Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

_The_Punk_Rocker_

[Arquivado] Problemas no computador

Recommended Posts

Bem, de uns dias para cá, o meu computador tem se comportado de uma maneira muito estranha. Alguns jogos que dantes davam perfeitamente, de repente encravam, outros programas não iniciam, e tipo quando movo um documento (ou apago), vocês sabem aquela mensagem do vista que diz: "Movendo para etc..."? Sim, o documento é movido mas isso fica encravado e não sai do sítio até eu reiniciar ou ir ao gestor de tarefas apagar isso. Não sei o que está a acontecer, é muito estranho. Até quando tento fazer alguma update ao vista da um erro!

 

Ainda há mais, tentei iniciar i hijackthis, mas não consigo. Por exemplo quando chega aquela parte de aceitar os termos, encrava e não sai do sítio. Outras vezes nem aparece nada e quando carrego de novo, diz: Hijackthis is already running.

Alguém sabe o que raios tem o pc? Obrigada.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bem, agora consegui fazer um log do Hijackthis, mas foi no modo seguro, pois li que alguns programas não são parados pelos virus quando estão nesse modo. Usei este'>http://forum.wmonline.com.br/topic/217871-atencao-ao-postar-seu-logfile/"]este tipo de hijackthis, se faz alguma diferença!

Aqui vai:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:57:05, on 2009-12-31

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16681)

Boot mode: Safe mode

 

Running processes:

C:\Windows\Explorer.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=SV_SE&c=73&bd=Pavilion&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: MHURLSearchHook Class - {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Program Files\Family Toolbar\tbhelper.dll

O1 - Hosts: ::1 localhost

O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: MHTBPos00 - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files\Family Toolbar\tbcore3.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Family Toolbar - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE

O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [DPService] "C:\Program Files\HP\DVDPlay\DPService.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

O4 - HKLM\..\Run: [Family Tree Builder Update] C:\MyHeritage\Bin\FTBCheckUpdates.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [FreeCall] "C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" -nosplash -minimized

O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NÄTVERKSTJÄNST')

O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')

O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Diogo Moreira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk

O13 - Gopher Prefix:

O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab

O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab

O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1206480373480

O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab

O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab

O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Update Service (gupdate1c95234997d78cf) (gupdate1c95234997d78cf) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)

O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

 

--

End of file - 12216 bytes

 

Obrigada desde já!

 

PS. Desculpem se fiz um bump inválido, mas eu não encontro o botão de editar o post lol!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite! _The_Punk_Rocker_

 

<@> Baixe: < marcinsig.gif >

 

<@> < Link - 2 >

 

<@> < Link - 3 >

 

<@> Atualize o programa!

<@> Escolha o escaneamento Completo!

<@> Desabilite programas de proteção,ao executar o malwarebytes.

<@> Ps: Caso tenha dificuldades,pode executá-lo em Modo Seguro.

<@> Ps: Para determinadas infecções,a ferramenta pedirá reboot. <-- Confirme!

<@> Procure enviar os ítens detectados para a quarentena,clicando em Remover itens.

<@> Para maiores detalhes: < Link >

<@> Poste: mbam-log-2010-xx-xx (00-00-00).txt

°°°°°°°°°°°°°°°°°°°°°°°°°

°°°°°°°°°°°°°°°°°°°°°°°°°

<@> Baixe: < otlDesktopIcon.png > ( ...by OldTimer Tools )

<@> Salve-o no desktop!

 

OTLI-scan.png

 

<@> Segundo a imagem,mude a opção em "Output" para "Minimal Output".

<@> Duplo-clique em OTL.exe --> Marque a opção "Scan All Users".

<@> Marque as caixas:

 

<!> [] LOP check e [] Purity check

 

<@> Clique em: < runscanbutton.png > --> Aguarde!

<@> Poste:

 

<1> OTL.txt <--

<2> Extra.txt <--

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Obrigada por me ajudar DigRam!:) Bem, primeiramente tenho algumas perguntas:

 

Com desabilitar os programas de segurança para correr o malwarebytes, quer dizer só os que vêm com o sistema (firewall, defender etc...), ou o Avast também?

 

Ah e desde hoje, quando inicio o pc e entro na minha conta aparece assim uma caixinha com o título RunDLL a dizer: "Não foi possível carregar C:\Windows\system32\sshnas.dll . Acesso negado" e tem um botão onde se carrega OK, mas carregando lá nada acontece. Devo prosseguir com as suas instruções á mesma?

 

Só queria esclarecer isto. Obrigada! ^^

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ah, pode ignorar o post acima que eu já esclareci tudo. ^^ Aqui vão os logs:

 

OTL.txt:

 

OTL logfile created on: 2010-01-10 07:34:47 - Run 1

OTL by OldTimer - Version 3.1.23.0 Folder = C:\Users\Diogo Moreira\Desktop

Windows Vista Home Basic Edition (Version = 6.0.6000) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6000.16681)

Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

 

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 64,00% Memory free

6,00 Gb Paging File | 5,00 Gb Available in Paging File | 83,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 225,97 Gb Total Space | 17,76 Gb Free Space | 7,86% Space Free | Partition Type: NTFS

Drive D: | 6,91 Gb Total Space | 1,26 Gb Free Space | 18,25% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: HEMDATORN

Current User Name: Diogo Moreira

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 

========== Processes (SafeList) ==========

 

PRC - C:\Users\Diogo Moreira\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)

PRC - C:\Program\Alwil Software\Avast4\ashServ.exe (ALWIL Software)

PRC - C:\Program\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)

PRC - C:\Program\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)

PRC - C:\Program\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)

PRC - C:\Program\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Program\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)

PRC - C:\Program\Google\Update\GoogleUpdate.exe (Google Inc.)

