\unins000.exe" Chime/Chime Pro for Internet Explorer-->C:\WINDOWS\IsUninst.exe -f"C:\Arquivos de programas\Internet Explorer\Plugins\chime26.isu" Classic Menu 3.x for Office 2007-->"C:\Arquivos de programas\Classic Menu for Office\unins000.exe" Comanche 4 (remove only)-->"C:\Arquivos de programas\Comanche 4\Uninstall.exe" Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0416-0000-0000000FF1CE} Cool Edit Pro 2.1-->C:\Arquivos de programas\coolpro2\cep2unin.exe Counter-Strike 1.6 V35-->C:\Arquivos de programas\Counter-Strike 1.6 V35\Uninstal.exe Counter-Strike 1.6-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}\Setup.exe" -l0x19 CutePDF Writer 2.7-->C:\Arquivos de programas\Acro Software\CutePDF Writer\uninscpw.exe /uninstall DVD Architect Pro 5.0-->MsiExec.exe /X{A32BAC41-30A0-40D1-B4BC-0FB3304CA780} EMChuletator-->C:\Arquivos de programas\EMChuletator\uninstall.exe eMule-->"C:\Arquivos de programas\eMule\Uninstall.exe" Enemy Engaged 2 Speech-->MsiExec.exe /I{5CB6A112-DA36-486B-9B1C-6341CB95DE37} Enemy Engaged 2-->"C:\Arquivos de programas\G2 Games\Enemy Engaged 2\unins000.exe" F-16 MRF-->C:\WINDOWS\IsUninst.exe -f"C:\Arquivos de programas\NovaLogic\F-16 MRF\Uninst.isu" F-22 IBS-->C:\WINDOWS\IsUninst.exe -f"C:\Arquivos de programas\NovaLogic\F-22 IBS\Uninst.isu" F-22 Lightning 3-->C:\WINDOWS\IsUninst.exe -f"C:\Arquivos de programas\NovaLogic\F-22 Lightning 3\Uninst.isu" F-22 Raptor-->C:\WINDOWS\IsUninst.exe -f"C:\Arquivos de programas\NovaLogic\F-22 Raptor\Uninst.isu" Falcon 4.0: Allied Force-->MsiExec.exe /I{7A65E382-1843-4B46-861B-1BECB8354911} ffdshow [rev 2335] [2008-11-17]-->"C:\Arquivos de programas\K-Lite Codec Pack\ffdshow\unins000.exe" Foxit Reader-->C:\Arquivos de programas\Foxit Software\Foxit Reader\Uninstall.exe GameDesire-Pool & Snooker-->C:\Arquivos de programas\Ganymede\billiards_uninstall.exe Guitar Flash 1.0-->"C:\Arquivos de programas\gamesX\Guitar Flash\unins000.exe" Guitar Hero-->"C:\Arquivos de programas\gamesX\Guitar Hero\unins000.exe" Guitar Pro 5.0-->"C:\Arquivos de programas\Guitar Pro 5\unins000.exe" GVOX Encore 32 v4.5-->C:\ARQUIV~1\GVOX\Encore\UNWISE.EXE C:\ARQUIV~1\GVOX\Encore\INSTALL.LOG Half-Life-->C:\WINDOWS\IsUninst.exe -fC:\SIERRA\Half-Life\Uninst.isu -c"C:\SIERRA\Half-Life\HLUNINST.DLL" Handy Recovery 3.0-->C:\ARQUIV~1\SoftLogica\Handy Recovery\UNWISE.EXE C:\ARQUIV~1\SoftLogica\Handy Recovery\INSTALL.LOG HijackThis 1.99.1-->C:\HijackThis\HijackThis.exe /uninstall Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" Hotfix para o Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" Hotfix para Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" IBS-->C:\WINDOWS\IsUninst.exe -f"C:\Arquivos de programas\NovaLogic\IBS\Uninst.isu" Intel® Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF} Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050} Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} Kaspersky Online Scanner-->C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe K-Lite Mega Codec Pack 4.1.7-->"C:\Arquivos de programas\K-Lite Codec Pack\unins000.exe" Magic ISO Maker v5.4 (build 0239)-->C:\ARQUIV~1\MagicISO\UNWISE.EXE C:\ARQUIV~1\MagicISO\INSTALL.LOG MagicDisc 2.7.97-->C:\ARQUIV~1\MAGICD~1\UNWISE.EXE C:\ARQUIV~1\MAGICD~1\INSTALL.LOG Malwarebytes' Anti-Malware-->"C:\Arquivos de programas\Malwarebytes' Anti-Malware\unins000.exe" Messenger Plus! Live-->"C:\Arquivos de programas\Messenger Plus! Live\Uninstall.exe" Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28} Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783} Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40} Microsoft Combat Flight Simulator 3.0-->"C:\Arquivos de programas\Microsoft Games\Combat Flight Simulator 3\UNINSTAL.EXE" /runtemp /addremove Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office Access MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0015-0416-0000-0000000FF1CE} Microsoft Office Enterprise 2007-->"C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE} Microsoft Office Excel MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0016-0416-0000-0000000FF1CE} Microsoft Office Groove MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-00BA-0416-0000-0000000FF1CE} Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0044-0416-0000-0000000FF1CE} Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-00A1-0416-0000-0000000FF1CE} Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-001A-0416-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0018-0416-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-001F-0416-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-002C-0416-0000-0000000FF1CE} Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0019-0416-0000-0000000FF1CE} Microsoft Office Shared MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-006E-0416-0000-0000000FF1CE} Microsoft Office Word MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-001B-0416-0000-0000000FF1CE} Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft