Hi
!!!
Thanks so much to helping me !!!
Here´s the Log of Rsit
Logfile of random's system information tool 1.06 (written by random/random)
Run by Aires at 2010-02-28 12:14:38
Microsoft® Windows Vista™ Ultimate Service Pack 2
System drive C: has 77 GB (54%) free of 143 GB
Total RAM: 2047 MB (39% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:15:09, on 28-02-2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal
Running processes:
C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\P4P\P4P.exe
C:\Program Files\ASUS\ASUS Direct Console\LCMP.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SetPoint\SetPoint.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Users\Aires\Desktop\RSIT.exe
C:\Program Files\trend micro\Aires.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.asus.comR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.lockerz.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.asus.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [PowerForPhone] "C:\Program Files\P4P\P4P.exe"
O4 - HKLM\..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
O4 - HKLM\..\Run: [DirectMessenger] "C:\Program Files\ASUS\ASUS Direct Console\LCMP.EXE"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Serviço de rede')
O4 - Global Startup: SetPoint.lnk = C:\Program Files\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Unibet - {00000000-0000-0000-0000-000000000000} - (no file) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) -
http://messenger.zone.msn.com/binary/ms ... b56986.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/Me ... b56907.cabO16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) -
http://messenger.zone.msn.com/binary/Mi ... b56986.cabO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Gruss Software Ltd: Betting Assistant update permissions manager. 30256. - Unknown owner - C:\Program Files\Betting Assistant\AUClient.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Logitech, Inc. - (no file)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
--
End of file - 9059 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Malwarebytes' Scheduled Scan for Aires.job
C:\Windows\tasks\Malwarebytes' Scheduled Update for Aires.job
C:\Windows\tasks\Registry Winner Schedule.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll [2009-12-10 394608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\IPSBHO.DLL [2009-11-17 79224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programa Auxiliar de Início de Sessão do Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-02-15 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll [2009-12-10 394608]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-07-06 4669440]
"Skytel"=C:\Windows\Skytel.exe [2007-06-15 1826816]
"SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2006-11-21 630784]
"JMB36X IDE Setup"=C:\Windows\RaidTool\xInsIDE.exe [2007-03-20 36864]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-03-01 857648]
"ATKMEDIA"=C:\Program Files\ASUS\ATK Media\DMEDIA.EXE [2006-11-02 61440]
"PowerForPhone"=C:\Program Files\P4P\P4P.exe [2007-08-03 778240]
"IaNvSrv"=C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe [2007-07-24 33304]
"DirectMessenger"=C:\Program Files\ASUS\ASUS Direct Console\LCMP.EXE [2007-07-21 988160]
"Kernel and Hardware Abstraction Layer"=C:\Windows\KHALMNPR.EXE [2007-04-11 56080]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2007-07-24 174616]
"Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2007-06-06 86016]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-06-06 8433664]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-06-06 81920]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-01-07 1394000]
"Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdSync.exe [2006-11-02 215552]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-01-07 429392]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-01-11 246504]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
SetPoint.lnk - C:\Program Files\SetPoint\SetPoint.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll [2007-07-20 233888]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{29b0268f-62fc-11de-8063-001d60c4491e}]
shell\AutoRun\command - H:\CALC.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a4db9ad9-c545-11de-afec-001d60c4491e}]
shell\AutoRun\command - G:\autorun.exe
======List of files/folders created in the last 3 months======
2010-02-28 12:14:46 ----D---- C:\Program Files\trend micro
2010-02-28 12:14:38 ----D---- C:\rsit
2010-02-27 22:30:42 ----D---- C:\Program Files\BeloSoft
2010-02-26 23:35:25 ----D---- C:\Program Files\City Interactive
2010-02-24 12:33:33 ----A---- C:\Windows\system32\tzres.dll
2010-02-15 23:06:35 ----D---- C:\ProgramData\Sun
2010-02-15 23:06:18 ----D---- C:\Program Files\Common Files\Java
2010-02-15 23:05:23 ----A---- C:\Windows\system32\javaws.exe
2010-02-15 23:05:23 ----A---- C:\Windows\system32\javaw.exe
2010-02-15 23:05:23 ----A---- C:\Windows\system32\deploytk.dll