PRC - C:\Program\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)

PRC - C:\Program\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)

PRC - C:\Program\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Program\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)

PRC - C:\Program\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe ()

PRC - C:\Program\PC Connectivity Solution\ServiceLayer.exe (Nokia.)

PRC - C:\Program\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)

PRC - C:\Program\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

PRC - C:\Program\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)

PRC - C:\Program\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)

PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

PRC - C:\Program\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)

PRC - c:\Program\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)

PRC - C:\Windows\System32\WUDFHost.exe (Microsoft Corporation)

PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)

PRC - C:\Program\Bonjour\mDNSResponder.exe (Apple Computer, Inc.)

PRC - C:\hp\KBD\kbd.exe (Hewlett-Packard Company)

 

 

========== Modules (SafeList) ==========

 

MOD - C:\Users\Diogo Moreira\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation)

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (NMIndexingService) -- File not found

SRV - (LiveUpdate Notice Ex) -- File not found

SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)

SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)

SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)

SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)

SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)

SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)

SRV - (gupdate1c95234997d78cf) Google Update Service (gupdate1c95234997d78cf) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)

SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)

SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)

SRV - (nvsvc) -- C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation)

SRV - (Apache2.2) -- C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe (Apache Software Foundation)

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)

SRV - (LiveUpdate) -- C:\Program\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)

SRV - (Automatisk LiveUpdate-schemaläggare) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)

SRV - (Adobe LM Service) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)

SRV - (MySQL) -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe ()

SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)

SRV - (StarWindServiceAE) -- C:\Program\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)

SRV - (WinDefend) -- C:\Program\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (RoxMediaDB9) -- c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (Sonic Solutions)

SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)

SRV - (stllssvr) -- c:\Program Files\Common Files\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.)

SRV - (LightScribeService) -- c:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)

SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Computer, Inc.)

SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software)

DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (ALWIL Software)

DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (ALWIL Software)

DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software)

DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software)

DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)

DRV - (cpuz132) -- C:\Windows\System32\drivers\cpuz132_x32.sys (Windows ® Codename Longhorn DDK provider)

DRV - (Mkd2kfNt) -- C:\Windows\System32\drivers\Mkd2kfNT.sys (AhnLab, Inc.)

DRV - (Mkd2Nadr) -- C:\Windows\System32\drivers\Mkd2Nadr.sys (AhnLab, Inc.)

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (nvstor32) -- C:\Windows\system32\drivers\nvstor32.sys (NVIDIA Corporation)

DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()

DRV - (V0260VID) -- C:\Windows\System32\drivers\V0260Vid.sys (Creative Technology Ltd.)

DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)

DRV - (nmwcd) -- C:\Windows\System32\drivers\nmwcd.sys (Nokia)

DRV - (nmwcdcm) -- C:\Windows\System32\drivers\nmwcdcm.sys (Nokia)

DRV - (nmwcdcj) -- C:\Windows\System32\drivers\nmwcdcj.sys (Nokia)

DRV - (nmwcdc) -- C:\Windows\System32\drivers\nmwcdc.sys (Nokia)

DRV - (PxHelp20) -- C:\Windows\System32\Drivers\PxHelp20.sys (Sonic Solutions)

DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)

DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)

DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)

DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)

DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)

DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)

DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)

DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)

DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)

DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)

DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)

DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)

DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)

DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)

DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)

DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)

DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)

DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)

DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)

DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)

DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)

DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)

DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)

DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)

DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)

DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)

DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)

DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)

DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)

DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)

DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)

DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)

DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)

DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)

DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)

DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)

DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)

DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)

DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)

DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)

DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)

DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)

DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)

DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)

DRV - (secdrv) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)

DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\Windows\System32\drivers\sfsync02.sys (Protection Technology)

DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology (StarForce))

DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology (StarForce))

DRV - (Ps2) -- C:\Windows\System32\drivers\PS2.sys (Hewlett-Packard Company)

DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\Windows\System32\drivers\sfvfs02.sys (Protection Technology)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=SV_SE&c=73&bd=Pavilion&pf=desktop

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com

 

 

IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-316284770-1064195047-592160855-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com

IE - HKU\S-1-5-21-316284770-1064195047-592160855-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-316284770-1064195047-592160855-1000\..\URLSearchHook: {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Program\Family Toolbar\tbhelper.dll ()

IE - HKU\S-1-5-21-316284770-1064195047-592160855-1000\S-1-5-21-316284770-1064195047-592160855-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-316284770-1064195047-592160855-1000\S-1-5-21-316284770-1064195047-592160855-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "http://search.myheritage.com/"

FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.4.5

FF - prefs.js..keyword.URL: "http://search.myheritage.com/?orig=ds&q="

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-01-06 03:31:51 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-01-06 03:31:51 | 00,000,000 | ---D | M]

 

[2008-08-26 19:11:47 | 00,000,000 | ---D | M] -- C:\Users\Diogo Moreira\AppData\Roaming\mozilla\Extensions

[2010-01-10 07:25:56 | 00,000,000 | ---D | M] -- C:\Users\Diogo Moreira\AppData\Roaming\mozilla\Firefox\Profiles\jh2fjusv.default\extensions

[2009-04-30 20:48:37 | 00,000,000 | ---D | M] (No name found) -- C:\Users\Diogo Moreira\AppData\Roaming\mozilla\Firefox\Profiles\jh2fjusv.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}

[2009-11-15 02:32:43 | 00,000,000 | ---D | M] -- C:\Users\Diogo Moreira\AppData\Roaming\mozilla\Firefox\Profiles\jh2fjusv.default\extensions\firebug@software.joehewitt.com

[2010-01-10 07:25:56 | 00,000,000 | ---D | M] -- C:\Program\Mozilla Firefox\extensions