SQL Server Compact 3.5 Design Tools ENU-->MsiExec.exe /X{2E5C075E-11AB-4BDD-918C-7B9A68953FF8} Microsoft SQL Server Compact 3.5 ENU-->MsiExec.exe /I{BCC899FE-2DAA-460C-A5FB-60291E73D9C3} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework-->MsiExec.exe /X{B4C0A315-07FB-39F9-85CD-8CE20C019350} Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32-->MsiExec.exe /X{07FCBED5-94C3-4F94-B9D3-360FA27C7B06} MiG-29 Fulcrum-->C:\WINDOWS\IsUninst.exe -f"C:\Arquivos de programas\NovaLogic\MiG-29 Fulcrum\Uninst.isu" Mozilla Firefox (3.0.5)-->C:\Arquivos de programas\Mozilla Firefox\uninstall\helper.exe MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E} MV RegClean 5.5-->"C:\Arquivos de programas\Marcos Velasco Security\MV RegClean 5.5\unins000.exe" Nero 8 Micro 8.2.8.0-->"C:\Arquivos de programas\Nero\unins000.exe" Noiseware Community Edition-->MsiExec.exe /I{92CA58DD-4475-461C-828B-4A832B1EC080} Notebook Hardware Control 2.0 Pre-Release-06-->C:\Arquivos de programas\Notebook Hardware Control\uninst.exe O&O DiskRecovery-->MsiExec.exe /X{53480070-8E5F-4678-B8E0-2525A719DD39} Panda ActiveScan 2.0-->C:\Arquivos de programas\Panda Security\ActiveScan 2.0\as2uninst.exe Pit Trainer-->C:\Program Files\PitTrainer\Uninst.exe Primal Pictures Interactive Foot and Ankle 2-->C:\WINDOWS\IsUninst.exe -f"C:\Arquivos de programas\Primal Pictures\Interactive Foot and Ankle 2\Uninst.isu" Primal Pictures Interactive Hand 2000-->C:\WINDOWS\IsUninst.exe -f"C:\Arquivos de programas\Primal Pictures\Interactive Hand 2000\Uninst.isu" Primal Pictures Interactive Head and Neck-->C:\WINDOWS\IsUninst.exe -f"C:\Arquivos de programas\Primal Pictures\Interactive Head and Neck\Uninst.isu" Primal Pictures Interactive Hip-->C:\WINDOWS\IsUninst.exe -f"C:\Arquivos de programas\Primal Pictures\Interactive Hip\Uninst.isu" Primal Pictures Interactive Knee 1.1-->C:\WINDOWS\IsUninst.exe -f"C:\Arquivos de programas\Primal Pictures\Interactive Knee 1.1\Uninst.isu" Primal Pictures Interactive Pelvis and Perineum-->C:\WINDOWS\IsUninst.exe -f"C:\Arquivos de programas\Primal Pictures\Interactive Pelvis and Perineum\Uninst.isu" Primal Pictures Interactive Spine-->C:\WINDOWS\IsUninst.exe -f"C:\Arquivos de programas\Primal Pictures\Interactive Spine\Uninst.isu" Primal Pictures Interactive Thorax and Abdomen-->C:\WINDOWS\IsUninst.exe -f"C:\Arquivos de programas\Primal Pictures\Interactive Thorax and Abdomen\Uninst.isu" QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log Realtek High Definition Audio Driver-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x416 -removeonly RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\Setup.exe" -l0x816 anything Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85} Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7} Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2} Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B} Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4} Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77} Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85} Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F} Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC} Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C} Sierra Utilities-->C:\Arquivos de programas\Sierra On-Line\sutil32.exe uninstall SimCity™ Sociedades Destinos-->MsiExec.exe /X{D1C7BB12-BE01-11DC-AAC9-EEBA55D89593} SimCity™ Sociedades-->C:\Arquivos de programas\Electronic Arts\SimCity™ Sociedades\SCS Uninstaller.exe -FromAddRemove SimCity™ Sociedades-->MsiExec.exe /X{0B5154C0-8F00-4616-B0AB-6240AE80D9CE} Sjboy Beta4-->"C:\Arquivos de programas\Sjboy Emulator\unins000.exe" Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82} SoftPerfect Bandwidth Manager 2.6-->"C:\Arquivos de programas\SoftPerfect Bandwidth Manager\unins000.exe" Software WIDCOMM Bluetooth-->MsiExec.exe /X{84814E6B-2581-46EC-926A-823BD1C670F6} Sonic Foundry XFX 1 Plug-In Pack-->C:\WINDOWS\IsUninst.exe -f"C:\Arquivos de programas\Sonic Foundry Plug-Ins\sfppack1.isu" -c"C:\Arquivos de programas\Sonic Foundry Plug-Ins\sfis.dll" -z"XFX 1" Sony Ericsson Device Data-->MsiExec.exe /I{C92E7DF1-624A-4D95-A4C4-18CB491B44A4} Sony Ericsson Drivers-->MsiExec.exe /I{C60BA916-9E44-4DA4-B11A-9E27B7624EF5} Sony Ericsson PC Suite-->C:\WINDOWS\Installer\{D6BF6477-8369-489F-8DE6-3731F4B88560}\Setup.exe /uninstall Sony Ericsson PC Suite-->MsiExec.exe /I{25BEC3AB-5CD4-481D-9143-215C1BBB189E} Sony Vegas Pro 8.0-->MsiExec.exe /X{B7E2A724-2774-4AC2-9F0A-B58C7319B6E6} SpywareBlaster 4.1-->"C:\Arquivos de programas\SpywareBlaster\unins000.exe" Statdisk V8.4-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{3BEB810E-C39F-4BAA-84EF-799F7E4F62D7}\setup.exe" -l0x9 STATISTICA 6-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Arquivos de programas\StatSoft\STATISTICA 6\Setup\setup.exe" Stellarium 0.10.0-->"C:\Arquivos de programas\Stellarium\unins000.exe" SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} sXe