2010-02-15 23:05:22 ----A---- C:\Windows\system32\java.exe
2010-02-15 23:04:27 ----D---- C:\Program Files\Java
2010-02-15 05:04:41 ----A---- C:\Windows\system32\acovcnt.exe
2010-02-14 00:00:48 ----D---- C:\Program Files\TrendMicro
2010-02-13 18:21:55 ----A---- C:\Windows\ScanSpyware.INI
2010-02-13 17:37:14 ----D---- C:\Users\Aires\AppData\Roaming\ScanSpyware
2010-02-10 06:25:10 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-02-10 06:25:10 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-02-10 06:24:59 ----A---- C:\Windows\system32\quartz.dll
2010-02-10 06:24:58 ----A---- C:\Windows\system32\tsbyuv.dll
2010-02-10 06:24:58 ----A---- C:\Windows\system32\msyuv.dll
2010-02-10 06:24:58 ----A---- C:\Windows\system32\msvidc32.dll
2010-02-10 06:24:58 ----A---- C:\Windows\system32\msrle32.dll
2010-02-10 06:24:58 ----A---- C:\Windows\system32\iyuv_32.dll
2010-02-10 06:24:57 ----A---- C:\Windows\system32\msvfw32.dll
2010-02-10 06:24:57 ----A---- C:\Windows\system32\mciavi32.dll
2010-02-10 06:24:57 ----A---- C:\Windows\system32\avifil32.dll
2010-02-08 13:27:11 ----D---- C:\ProgramData\TamoSoft
2010-02-07 23:51:29 ----D---- C:\Program Files\InCode Solutions
2010-02-04 00:27:13 ----D---- C:\Program Files\CCleaner
2010-01-31 14:17:44 ----D---- C:\Program Files\Symantec
2010-01-31 14:16:45 ----D---- C:\Program Files\Norton Internet Security
2010-01-31 14:16:27 ----D---- C:\Program Files\NortonInstaller
2010-01-29 03:35:41 ----D---- C:\Users\Aires\AppData\Roaming\BetFairAndSquare
2010-01-29 03:35:41 ----D---- C:\Program Files\BetFairAndSquare Exchange Simulator
2010-01-29 03:27:45 ----D---- C:\Program Files\Microsoft SQL Server
2010-01-27 11:21:12 ----D---- C:\Users\Aires\AppData\Roaming\Betting Assistant
2010-01-27 11:21:12 ----D---- C:\temp
2010-01-27 11:20:25 ----D---- C:\Program Files\Betting Assistant
2010-01-25 23:34:01 ----D---- C:\Program Files\Chat Republic Games
2010-01-23 16:35:18 ----A---- C:\Windows\ATKPF.ini
2010-01-22 10:17:51 ----A---- C:\Windows\system32\wininet.dll
2010-01-22 10:17:51 ----A---- C:\Windows\system32\mshtml.dll
2010-01-22 10:17:50 ----A---- C:\Windows\system32\urlmon.dll
2010-01-22 10:17:49 ----A---- C:\Windows\system32\ieframe.dll
2010-01-22 10:17:48 ----A---- C:\Windows\system32\ieui.dll
2010-01-22 10:17:48 ----A---- C:\Windows\system32\iepeers.dll
2010-01-22 10:17:48 ----A---- C:\Windows\system32\ieencode.dll
2010-01-22 10:17:47 ----A---- C:\Windows\system32\ieapfltr.dll
2010-01-18 19:01:52 ----D---- C:\Users\Aires\AppData\Roaming\SmartVoip
2010-01-18 18:59:55 ----D---- C:\Program Files\SmartVoip.com
2010-01-16 18:56:17 ----D---- C:\Program Files\Common Files\Innovative Solutions
2010-01-16 16:31:46 ----SH---- C:\Windows\system32\SC.dll
2010-01-16 15:46:17 ----D---- C:\Windows\system32\xlive
2010-01-16 15:46:16 ----D---- C:\Program Files\Microsoft Games for Windows - LIVE
2010-01-15 17:31:59 ----D---- C:\Windows\system32\Adobe
2010-01-13 09:22:22 ----A---- C:\Windows\system32\t2embed.dll
2010-01-13 09:22:22 ----A---- C:\Windows\system32\fontsub.dll
2010-01-11 16:23:00 ----D---- C:\Users\Aires\AppData\Roaming\Microgaming
2010-01-08 12:49:05 ----D---- C:\Program Files\bfbotmanager.com4
2010-01-08 12:48:43 ----D---- C:\Program Files\bfbotmanager.com3
2010-01-06 16:48:49 ----D---- C:\Program Files\bfbotmanager.com2
2010-01-02 11:20:39 ----D---- C:\Program Files\bfbotmanager.com
2009-12-30 07:17:51 ----D---- C:\Users\Aires\AppData\Roaming\smc
2009-12-09 15:50:43 ----A---- C:\Windows\system32\iisrstap.dll
2009-12-09 15:50:43 ----A---- C:\Windows\system32\iisreset.exe
2009-12-09 15:50:42 ----A---- C:\Windows\system32\iisRtl.dll
2009-12-09 15:50:41 ----A---- C:\Windows\system32\nshhttp.dll
2009-12-09 15:50:40 ----A---- C:\Windows\system32\ahadmin.dll
2009-12-09 15:50:40 ----A---- C:\Windows\system32\admwprox.dll
2009-12-09 15:50:38 ----A---- C:\Windows\system32\httpapi.dll
2009-12-09 15:50:36 ----A---- C:\Windows\system32\wamregps.dll
2009-12-09 06:41:36 ----A---- C:\Windows\system32\winhttp.dll
2009-12-09 06:40:52 ----A---- C:\Windows\system32\rastls.dll
2009-11-30 23:12:24 ----D---- C:\ProgramData\Boss Media
======List of files/folders modified in the last 3 months======
2010-02-28 12:14:46 ----RD---- C:\Program Files
2010-02-28 12:14:44 ----D---- C:\Windows\Temp
2010-02-28 06:12:29 ----D---- C:\Windows\system32\drivers
2010-02-28 05:34:23 ----SHD---- C:\System Volume Information
2010-02-27 22:30:48 ----SHD---- C:\Windows\Installer
2010-02-27 21:52:32 ----AD---- C:\Windows\System32
2010-02-27 21:52:32 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-02-27 21:52:31 ----D---- C:\Windows\inf
2010-02-26 23:45:40 ----D---- C:\Windows
2010-02-25 11:21:42 ----D---- C:\Windows\rescache
2010-02-25 00:34:57 ----D---- C:\Windows\winsxs
2010-02-25 00:34:56 ----D---- C:\Windows\system32\pt-PT
2010-02-25 00:34:56 ----D---- C:\Windows\system32\es-ES
2010-02-25 00:34:56 ----D---- C:\Windows\system32\en-US
2010-02-25 00:19:46 ----A---- C:\Windows\system32\PnkBstrB.exe