[2009-04-29 21:15:15 | 00,000,000 | ---D | M] -- C:\Program\Mozilla Firefox\extensions\talkback@mozilla.org

[2009-05-20 00:49:50 | 00,083,376 | ---- | M] (NHN USA Inc.) -- C:\Program\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll

[2009-08-17 06:42:14 | 00,073,728 | ---- | M] (NHN USA Inc. ) -- C:\Program\Mozilla Firefox\plugins\npijjiFFPlugin1.dll

[2009-11-21 07:47:51 | 00,001,470 | ---- | M] () -- C:\Program\Mozilla Firefox\searchplugins\allaannonser-sv-SE.xml

[2009-08-18 04:39:36 | 00,003,801 | ---- | M] () -- C:\Program\Mozilla Firefox\searchplugins\MyHeritage.xml

[2009-11-21 07:47:51 | 00,002,670 | ---- | M] () -- C:\Program\Mozilla Firefox\searchplugins\prisjakt-sv-SE.xml

[2009-11-21 07:47:51 | 00,000,948 | ---- | M] () -- C:\Program\Mozilla Firefox\searchplugins\tyda-sv-SE.xml

[2009-11-21 07:47:51 | 00,001,174 | ---- | M] () -- C:\Program\Mozilla Firefox\searchplugins\wikipedia-sv-SE.xml

[2009-11-21 07:47:51 | 00,000,647 | ---- | M] () -- C:\Program\Mozilla Firefox\searchplugins\yahoo-sv-SE.xml

 

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (Länkhjälp till Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (MHTBPos00 Class) - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program\Family Toolbar\tbcore3.dll ()

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (Windows Live inloggningshjälpen) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (Family Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program\Family Toolbar\tbcore3.dll ()

O3 - HKU\S-1-5-21-316284770-1064195047-592160855-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKU\S-1-5-21-316284770-1064195047-592160855-1000\..\Toolbar\WebBrowser: (Family Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program\Family Toolbar\tbcore3.dll ()

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avast!] C:\Program\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)

O4 - HKLM..\Run: [DPService] C:\Program Files\HP\DVDPlay\DPService.exe (CyberLink Corp.)

O4 - HKLM..\Run: [Family Tree Builder Update] C:\MyHeritage\Bin\FTBCheckUpdates.exe (MyHeritage)

O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)

O4 - HKLM..\Run: [HP Software Update] C:\Program\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)

O4 - HKLM..\Run: [hpqSRMon] C:\Program\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)

O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)

O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKU\.DEFAULT..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)

O4 - HKU\S-1-5-18..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-316284770-1064195047-592160855-1000..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated)

O4 - HKU\S-1-5-21-316284770-1064195047-592160855-1000..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe File not found

O4 - HKU\S-1-5-21-316284770-1064195047-592160855-1000..\Run: [DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe (DT Soft Ltd.)

O4 - HKU\S-1-5-21-316284770-1064195047-592160855-1000..\Run: [FreeCall] C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe (FreeCall)

O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)

O4 - Startup: C:\Users\João Moreira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files\Xfire\xfire.exe File not found

O4 - Startup: C:\Users\Tiago Moreira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Last.fm Helper.lnk = C:\Program\Last.fm\LastFMHelper.exe (Last.fm)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)

O9 - Extra Button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Diogo Moreira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab (StagingUI Object)

O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab (MSN Games – Buddy Invite)

O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab (ZonePAChat Object)

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class)

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1206480373480 (WUWebControl Class)

O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} http://www.acclaim.com/cabs/acclaim_v5.cab (GameLauncher Control)

O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab (UnoCtrl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab (MSN Games - Installer)

O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} http://cdn1.acclaimdownloads.com/solidstateion.cab (CSolidBrowserObj Object)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://zone.msn.com/binframework/v10/StProxy.cab55579.cab (MSN Games – Game Communicator)

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2007-05-26 17:05:01 | 00,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{d84ef5ce-645c-11dd-98b7-001bfc68f30a}\Shell\AutoRun\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhx32.exe

O33 - MountPoints2\{d84ef5ce-645c-11dd-98b7-001bfc68f30a}\Shell\open\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhx32.exe

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*

 

========== Files/Folders - Created Within 30 Days ==========

 

[2010-01-10 07:26:52 | 00,543,744 | ---- | C] (OldTimer Tools) -- C:\Users\Diogo Moreira\Desktop\OTL.exe

[2010-01-08 04:49:56 | 00,000,000 | ---D | C] -- C:\Users\Diogo Moreira\AppData\Roaming\Malwarebytes

[2010-01-08 04:49:49 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010-01-08 04:49:46 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010-01-08 04:49:46 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010-01-08 04:49:45 | 00,000,000 | ---D | C] -- C:\Program\Malwarebytes' Anti-Malware

[2009-12-31 13:13:59 | 00,000,000 | ---D | C] -- C:\Program\Trend Micro

[2009-12-28 22:49:37 | 00,000,000 | ---D | C] -- C:\Program\Marcos Velasco Security

[2009-12-23 05:16:38 | 00,000,000 | ---D | C] -- C:\Users\Diogo Moreira\Desktop\ffgg

[2009-12-20 05:27:27 | 00,000,000 | ---D | C] -- C:\Program\Gravity

[2009-12-17 14:29:07 | 00,000,000 | -HSD | C] -- C:\found.002

[2009-12-16 20:10:27 | 00,000,000 | -HSD | C] -- C:\found.001

[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2010-01-10 07:45:00 | 00,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{C317DACC-71D5-431E-8CDD-7C664B22605B}.job

[2010-01-10 07:44:33 | 04,980,736 | -HS- | M] () -- C:\Users\Diogo Moreira\ntuser.dat

[2010-01-10 07:26:58 | 00,543,744 | ---- | M] (OldTimer Tools) -- C:\Users\Diogo Moreira\Desktop\OTL.exe