Injected-->"C:\Arquivos de programas\sXe Injected\uninstall.exe" Synaptics Pointing Device Driver-->rundll32.exe "C:\Arquivos de programas\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall System Requirements Lab-->C:\Arquivos de programas\SystemRequirementsLab\Uninstall.exe TallStick TS-AudioToMIDI 3.30 (remove only)-->"C:\Arquivos de programas\TallStick\TS-AudioToMIDI 3.30\Uninstall.exe" Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756} Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278} Update for Outlook 2007 Junk Email Filter (kb958619)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {79B301C1-DBC0-467C-AFDA-2A6CDAFA4302} Virtual Earth 3D (Beta)-->MsiExec.exe /I{3CCB26F5-E2A7-4C91-8340-9149D7B7C2BE} WildPackets OmniPeek Personal 4.1-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{92BBD5BF-2AE3-42F6-8440-4B2FAC4C7F05}\setup.exe" -l0x9 -removeonly WinAVI Video Converter-->"C:\Arquivos de programas\WinAVI Video Converter\unins000.exe" Winbond CIR Device Drivers-->MsiExec.exe /I{755F77D1-717E-4D7D-BF21-D3EB63906365} Windows Driver Package - Winbond Electronics Corporation (winbondcir) HIDClass (03/27/2007 7.1.62.2012)-->C:\ARQUIV~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPInstx86.exe /u C:\WINDOWS\system32\DRVSTORE\winbondcir_D92CA0CEFE77CD7B69F80D2D22D75F0B81A59646\winbondcir.inf Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe" Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe" Windows Live installer-->MsiExec.exe /X{3A417047-2E30-4D05-8977-F706D40BFF39} Windows Live Messenger-->MsiExec.exe /X{8EADB73B-026D-4978-A8F0-1EEF5E1ECEC7} Windows Media Format 11 runtime-->"C:\Arquivos de programas\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\Arquivos de programas\Windows Media Player\Setup_wm.exe" /Uninstall Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" =====HijackThis Backups===== O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O4 - HKCU\..\Run: [EXPLORER.EXE] EXPLORER.EXE O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) ======Hosts File====== 127.0.0.1 localhost ======Security center information====== AV: Avira AntiVir PersonalEdition System event log Computer Name: USER-171B3D10A3 Event Code: 7035 Message: O serviço Gerenciador de conexão de acesso remoto recebeu com êxito um controle Iniciar. Record Number: 26061 Source Name: Service Control Manager Time Written: 20081212103234.000000-180 Event Type: Informações User: USER-171B3D10A3\Administrador Computer Name: USER-171B3D10A3 Event Code: 7036 Message: O serviço Telefonia entrou no estado executando. Record Number: 26060 Source Name: Service Control Manager Time Written: 20081212103234.000000-180 Event Type: Informações User: Computer Name: USER-171B3D10A3 Event Code: 7036 Message: O serviço Compatibilidade com 'Troca rápida de usuário' entrou no estado executando. Record Number: 26059 Source Name: Service Control Manager Time Written: 20081212103234.000000-180 Event Type: Informações User: Computer Name: USER-171B3D10A3 Event Code: 7035 Message: O serviço Compatibilidade com 'Troca rápida de usuário' recebeu com êxito um controle Iniciar. Record Number: 26058 Source Name: Service Control Manager Time Written: 20081212103234.000000-180 Event Type: Informações User: AUTORIDADE NT\SYSTEM Computer Name: USER-171B3D10A3 Event Code: 7036 Message: O serviço Serviços de terminal entrou no estado executando. Record Number: 26057 Source Name: Service Control Manager Time Written: 20081212103234.000000-180 Event Type: Informações User: Application event log Computer Name: USER-171B3D10A3 Event Code: 4096 Message: Record Number: 5825 Source Name: Avira AntiVir Time Written: 20081118150027.000000-180 Event Type: Informações User: AUTORIDADE NT\SYSTEM Computer Name: USER-171B3D10A3 Event Code: 1800 Message: O Serviço da Central de Segurança do Windows foi iniciado. Record Number: 5824 Source Name: SecurityCenter Time Written: 20081118150024.000000-180 Event Type: Informações User: Computer Name: USER-171B3D10A3 Event Code: 0 Message: Record Number: 5823 Source Name: btwdins Time Written: 20081118150010.000000-180 Event Type: Informações User: Computer Name: USER-171B3D10A3 Event Code: 4113 Message: Record Number: 5822 Source Name: Avira AntiVir Time Written: 20081118131051.000000-180 Event Type: aviso User: AUTORIDADE NT\SYSTEM Computer Name: USER-171B3D10A3 Event Code: 101 Message: msnmsgr (1772) O mecanismo de banco de dados parou. Record Number: 5821 Source Name: ESENT Time Written: 20081118125520.000000-180 Event Type: Informações User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Arquivos de programas\Arquivos comuns\Autodesk Shared;C:\Arquivos de programas\Arquivos comuns\Teleca Shared "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel "PROCESSOR_REVISION"=0f0d "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP -----------------EOF----------------- --------------------