2010-02-24 12:30:49 ----D---- C:\Windows\system32\catroot
2010-02-24 12:30:46 ----D---- C:\Windows\system32\catroot2
2010-02-22 11:28:18 ----D---- C:\Windows\Prefetch
2010-02-22 11:23:51 ----D---- C:\Program Files\Mozilla Firefox
2010-02-19 17:30:12 ----D---- C:\ProgramData\Microsoft Help
2010-02-15 23:06:35 ----HD---- C:\ProgramData
2010-02-15 23:06:18 ----D---- C:\Program Files\Common Files
2010-02-13 20:59:14 ----D---- C:\Windows\Debug
2010-02-12 19:03:52 ----D---- C:\Users\Aires\AppData\Roaming\IObit
2010-02-09 11:49:14 ----D---- C:\SPDISK
2010-02-03 12:39:02 ----D---- C:\Windows\system32\config
2010-02-01 20:26:20 ----A---- C:\Windows\system32\mrt.exe
2010-02-01 11:51:19 ----D---- C:\Windows\system32\Tasks
2010-01-31 14:17:45 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-01-31 14:16:45 ----D---- C:\ProgramData\Norton
2010-01-31 14:16:34 ----D---- C:\ProgramData\NortonInstaller
2010-01-29 03:33:44 ----RSD---- C:\Windows\assembly
2010-01-29 03:32:04 ----D---- C:\Program Files\Common Files\microsoft shared
2010-01-29 03:32:03 ----D---- C:\Program Files\Microsoft.NET
2010-01-28 11:55:50 ----SD---- C:\Users\Aires\AppData\Roaming\Microsoft
2010-01-17 23:18:49 ----D---- C:\Windows\Tasks
2010-01-16 20:39:10 ----D---- C:\Users\Aires\AppData\Roaming\Tropico 3
2010-01-16 18:59:46 ----D---- C:\Program Files\Innovative Solutions
2010-01-16 18:56:14 ----D---- C:\ProgramData\Innovative Solutions
2010-01-15 23:37:20 ----D---- C:\Program Files\IObit
2010-01-09 04:56:45 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-07 23:19:45 ----SD---- C:\Windows\Downloaded Program Files
2009-12-09 16:39:01 ----D---- C:\Windows\system32\migration
2009-12-09 16:39:00 ----D---- C:\Windows\system32\inetsrv
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 BHDrvx86;BHDrvx86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100211.001\BHDrvx86.sys [2010-02-11 536112]
R1 ccHP;Symantec Hash Provider; C:\Windows\system32\drivers\NIS\1105000.07F\ccHPx86.sys [2009-12-09 501888]
R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2009-04-11 351744]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2009-08-29 371248]
R1 IDSVix86;IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100224.002\IDSvix86.sys [2009-10-28 343088]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2009-07-27 58908]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\Windows\system32\drivers\NIS\1105000.07F\SRTSPX.SYS [2009-12-03 43696]
R1 SymIRON;Symantec Iron Driver; C:\Windows\system32\drivers\NIS\1105000.07F\Ironx86.SYS [2009-11-26 116272]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver; C:\Windows\System32\Drivers\NIS\1105000.07F\SYMTDIV.SYS [2009-11-22 340016]
R2 ASMMAP;ASMMAP; \??\C:\Program Files\ATKGFNEX\ASMMAP.sys [2007-07-24 13880]
R2 ghaio;ghaio; \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [2007-08-03 20936]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-24 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-03-22 37376]
R3 CmBatt;Controlador Microsoft ACPI Control Method Battery; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-08-29 102448]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-07-18 1841312]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2007-01-24 5632]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2007-04-11 34832]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2007-04-11 36112]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\Windows\System32\Drivers\LUsbFilt.Sys [2007-04-11 28688]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2010-01-07 19160]
R3 MODEMCSA;Dispositivo de filtro de fluxo Unimodem; C:\Windows\system32\drivers\MODEMCSA.sys [2008-01-19 18432]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2006-12-13 7680]
R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100227.025\NAVENG.SYS [2010-02-04 84912]
R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100227.025\NAVEX15.SYS [2010-02-04 1324720]
R3 NETw4v32;Controlador do Adaptador da ligação WiFi sem fios Intel(R) para Windows Vista 32 Bits; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-06-20 2222080]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-06-06 7120768]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-03-05 76288]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-21 982272]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2007-05-25 1743232]
R3 SRTSP;Symantec Real Time Storage Protection; C:\Windows\System32\Drivers\NIS\1105000.07F\SRTSP.SYS [2009-12-03 325168]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2010-01-31 124976]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-03-01 182456]
S3 a54iyyfn;a54iyyfn; C:\Windows\system32\drivers\a54iyyfn.sys []
S3 BthEnum;Serviço enumerador Bluetooth; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Dispositivo Bluetooth (Rede de área pessoal); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160]
S3 BTHPORT;Controlador de porta Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904]