[2010-01-10 07:25:53 | 00,000,938 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2010-01-10 07:13:42 | 00,000,934 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2010-01-10 07:13:14 | 00,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010-01-10 07:13:14 | 00,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010-01-10 07:13:08 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010-01-10 07:12:57 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010-01-10 07:12:54 | 30,854,92224 | -HS- | M] () -- C:\hiberfil.sys

[2010-01-10 07:11:28 | 06,291,456 | -H-- | M] () -- C:\Users\Diogo Moreira\AppData\Local\IconCache.db

[2010-01-09 22:47:01 | 00,020,503 | ---- | M] () -- C:\Users\Diogo Moreira\zsnesw.cfg

[2010-01-09 22:47:01 | 00,008,192 | ---- | M] () -- C:\Users\Diogo Moreira\smas_eng.srm

[2010-01-09 22:47:01 | 00,003,806 | ---- | M] () -- C:\Users\Diogo Moreira\zinput.cfg

[2010-01-09 21:05:04 | 00,002,480 | ---- | M] () -- C:\Users\Diogo Moreira\zmovie.cfg

[2010-01-07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010-01-07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010-01-02 03:04:46 | 00,014,120 | ---- | M] () -- C:\Users\Diogo Moreira\Documents\1976prerecord16.jpg

[2009-12-31 13:14:00 | 00,001,876 | ---- | M] () -- C:\Users\Diogo Moreira\Desktop\HijackThis.lnk

[2009-12-30 08:02:49 | 01,785,664 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2009-12-29 18:58:16 | 00,126,112 | ---- | M] () -- C:\Users\Diogo Moreira\AppData\Local\GDIPFONTCACHEV1.DAT

[2009-12-29 14:32:57 | 00,126,112 | ---- | M] () -- C:\Windows\System32\GDIPFONTCACHEV1.DAT

[2009-12-27 15:00:36 | 00,116,621 | ---- | M] () -- C:\Users\Diogo Moreira\Desktop\sfffff.jpg

[2009-12-20 21:45:47 | 00,000,739 | ---- | M] () -- C:\Users\Public\Desktop\valkyrie.lnk

[2009-12-20 05:33:51 | 00,000,729 | ---- | M] () -- C:\Users\Diogo Moreira\Sakray.lnk

[2009-12-20 05:27:27 | 00,000,739 | ---- | M] () -- C:\Users\Diogo Moreira\Ragnarok Online.lnk

[2009-12-19 23:31:17 | 00,026,112 | ---- | M] () -- C:\Users\Diogo Moreira\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009-12-19 23:27:27 | 00,000,929 | ---- | M] () -- C:\Users\Diogo Moreira\Desktop\Install Microsoft Visual Basic 2008 Express Edition with SP1.lnk

[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2010-01-02 03:04:40 | 00,014,120 | ---- | C] () -- C:\Users\Diogo Moreira\Documents\1976prerecord16.jpg

[2010-01-02 00:24:01 | 01,318,157 | ---- | C] () -- C:\Users\Diogo Moreira\Desktop\Fermentos de Padeiro.pdf

[2010-01-01 23:28:07 | 00,665,289 | ---- | C] () -- C:\Users\Diogo Moreira\Desktop\Novo Livro de Receitas.pdf

[2009-12-31 13:59:09 | 30,854,92224 | -HS- | C] () -- C:\hiberfil.sys

[2009-12-31 13:14:00 | 00,001,876 | ---- | C] () -- C:\Users\Diogo Moreira\Desktop\HijackThis.lnk

[2009-12-27 15:00:31 | 00,116,621 | ---- | C] () -- C:\Users\Diogo Moreira\Desktop\sfffff.jpg

[2009-12-20 21:45:47 | 00,000,739 | ---- | C] () -- C:\Users\Public\Desktop\valkyrie.lnk

[2009-12-20 05:33:51 | 00,000,729 | ---- | C] () -- C:\Users\Diogo Moreira\Sakray.lnk

[2009-12-20 05:27:27 | 00,000,739 | ---- | C] () -- C:\Users\Diogo Moreira\Ragnarok Online.lnk

[2009-12-19 22:17:36 | 00,000,929 | ---- | C] () -- C:\Users\Diogo Moreira\Desktop\Install Microsoft Visual Basic 2008 Express Edition with SP1.lnk

[2009-08-18 04:44:06 | 00,000,306 | ---- | C] () -- C:\Windows\MyHeritage.INI

[2009-08-18 04:39:08 | 00,454,656 | ---- | C] () -- C:\Windows\System32\PaintX.dll

[2009-08-03 14:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll

[2008-11-16 22:16:34 | 00,000,133 | -H-- | C] () -- C:\Users\Diogo Moreira\AppData\Roaming\lakerda1967.sys

[2008-11-16 22:16:02 | 00,010,584 | ---- | C] () -- C:\Users\Diogo Moreira\AppData\Roaming\docXConverter (3).ini

[2008-10-12 18:18:44 | 00,000,037 | ---- | C] () -- C:\Windows\Viewer.ini

[2008-08-16 23:51:18 | 00,000,000 | ---- | C] () -- C:\Users\Diogo Moreira\AppData\Roaming\wklnhst.dat

[2008-08-11 10:08:52 | 00,000,998 | ---- | C] () -- C:\Windows\Mhpb.ini

[2008-06-11 17:04:53 | 00,000,033 | ---- | C] () -- C:\Windows\GunzLauncher.INI

[2008-01-22 22:51:40 | 02,035,712 | ---- | C] () -- C:\Windows\System32\libmysql.dll

[2008-01-05 22:46:36 | 00,008,717 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate

[2007-12-14 17:04:24 | 00,000,046 | ---- | C] () -- C:\Windows\QTW.INI

[2007-09-09 21:52:30 | 00,685,816 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys

[2007-09-09 15:02:15 | 00,019,040 | ---- | C] () -- C:\Windows\System32\VRX1.DLL

[2007-09-09 15:02:14 | 00,027,136 | ---- | C] () -- C:\Windows\System32\VERMONT1.DLL

[2007-09-09 15:02:13 | 00,107,520 | ---- | C] () -- C:\Windows\System32\SIMFARM.DLL

[2007-09-09 13:33:25 | 00,002,019 | ---- | C] () -- C:\Windows\disney.ini

[2007-09-04 18:49:16 | 00,026,112 | ---- | C] () -- C:\Users\Diogo Moreira\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2007-08-23 17:13:00 | 00,000,025 | ---- | C] () -- C:\Windows\VSWizard.ini

[2007-05-26 16:49:22 | 00,000,673 | ---- | C] () -- C:\ProgramData\hpzinstall.log

[2007-05-26 16:25:51 | 00,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom24.dll

[2007-05-26 16:25:51 | 00,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes24.dll

[2007-03-29 22:00:40 | 00,203,264 | R--- | C] () -- C:\Windows\System32\CddbCdda.dll

[2007-03-06 09:47:24 | 00,000,000 | ---- | C] () -- C:\Windows\System32\px.ini

[2007-01-12 06:07:48 | 00,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll

[2007-01-12 06:07:48 | 00,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll

[2006-11-02 08:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

 

========== LOP Check ==========

 

[2007-12-08 01:10:15 | 00,000,000 | ---D | M] -- C:\Users\Diogo Moreira\AppData\Roaming\Audacity

[2009-09-09 20:13:17 | 00,000,000 | ---D | M] -- C:\Users\Diogo Moreira\AppData\Roaming\Dev-Cpp

[2008-09-14 02:35:40 | 00,000,000 | ---D | M] -- C:\Users\Diogo Moreira\AppData\Roaming\DNA

[2009-11-10 01:58:06 | 00,000,000 | ---D | M] -- C:\Users\Diogo Moreira\AppData\Roaming\FileZilla

[2008-09-06 00:47:46 | 00,000,000 | ---D | M] -- C:\Users\Diogo Moreira\AppData\Roaming\FreeCall

[2009-08-26 00:18:47 | 00,000,000 | ---D | M] -- C:\Users\Diogo Moreira\AppData\Roaming\GetRightToGo

[2008-09-24 16:44:06 | 00,000,000 | ---D | M] -- C:\Users\Diogo Moreira\AppData\Roaming\LimeWire

[2009-07-20 23:25:44 | 00,000,000 | ---D | M] -- C:\Users\Diogo Moreira\AppData\Roaming\MilkShape 3D 1.x.x

[2009-08-18 04:46:47 | 00,000,000 | ---D | M] -- C:\Users\Diogo Moreira\AppData\Roaming\MyHeritage

[2007-08-24 13:12:59 | 00,000,000 | ---D | M] -- C:\Users\Diogo Moreira\AppData\Roaming\Nokia

[2007-08-24 13:13:31 | 00,000,000 | ---D | M] -- C:\Users\Diogo Moreira\AppData\Roaming\Nokia Multimedia Player

[2009-02-14 18:16:56 | 00,000,000 | ---D | M] -- C:\Users\Diogo Moreira\AppData\Roaming\Notepad++

[2008-12-23 19:54:54 | 00,000,000 | ---D | M] -- C:\Users\Diogo Moreira\AppData\Roaming\Opera

[2007-08-24 13:09:22 | 00,000,000 | ---D | M] -- C:\Users\Diogo Moreira\AppData\Roaming\PC Suite

[2009-08-18 04:38:49 | 00,000,000 | ---D | M] -- C:\Users\Diogo Moreira\AppData\Roaming\The Complete Genealogy Reporter - FTB

[2009-08-27 14:06:13 | 00,000,000 | ---D | M] -- C:\Users\Diogo Moreira\AppData\Roaming\Unity

[2009-12-20 21:00:49 | 00,000,000 | ---D | M] -- C:\Users\Diogo Moreira\AppData\Roaming\uTorrent

[2008-08-07 02:24:09 | 00,000,000 | ---D | M] -- C:\Users\Diogo Moreira\AppData\Roaming\WinBatch

[2008-08-07 15:20:28 | 00,000,000 | ---D | M] -- C:\Users\Diogo Moreira\AppData\Roaming\XericDesign

[2009-08-04 17:45:55 | 00,000,000 | ---D | M] -- C:\Users\Gäst\AppData\Roaming\Opera

[2009-07-30 21:58:40 | 00,000,000 | ---D | M] -- C:\Users\Gäst\AppData\Roaming\PC Suite

[2009-09-13 12:21:04 | 00,000,000 | ---D | M] -- C:\Users\João Moreira\AppData\Roaming\Dev-Cpp

[2008-09-04 18:18:49 | 00,000,000 | ---D | M] -- C:\Users\João Moreira\AppData\Roaming\DNA

[2009-12-11 19:32:25 | 00,000,000 | ---D | M] -- C:\Users\João Moreira\AppData\Roaming\HiYo

[2009-06-19 20:11:31 | 00,000,000 | -H-D | M] -- C:\Users\João Moreira\AppData\Roaming\ijjigame

[2009-01-22 16:54:29 | 00,000,000 | ---D | M] -- C:\Users\João Moreira\AppData\Roaming\LimeWire

[2007-12-28 12:55:49 | 00,000,000 | ---D | M] -- C:\Users\João Moreira\AppData\Roaming\Nokia

[2009-08-09 23:29:00 | 00,000,000 | ---D | M] -- C:\Users\João Moreira\AppData\Roaming\Opera