joram Visualizar perfil	22/12/08 Post #8
Grupo: Colaboradores Ilustres Posts: 2.458 De: Bangu-Rio de Janeiro	Bom Dia! rjng_jau <!> O relatório mostrou infecções,provenientes de unidades removíveis. -------------------------- <@> Baixe: < UsbFix.exe > ( ...par Chiquitine29 et Chimay8 ) <@> Salve-o no Desktop! <@> Desabilite,temporariamente,seus programas de proteção. <-- ( antivírus,antispyware e firewall ) <@> Instale-o e execute-o,com um duplo-clique em UsbFix.exe. <@> Surgirá uma mensagem,pedindo que seja conectada sua(s) mídia(s) removíveis,ao computador. ( pendrive,mp3,mp4,iPods,etc... ) <@> Aceite a solicitação,e dê o Ok. --> À seguir clique,novamente,em Ok. <@> O computador irá reiniciar. <-- Aguarde! <@> Terminando,clique em "Continue" e aguarde a finalização da ferramenta. <@> Ps: Não desconecte,ainda,sua(s) mídia(s) removíveis! <-- Importante! <@> Surgirá a mensagem: "Nettoyage effectue" --> Aperte Enter. <@> Poste o relatório,que estará em: C:\UsbFix.txt + HijackThis,atualizado. Abraços! -------------------- < DigRam >

« Próximo mais velho · Malwares · Próximo mais novo »

Reply to this topic

1 usuário(s) está(ão) lendo este tópico (1 visitantes e 0 usuários anônimos)

0 membros:

5 imagens de fundo para o seu computador

Tópicos Similares

Tópicos Similares

	Tópico	Respostas	Quem iniciou o tópico	Visualizações	Última postagem
	Malware para Android é destaque em ranking da ESET	0	Sid Vicious	8	Ontem, 04:32 PM Postado por: Sid Vicious
	Malware usa certificado digital da Kaspersky	0	Sid Vicious	32	6/08/10 - 10:45 Postado por: Sid Vicious
	Malwarebytes Anti Malware	2	rdl4	415	22/06/10 - 21:18 Postado por: rdl4
	Malware dogma.exe?	8	Glaurion	219	21/05/10 - 00:19 Postado por: Glaurion
	Malware se espalha pelo Yahoo! Messenger	0	Sid Vicious	117	7/05/10 - 08:49 Postado por: Sid Vicious

Modos de Exibição: Padrão · Mudar para: Linear+ · Mudar para: Outline

Assinar este tópico · Enviar este tópico · Imprimir este tópico · Assinar este fórum

Data: 2/09/10 - 17:52