S3 BTHUSB;Controlador USB de rádio Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]
S3 drmkaud;Microsoft Kernel DRM Descrambler Filter; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-19 1380864]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760]
S3 RFCOMM;Dispositivo Bluetooth (TDI protocolo RFCOMM); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys [2006-11-02 41064]
S3 usb_rndisx;Adaptador RNDIS USB; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-04-11 15872]
S3 usbvideo;Dispositivo de vídeo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ADSMService;ADSM Service; C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe [2007-05-18 73728]
R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 ASLDRService;ASLDR Service; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [2007-02-06 94208]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-08-08 94208]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 Gruss Software Ltd: Betting Assistant update permissions manager. 30256.;Gruss Software Ltd: Betting Assistant update permissions manager. 30256.; C:\Program Files\Betting Assistant\AUClient.exe [2008-01-09 622592]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2007-07-24 354840]
R2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-01-07 236368]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-25 29263712]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-30 935208]
R2 NetPipeActivator;@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2009-02-18 129880]
R2 NetTcpActivator;@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2009-02-18 129880]
R2 NIS;Norton Internet Security; C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe [2009-12-09 126392]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-10-01 66872]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 spmgr;spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [2007-08-03 125496]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
R2 W3SVC;@%windir%\system32\inetsrv\iisres.dll,-30003; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2008-01-19 523776]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2009-04-11 918528]
S4 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-25 45408]
S4 NetMsmqActivator;@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2009-02-18 129880]
S4 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-25 239968]
S4 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-19 21504]
-----------------EOF-----------------
And here is the Info log:info.txt logfile of random's system information tool 1.06 2010-02-28 12:15:18
======Uninstall list======
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
ABC (remove only)-->C:\Program Files\ABC\Uninstall.exe
AC3Filter (remove only)-->C:\Program Files\AC3Filter\uninstall.exe
Actualização do Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0816-0000-0000000FF1CE} /uninstall {CCDE3C71-5F35-477F-BA90-1A399C91C10C}
Actualização do Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0816-0000-0000000FF1CE} /uninstall {CF0BC77F-1B63-44BF-BCFE-3A8CBB9077D1}
Actualização do Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0816-0000-0000000FF1CE} /uninstall {A1A8C49E-BB40-4852-853E-B5A1F6BB2A3C}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
Advanced SystemCare 3-->"C:\Program Files\IObit\Advanced SystemCare 3\unins000.exe"
Assistente de Início de Sessão do Windows Live-->MsiExec.exe /I{28DA1AA2-07F2-4451-A28B-A6A01A9CE8E9}
ASUS Data Security Manager-->C:\Program Files\InstallShield Installation Information\{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}\SETUP.exe -runfromtemp -l0x0009 -removeonly
ASUS Direct Console-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{064F2D10-83D0-4040-B5B7-BD22BFEB65A2}\SETUP.EXE" -l0x9
ASUS InstantFun-->MsiExec.exe /I{57B15AD4-8C9D-4164-82BB-E33D8644E757}
ASUS Live Update-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}\setup.exe" -l0x9
ASUS Splendid Video Enhancement Technology-->C:\Program Files\InstallShield Installation Information\{C0FC1C14-4824-4A73-87A6-9E888C9C3102}\SETUP.exe -runfromtemp -l0x0009 -removeonly
ATK Generic Function Service-->C:\Program Files\InstallShield Installation Information\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}\SETUP.exe -runfromtemp -l0x0009 -removeonly
ATK Hotkey-->C:\Program Files\InstallShield Installation Information\{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}\SETUP.exe -runfromtemp -l0x0009 -removeonly
ATK Media-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}\SETUP.EXE" -l0x9
ATKOSD2-->C:\Program Files\InstallShield Installation Information\{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}\SETUP.exe -runfromtemp -l0x0009 -removeonly
BetFairAndSquare Exchange Simulator-->MsiExec.exe /I{DCFD9DF7-EA14-48D8-AE76-AF1B84CCB53F}
Betting Assistant-->MsiExec.exe /I{CA48BCFD-9615-42B7-9E3A-A672CE023843}
Bf Bot Manager v1-->MsiExec.exe /I{EC966A7F-13C4-4A16-A35B-D9EF9E798D79}