[2007-08-24 20:04:20 | 00,000,000 | ---D | M] -- C:\Users\João Moreira\AppData\Roaming\PC Suite

[2008-08-07 21:14:27 | 00,000,000 | ---D | M] -- C:\Users\João Moreira\AppData\Roaming\XericDesign

[2008-09-04 08:13:20 | 00,000,000 | ---D | M] -- C:\Users\Maria Moreira\AppData\Roaming\DNA

[2009-11-16 20:10:19 | 00,000,000 | ---D | M] -- C:\Users\Maria Moreira\AppData\Roaming\LimeWire

[2007-10-28 17:15:31 | 00,000,000 | ---D | M] -- C:\Users\Maria Moreira\AppData\Roaming\PC Suite

[2008-06-27 19:15:01 | 00,000,000 | ---D | M] -- C:\Users\Maria Moreira\AppData\Roaming\PeerNetworking

[2008-12-08 18:06:35 | 00,000,000 | ---D | M] -- C:\Users\Maria Moreira\AppData\Roaming\SPORE Creature Creator

[2009-12-12 12:10:12 | 00,000,000 | ---D | M] -- C:\Users\Miguel Moreira\AppData\Roaming\PC Suite

[2009-08-27 18:53:56 | 00,000,000 | ---D | M] -- C:\Users\Nuno Moreira\AppData\Roaming\LimeWire

[2008-09-23 16:44:03 | 00,000,000 | ---D | M] -- C:\Users\Nuno Moreira\AppData\Roaming\Nokia

[2008-08-23 12:32:03 | 00,000,000 | ---D | M] -- C:\Users\Nuno Moreira\AppData\Roaming\PC Suite

[2009-12-23 18:28:44 | 00,000,000 | ---D | M] -- C:\Users\Nuno Moreira\AppData\Roaming\Unity

[2009-06-19 04:44:08 | 00,000,000 | ---D | M] -- C:\Users\Paulino Moreira\AppData\Roaming\LimeWire

[2007-08-25 04:29:39 | 00,000,000 | ---D | M] -- C:\Users\Paulino Moreira\AppData\Roaming\PC Suite

[2008-09-15 15:38:42 | 00,000,000 | ---D | M] -- C:\Users\Tiago Moreira\AppData\Roaming\DNA

[2009-06-20 13:49:16 | 00,000,000 | -H-D | M] -- C:\Users\Tiago Moreira\AppData\Roaming\ijjigame

[2009-08-06 14:07:08 | 00,000,000 | ---D | M] -- C:\Users\Tiago Moreira\AppData\Roaming\LimeWire

[2008-12-26 20:48:29 | 00,000,000 | ---D | M] -- C:\Users\Tiago Moreira\AppData\Roaming\Opera

[2007-08-24 19:10:31 | 00,000,000 | ---D | M] -- C:\Users\Tiago Moreira\AppData\Roaming\PC Suite

[2010-01-10 07:11:45 | 00,032,568 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2010-01-10 07:45:00 | 00,000,438 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{C317DACC-71D5-431E-8CDD-7C664B22605B}.job

 

========== Purity Check ==========

 

 

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 64 bytes -> C:\Users\Diogo Moreira\--- Pistols - Anarchy in the UK (Studio Version).mpg:TOC.WMV

@Alternate Data Stream - 508 bytes -> C:\ProgramData\TEMP:05EE1EEF

< End of report >

 

 

Extras.txt:

 

OTL Extras logfile created on: 2010-01-10 07:34:47 - Run 1

OTL by OldTimer - Version 3.1.23.0 Folder = C:\Users\Diogo Moreira\Desktop

Windows Vista Home Basic Edition (Version = 6.0.6000) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6000.16681)

Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

 

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 64,00% Memory free

6,00 Gb Paging File | 5,00 Gb Available in Paging File | 83,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 225,97 Gb Total Space | 17,76 Gb Free Space | 7,86% Space Free | Partition Type: NTFS

Drive D: | 6,91 Gb Total Space | 1,26 Gb Free Space | 18,25% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: HEMDATORN

Current User Name: Diogo Moreira

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.html [@ = Opera.HTML] -- C:\Program Files\Opera\opera.exe (Opera Software)

 

[HKEY_USERS\S-1-5-21-316284770-1064195047-592160855-1000\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)

https [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

"UacDisableNotify" = 1

"InternetSettingsDisableNotify" = 1

"AutoUpdateDisableNotify" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- File not found

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- File not found

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{115887A6-A666-450C-8B71-6B87C11B0557}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe |

"{1F855F57-F4DF-4338-AD41-8311F7B756D1}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe |

"{20BB9B22-039B-40B4-999F-FD0FAC594802}" = lport=2869 | protocol=6 | dir=in | app=system |

"{2A6B5DDF-612F-4593-B1C3-D46327248CCE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{647F3252-36A3-4AED-A010-E744A9AD0D34}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{6C11B80C-7A41-4C00-853A-12B6F8DDAA40}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |

"{782C202A-EB7B-44A9-A724-29C91060DD40}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |

"{79F9CDB2-565D-43B8-9364-F6A609DB8BA1}" = lport=23875 | protocol=17 | dir=in | name=bitcomet 23875 udp |

"{87E59933-AF59-4EA7-9D3C-52F74B8D5467}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe |

"{94DA2378-A56C-4488-9C12-C00190A6E08C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{96CD7EBE-A6A8-4FA9-BBAB-AA01F7458AFA}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |

"{9E691FA8-21EF-49EE-BF3B-263CB153D425}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe |

"{A5D7C439-DF5C-4D70-A12E-B3F468A89DBD}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe |

"{A87420C6-10EF-4644-8CC9-F8B6BE9918ED}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |

"{AB3D9BF2-D12F-4AF5-84AF-28ECADAA7593}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