Bf Bot Manager v2-->MsiExec.exe /I{529889C0-FE3B-4C43-ADF3-7992B55F2C9B}
Bfexplorer-->MsiExec.exe /I{36B03711-528B-427C-8C09-19C1455E7768}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
CDDRV_Installer-->MsiExec.exe /I{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Esquemas de Som do Windows-->RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\UltSound.inf,Uninstall
Ferramenta de Carregamento do Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
ffdshow [rev 3014] [2009-06-20]-->"C:\Program Files\ffdshow\unins000.exe"
Football Manager 2010-->"C:\Program Files\Sports Interactive\Football Manager 2010\Uninstall_Football Manager 2010\Uninstall Football Manager 2010.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
HiJackThis-->MsiExec.exe /X{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Intel® Turbo Memory e Intel® Matrix Storage Manager-->C:\Windows\system32\imsmudlg.exe -uninstall
Java(TM) 6 Update 18-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216018FF}
JMB36X Raid Configurer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\SETUP.exe" -l0x9 -removeonly
KhalInstallWrapper-->MsiExec.exe /I{56918C0C-0D87-4CA6-92BF-4975A43AC719}
LifeFrame2-->MsiExec.exe /I{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 3.5 Language Pack SP1 - esn-->MsiExec.exe /I{92E4A65F-7007-3357-A69A-167F71A337BD}
Microsoft .NET Framework 3.5 Language Pack SP1 - PTG-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - ptg\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - ptg-->MsiExec.exe /I{7B1DBCBE-DF17-3B58-844C-F572F70EF5C4}
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4D243BA7-9AC4-46D1-90E5-EEB88974F501}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0816-0000-0000000FF1CE} /uninstall {C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0816-0000-0000000FF1CE} /uninstall {C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0816-0000-0000000FF1CE} /uninstall {C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0816-0000-0000000FF1CE} /uninstall {C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0816-0000-0000000FF1CE} /uninstall {C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0816-0000-0000000FF1CE} /uninstall {C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0816-0000-0000000FF1CE} /uninstall {C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0816-0000-0000000FF1CE} /uninstall {A8523DA4-5563-4F0E-BD9D-4E4CC3CF7239}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0816-0000-0000000FF1CE} /uninstall {C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0816-0000-0000000FF1CE} /uninstall {C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}
Microsoft Office Access MUI (Portuguese (Portugal)) 2007-->MsiExec.exe /X{90120000-0015-0816-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Portuguese (Portugal)) 2007-->MsiExec.exe /X{90120000-0016-0816-0000-0000000FF1CE}
Microsoft Office Groove MUI (Portuguese (Portugal)) 2007-->MsiExec.exe /X{90120000-00BA-0816-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Portuguese (Portugal)) 2007-->MsiExec.exe /X{90120000-0044-0816-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Portuguese (Portugal)) 2007-->MsiExec.exe /X{90120000-00A1-0816-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Portuguese (Portugal)) 2007-->MsiExec.exe /X{90120000-001A-0816-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Portuguese (Portugal)) 2007-->MsiExec.exe /X{90120000-0018-0816-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Portuguese (Portugal)) 2007-->MsiExec.exe /X{90120000-001F-0816-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (Portuguese (Portugal)) 2007-->MsiExec.exe /X{90120000-002C-0816-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0816-0000-0000000FF1CE} /uninstall {C312E1CD-EC19-4270-A072-F36F634DFF79}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (Portuguese (Portugal)) 2007-->MsiExec.exe /X{90120000-0019-0816-0000-0000000FF1CE}
Microsoft Office Shared MUI (Portuguese (Portugal)) 2007-->MsiExec.exe /X{90120000-006E-0816-0000-0000000FF1CE}
Microsoft Office Word MUI (Portuguese (Portugal)) 2007-->MsiExec.exe /X{90120000-001B-0816-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)-->MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005-->"c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Native Client-->MsiExec.exe /I{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{56B4002F-671C-49F4-984C-C760FE3806B5}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Motorola SM56 Speakerphone Modem-->rundll32.exe sm56co6a.dll,SM56UnInstaller
Mozilla Firefox (3.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MV AntiSpy 4.0-->"C:\Program Files\Marcos Velasco Security\MV AntiSpy 4.0\unins000.exe"
MV RegClean 5.9 (Portugal)-->"C:\Program Files\Marcos Velasco Security\MV RegClean 5.9 (Portugal)\unins000.exe"
NB Probe-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}\setup.exe" -l0x9
Need for Speed™ Undercover-->MsiExec.exe /X{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}
Nero 9-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="9M03-01A1-PCX7-K31A-8A94-98PT-KT2E-522A"
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Norton Internet Security-->C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.5.0.127\InstStub.exe /X
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
P4P-->C:\Program Files\InstallShield Installation Information\{FC3D290D-79BE-44B7-ABF9-FDD110925930}\setup.exe -runfromtemp -l0x0009 -removeonly
Paquete de idioma de Microsoft .NET Framework 3.5 SP1 - esn-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - esn\setup.exe
Power4Gear eXtreme-->C:\Program Files\InstallShield Installation Information\{8CFEBE9C-F29F-4C49-80E0-7106970F8734}\setup.exe -runfromtemp -l0x0009 -removeonly
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
Real Alternative 1.9.0-->"C:\Program Files\Real Alternative\unins000.exe"
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
RemoveIT Pro v4 - SE-->C:\PROGRA~1\INCODE~1\REMOVE~1\UNWISE.EXE C:\PROGRA~1\INCODE~1\REMOVE~1\INSTALL.LOG
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\SETUP.EXE" -l0x9 anything
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F}
Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE}
Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
SetPoint-->C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe -runfromtemp -l0x0816 -removeonly
Smart Defrag-->"C:\Program Files\IObit\IObit SmartDefrag\unins000.exe"
SmartVoip-->"C:\Program Files\SmartVoip.com\SmartVoip\unins000.exe"
Sniper: Art of Victory-->"C:\Program Files\City Interactive\Sniper - Art of Victory\unins000.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Ultimate Extras sounds from Microsoft® Tinker™-->RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\UltSound2.inf,Uninstall
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}
Update for Outlook 2007 Junk Email Filter (kb977839)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C568005C-5FC6-4C81-A664-BD136610A931}
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
VistaFeaturePack-->C:\Program Files\InstallShield Installation Information\{D7E04009-B191-4E9D-9D2D-1BBE57BD8A42}\setup.exe -runfromtemp -l0x0409
Windows Live Call-->MsiExec.exe /I{418001D0-F48E-4910-966C-0DCCC996A87A}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{50CEA963-2745-46A8-BE71-767F2B36FEF2}
Windows Live Messenger-->MsiExec.exe /X{20B05668-C9F0-4469-AEF4-14DF41D6ACB6}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinFlash-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE10AB76-4756-4913-BE25-55D1C1051F9A}\setup.exe" -l0x9
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Wireless Console 2-->C:\Program Files\InstallShield Installation Information\{83F73CB1-7705-49D1-9852-84D839CA2A45}\SETUP.exe -runfromtemp -l0x0009 -removeonly
======Hosts File======
127.0.0.1 mynortonaccount.conxion.com
127.0.0.1
www.mynortonaccount.com======Security center information======
AS: Windows Defender
======System event log======
Computer Name: WifiLap
Event Code: 4383
Message: A Manutenção do Windows concluiu o processo de alteração da actualização 948609-1349_neutral_LDR do pacote KB948609 (Update) para o estado A Resolver(Resolving)
Record Number: 120761
Source Name: Microsoft-Windows-Servicing
Time Written: 20091103224644.000000-000
Event Type: Informações
User: WifiLap\Aires
Computer Name: WifiLap
Event Code: 4383
Message: A Manutenção do Windows concluiu o processo de alteração da actualização 948609-1348_neutral_GDR do pacote KB948609 (Update) para o estado A Resolver(Resolving)
Record Number: 120760
Source Name: Microsoft-Windows-Servicing
Time Written: 20091103224644.000000-000
Event Type: Informações
User: WifiLap\Aires
Computer Name: WifiLap
Event Code: 4383
Message: A Manutenção do Windows concluiu o processo de alteração da actualização 948609-1347_neutral_LDR do pacote KB948609 (Update) para o estado A Resolver(Resolving)
Record Number: 120759
Source Name: Microsoft-Windows-Servicing
Time Written: 20091103224644.000000-000
Event Type: Informações
User: WifiLap\Aires
Computer Name: WifiLap
Event Code: 4383
Message: A Manutenção do Windows concluiu o processo de alteração da actualização 948609-1346_neutral_GDR do pacote KB948609 (Update) para o estado A Resolver(Resolving)
Record Number: 120758
Source Name: Microsoft-Windows-Servicing
Time Written: 20091103224644.000000-000
Event Type: Informações
User: WifiLap\Aires
Computer Name: WifiLap
Event Code: 4383
Message: A Manutenção do Windows concluiu o processo de alteração da actualização 948609-1345_neutral_LDR do pacote KB948609 (Update) para o estado A Resolver(Resolving)
Record Number: 120757
Source Name: Microsoft-Windows-Servicing
Time Written: 20091103224644.000000-000
Event Type: Informações
User: WifiLap\Aires
=====Application event log=====
Computer Name: WifiLap
Event Code: 2
Message: O Cliente de Serviços de Certificados foi parado.