"{AD5908E1-6714-4F54-ADB8-3775B7CBC073}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{AF62A2C0-8A33-4413-952E-F77576C05FFC}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe |

"{B0175A82-90E5-4D0F-B4E2-A892575D11ED}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |

"{B1558C20-0114-4684-A350-7FD6528863A0}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe |

"{B669A0DA-8715-4A8A-8446-73A740EDFCD6}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |

"{C617B06F-D3C5-4EA5-BFDB-CD4FC353E5EB}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |

"{CDDA243E-DE38-4549-B690-11330128F36B}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |

"{CE48D8F7-9553-4032-991F-343C452FE412}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{D8E5B3CA-8948-4CCB-98E9-0AEC43DF1E8A}" = lport=23875 | protocol=6 | dir=in | name=bitcomet 23875 tcp |

"{F142780E-6014-49BC-AF09-9FCB008F0559}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe |

"{F570CD31-1C82-42A3-A0CD-19DBBC22C202}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{00877FA8-9D5C-449A-881C-B3CD015A5C99}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |

"{0616A73A-8538-4743-9683-64ABA3769865}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |

"{11AD0596-8659-42A7-8180-B949495E47B3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |

"{1B262A85-71D6-4C58-B8A8-BB990A04AEDF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{22729031-37CF-4FDE-8F44-87519940A615}" = protocol=17 | dir=in | app=c:\program files\freecall.com\freecall\freecall.exe |

"{24FCD4FF-5A50-46E8-9695-635BE87A2C1F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |

"{2561E435-7378-4512-9BD6-5C581460ADA4}" = protocol=17 | dir=in | app=c:\program files\codemasters\ebay motors grid demo\grid.exe |

"{25C77B8D-9C2C-4373-98DF-5513ABAEC9D3}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |

"{297C3ED5-589E-431F-A0CE-FBBEFDDC2440}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |

"{3D94E7A4-387C-4030-9DB4-06B33BC17987}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |

"{400AEB66-E9F7-4E2B-8892-D680F2EAA1DB}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |

"{471816D8-7812-4344-93F8-173CCA5A9B5B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |

"{5B350E45-C685-4823-9DA2-22028BDFF90E}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |

"{68A848DA-9FE5-467C-B228-D5426CAB6D2C}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |

"{733ACD9A-A9C6-44ED-9DB4-65F556E676DA}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |

"{74B206CF-25FB-4262-8443-FA0F8C0F68C1}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |

"{74DE3BF7-86E1-4D95-B760-201930ABEA32}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |

"{83C8BEE0-D7E9-4686-9468-BD2A9ED5B2B9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{86A0E401-FC79-430C-B963-46D47A8CADF3}" = dir=in | app=c:\program files\hp\dvdplay\dpservice.exe |

"{9476AA0E-0F22-4D1E-AE96-27ED4E5FF9AD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |

"{997D61D7-E337-495E-A516-DDCC682B1E7C}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |

"{ADD2CB0E-00F7-42F3-9649-9C6F5734F7AD}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |

"{B17A003D-D6A0-4404-85C6-F6B383844D2F}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |

"{B3564C90-99EC-4D16-91F4-A28887502DFE}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |

"{B4EF61D5-4BC0-4CBD-B1A6-6910A7F95287}" = dir=in | app=c:\program files\hp\dvdplay\dvdplay.exe |

"{B94465F0-5FC5-42C0-A91E-827042F58669}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |

"{BC72FC7C-77AC-4102-B317-A651F142A421}" = protocol=6 | dir=in | app=c:\program files\freecall.com\freecall\freecall.exe |

"{C2A15EFE-21E3-4FC5-9673-F530E56AFA3F}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |

"{C9962762-0E1F-4086-886F-4F388573A90D}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |

"{DF212704-45FD-4A3F-9D1B-88B62599CA4C}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |

"{E8A22795-4BC9-4E11-BFEA-096E254484C6}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |

"{EBC6EF54-04AD-4FBC-A18D-38E8EA10E458}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{EC59250A-54E8-441A-9657-C4A13E2A9DD5}" = protocol=6 | dir=in | app=c:\program files\codemasters\ebay motors grid demo\grid.exe |

"{FE3D7512-837F-4F75-A4E2-B107C52945B7}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |

"TCP Query User{012AA07F-206E-48EE-8DB5-A248DC7FBA75}C:\program files\apache software foundation\apache2.2\bin\httpd.exe" = protocol=6 | dir=in | app=c:\program files\apache software foundation\apache2.2\bin\httpd.exe |

"TCP Query User{2282FDE9-2E3B-412F-89F9-49F977B36CC6}C:\ijji\english\u_gunz.exe" = protocol=6 | dir=in | app=c:\ijji\english\u_gunz.exe |

"TCP Query User{2BC2C832-4CD7-47E9-A123-381241409104}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |

"TCP Query User{31D463F5-9791-4352-B2F2-F931E3056948}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

"TCP Query User{377646B3-0670-4FA1-9548-DA2C7DF80A56}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"TCP Query User{46199084-5A8E-43F0-9F61-FF452B1CD25E}C:\program files\activision\mat hoffman's pro bmx\bmx.exe" = protocol=6 | dir=in | app=c:\program files\activision\mat hoffman's pro bmx\bmx.exe |

"TCP Query User{5A20E7EB-713A-4230-BF01-64978DA4FE19}C:\program files\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe" = protocol=6 | dir=in | app=c:\program files\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe |

"TCP Query User{5DF37610-DB71-4250-9DE3-1AC77681DB3B}C:\program files\softnyx\rakion\bin\rakion.bin" = protocol=6 | dir=in | app=c:\program files\softnyx\rakion\bin\rakion.bin |