Record Number: 419
Source Name: Microsoft-Windows-CertificateServicesClient
Time Written: 20090620050735.402800-000
Event Type: Informações
User: NT AUTHORITY\Sistema
Computer Name: WifiLap
Event Code: 2
Message: O Cliente de Serviços de Certificados foi parado.
Record Number: 418
Source Name: Microsoft-Windows-CertificateServicesClient
Time Written: 20090620050735.387200-000
Event Type: Informações
User: WifiLap\Administrador
Computer Name: LH-AILFEU51KNEA
Event Code: 36
Message:
Record Number: 417
Source Name: ccSvcHst
Time Written: 20090620050735.000000-000
Event Type: Informações
User: NT AUTHORITY\Sistema
Computer Name: LH-AILFEU51KNEA
Event Code: 36
Message:
Record Number: 416
Source Name: ccSvcHst
Time Written: 20090620050735.000000-000
Event Type: Informações
User: NT AUTHORITY\Sistema
Computer Name: LH-AILFEU51KNEA
Event Code: 1013
Message: O Serviço Windows Search parou normalmente.
Record Number: 415
Source Name: Microsoft-Windows-Search
Time Written: 20090620050658.000000-000
Event Type: Informações
User:
=====Security event log=====
Computer Name: WifiLap
Event Code: 4624
Message: Uma conta iniciou sessão com êxito.
Assunto:
ID de Segurança: S-1-5-18
Nome da Conta: WIFILAP$
Domínio da Conta: WORKGROUP
ID de Início de Sessão: 0x3e7
Tipo de Início de Sessão: 5
Novo Início de Sessão:
ID de Segurança: S-1-5-17
Nome da Conta: IUSR
Domínio da Conta: NT AUTHORITY
ID de Início de Sessão: 0x3e3
GUID de Início de Sessão: {00000000-0000-0000-0000-000000000000}
Informações do Processo:
ID do Processo: 0x99c
Nome do Processo: C:\Windows\System32\svchost.exe
Informações de Rede:
Nome da Estação de Trabalho:
Endereço de Rede de Origem: -
Porta de Origem: -
Informações de Autenticação Detalhadas:
Processo de Início de Sessão: Advapi
Pacote de Autenticação: Negotiate
Serviços Transitados: -
Nome do Pacote (apenas NTLM): -
Comprimento da Chave: 0
Este evento é gerado quando é criada uma sessão de início de sessão, sendo gerado no computador que foi acedido.
Os campos de assunto indicam a conta do sistema local que pediu o início de sessão. Normalmente, trata-se de um serviço, tal como o serviço de Servidor, ou de um processo local, tal como Winlogon.exe ou Services.exe.
O campo de tipo de início de sessão indica o tipo de início de sessão ocorrido. Os tipos mais comuns são 2 (interactivo) e 3 (rede).
Os campos Novos Início de Sessão indicam a conta para a qual o novo início de sessão foi criado, ou seja, a conta que iniciou sessão.
Os campos de rede indicam a origem de um pedido de início de sessão. O nome da estação de trabalho pode nem sempre estar disponível, podendo ser deixado em branco em alguns casos.
Os campos de informações de autenticação fornecem informações detalhadas sobre este pedido de início de sessão específico.
- GUID de Início de Sessão é um identificador exclusivo que pode ser utilizado para correlacionar este evento com um evento KDC.
- Serviços transitados indica os serviços intermediários que participaram neste pedido de início de sessão.
- Nome do pacote indica o subprotocolo utilizado entre os protocolos NTLM.
- Comprimento da chave indica o comprimento da chave de sessão gerada. Este comprimento será 0 se não tiver sido pedida nenhuma chave de sessão.
Record Number: 34439
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091205035608.037536-000
Event Type: Êxito de Auditoria
User:
Computer Name: WifiLap
Event Code: 4672
Message: Foram atribuídos privilégios especiais a um novo início de sessão.
Assunto:
ID de Segurança: S-1-5-18
Nome da Conta: Sistema
Domínio da Conta: NT AUTHORITY
ID de Início de Sessão: 0x3e7
Privilégios: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 34438
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091205035607.881536-000
Event Type: Êxito de Auditoria
User:
Computer Name: WifiLap
Event Code: 4624
Message: Uma conta iniciou sessão com êxito.
Assunto:
ID de Segurança: S-1-5-18
Nome da Conta: WIFILAP$
Domínio da Conta: WORKGROUP
ID de Início de Sessão: 0x3e7
Tipo de Início de Sessão: 5
Novo Início de Sessão:
ID de Segurança: S-1-5-18
Nome da Conta: Sistema
Domínio da Conta: NT AUTHORITY
ID de Início de Sessão: 0x3e7
GUID de Início de Sessão: {00000000-0000-0000-0000-000000000000}
Informações do Processo:
ID do Processo: 0x390
Nome do Processo: C:\Windows\System32\services.exe
Informações de Rede:
Nome da Estação de Trabalho:
Endereço de Rede de Origem: -
Porta de Origem: -
Informações de Autenticação Detalhadas:
Processo de Início de Sessão: Advapi
Pacote de Autenticação: Negotiate
Serviços Transitados: -
Nome do Pacote (apenas NTLM): -
Comprimento da Chave: 0
Este evento é gerado quando é criada uma sessão de início de sessão, sendo gerado no computador que foi acedido.
Os campos de assunto indicam a conta do sistema local que pediu o início de sessão. Normalmente, trata-se de um serviço, tal como o serviço de Servidor, ou de um processo local, tal como Winlogon.exe ou Services.exe.
O campo de tipo de início de sessão indica o tipo de início de sessão ocorrido. Os tipos mais comuns são 2 (interactivo) e 3 (rede).
Os campos Novos Início de Sessão indicam a conta para a qual o novo início de sessão foi criado, ou seja, a conta que iniciou sessão.
Os campos de rede indicam a origem de um pedido de início de sessão. O nome da estação de trabalho pode nem sempre estar disponível, podendo ser deixado em branco em alguns casos.
Os campos de informações de autenticação fornecem informações detalhadas sobre este pedido de início de sessão específico.
- GUID de Início de Sessão é um identificador exclusivo que pode ser utilizado para correlacionar este evento com um evento KDC.
- Serviços transitados indica os serviços intermediários que participaram neste pedido de início de sessão.
- Nome do pacote indica o subprotocolo utilizado entre os protocolos NTLM.
- Comprimento da chave indica o comprimento da chave de sessão gerada. Este comprimento será 0 se não tiver sido pedida nenhuma chave de sessão.
Record Number: 34437
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091205035607.881536-000
Event Type: Êxito de Auditoria
User:
Computer Name: WifiLap
Event Code: 4648
Message: Foi tentado um início de sessão utilizando credenciais explícitas.
Assunto:
ID de Segurança: S-1-5-18
Nome da Conta: WIFILAP$
Domínio da Conta: WORKGROUP
ID de Início de Sessão: 0x3e7
GUID de Início de Sessão: {00000000-0000-0000-0000-000000000000}
Conta Cujas Credenciais Foram Utilizadas:
Nome da Conta: Sistema
Domínio da Conta: NT AUTHORITY
GUID de Início de Sessão: {00000000-0000-0000-0000-000000000000}
Servidor de Destino:
Nome do Servidor de Destino: localhost
Informações Adicionais: localhost
Informações do Processo:
ID do Processo: 0x390
Nome do Processo: C:\Windows\System32\services.exe
Informações de Rede:
Endereço de Rede: -
Porta: -
Este evento é gerado quando um processo tenta iniciar sessão numa conta especificando explicitamente as credenciais dessa conta. Isto ocorre mais frequentemente em configurações do tipo lote, tais como tarefas agendadas, ou durante a utilização do comando RUNAS.
Record Number: 34436
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091205035607.881536-000
Event Type: Êxito de Auditoria
User:
Computer Name: WifiLap
Event Code: 4672
Message: Foram atribuídos privilégios especiais a um novo início de sessão.
Assunto:
ID de Segurança: S-1-5-18
Nome da Conta: Sistema
Domínio da Conta: NT AUTHORITY
ID de Início de Sessão: 0x3e7
Privilégios: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 34435
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091205035607.850336-000
Event Type: Êxito de Auditoria
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\DivX Shared\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"NUMBER_OF_PROCESSORS"=2
"configsetroot"=%SystemRoot%\ConfigSetRoot
-----------------EOF-----------------
I´ll run the other program now..
Thanks