"TCP Query User{8795A830-A9D0-4616-BEA3-48A21378B45F}C:\program files\last.fm\lastfm.exe" = protocol=6 | dir=in | app=c:\program files\last.fm\lastfm.exe |

"TCP Query User{8CC30C91-2528-4587-BBFF-312225BD4099}C:\program files\bots\bots.dat" = protocol=6 | dir=in | app=c:\program files\bots\bots.dat |

"TCP Query User{B18B366C-ED6B-454F-9A23-A2B8CA7E2D6A}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |

"TCP Query User{B68A4795-56C4-4286-B52F-84018C13D2C0}C:\program files\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |

"TCP Query User{B7590A5D-335F-4562-860A-17C98715BA50}C:\users\maria moreira\appdata\local\virtualstore\program files\bots\bots.dat" = protocol=6 | dir=in | app=c:\users\maria moreira\appdata\local\virtualstore\program files\bots\bots.dat |

"TCP Query User{C31DD662-7F0E-475C-9233-2EC97C37E228}C:\ijji\english\gunz\gunz.exe" = protocol=6 | dir=in | app=c:\ijji\english\gunz\gunz.exe |

"TCP Query User{DBFE6BED-9C87-4648-8172-3968DEE303FE}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |

"TCP Query User{F89280D3-3F8D-41BF-B57A-742B7CD3EAD0}C:\program files\google\google sketchup 6\sketchup.exe" = protocol=6 | dir=in | app=c:\program files\google\google sketchup 6\sketchup.exe |

"UDP Query User{07E33FAC-845A-4DC5-8CA5-D3E6002626E2}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

"UDP Query User{0C83855C-FAA8-4AB9-859A-56EF8738700E}C:\program files\activision\mat hoffman's pro bmx\bmx.exe" = protocol=17 | dir=in | app=c:\program files\activision\mat hoffman's pro bmx\bmx.exe |

"UDP Query User{19DB30AC-C9D5-4058-9208-25FBC2FAE46B}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"UDP Query User{1BC670FC-00E6-4A79-A5F8-FC19A4C53C5C}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |

"UDP Query User{263E586F-31E1-4B53-9E0A-8BEB77F697CF}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |

"UDP Query User{2B486FFE-8AC9-4953-BB50-5337BE6FAF6E}C:\program files\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe" = protocol=17 | dir=in | app=c:\program files\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe |

"UDP Query User{30BDC1EE-F546-46A9-97CF-A0970971CD7D}C:\ijji\english\gunz\gunz.exe" = protocol=17 | dir=in | app=c:\ijji\english\gunz\gunz.exe |

"UDP Query User{31AB5F89-F3E3-4949-8216-57846C5AEA69}C:\program files\apache software foundation\apache2.2\bin\httpd.exe" = protocol=17 | dir=in | app=c:\program files\apache software foundation\apache2.2\bin\httpd.exe |

"UDP Query User{3ECE0100-1B8F-4C11-BEE0-B01C3928B52F}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |

"UDP Query User{3F39EEDF-8987-4F2B-A8AE-3D6E6F98E9C6}C:\users\maria moreira\appdata\local\virtualstore\program files\bots\bots.dat" = protocol=17 | dir=in | app=c:\users\maria moreira\appdata\local\virtualstore\program files\bots\bots.dat |

"UDP Query User{4767F644-507B-493A-87B2-3C6B3835AD3E}C:\ijji\english\u_gunz.exe" = protocol=17 | dir=in | app=c:\ijji\english\u_gunz.exe |

"UDP Query User{57AE5FB2-628E-4522-9AA5-C2221F657D40}C:\program files\bots\bots.dat" = protocol=17 | dir=in | app=c:\program files\bots\bots.dat |

"UDP Query User{994E343F-9E3E-4F59-9E7C-CCA694FF3C42}C:\program files\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |

"UDP Query User{CEB89536-30BC-4EA2-B953-A0115ABF0545}C:\program files\google\google sketchup 6\sketchup.exe" = protocol=17 | dir=in | app=c:\program files\google\google sketchup 6\sketchup.exe |

"UDP Query User{F1699B19-165C-4A85-A857-69CF1CB7CB0F}C:\program files\last.fm\lastfm.exe" = protocol=17 | dir=in | app=c:\program files\last.fm\lastfm.exe |

"UDP Query User{FFEFBA98-8348-4A85-AC09-3835CF55E22F}C:\program files\softnyx\rakion\bin\rakion.bin" = protocol=17 | dir=in | app=c:\program files\softnyx\rakion\bin\rakion.bin |

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3

"{01521746-02A6-4A72-00BD-A285DF6B80C6}" = The Sims 2 Studentliv

"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools

"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3

"{08A247F5-E34F-4D17-8731-0906DF56947E}" = Windows Live Sync

"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting

"{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE

"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data

"{111E336D-30BF-4CD4-8D69-4541732AFB27}" = Peter Jackson's King Kong - The Official Game of the Movie

"{11964613-805F-432D-A12B-169554B793E7}" = Nokia Connectivity Cable Driver

"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive

"{12E75B98-8463-4C1F-8DDA-F6CF31566A55}" = Google SketchUp Pro 6

"{14FB2C18-CFC1-4DF4-A9CF-BAD3CCB5AAFD}" = Windows Live Toolbar

"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin

"{1A8BAA46-1179-4743-B00E-51B794A018B0}" = Windows Live Writer

"{1BC4026B-1957-4514-9058-2B542557F143}" = Opera 9.63

"{1DCC7418-2089-4BDD-B321-3771956160FC}" = ijji Auto Installer

"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3

"{3248F0A8-6813-11D6-A77B-00B0D0150120}" = J2SE Runtime Environment 5.0 Update 12

"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java 6 Update 2

"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7

"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module

"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend

"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = DVD Play

"{4817189D-1785-4627-A33C-39FD90919300}" = The Sims™ 2 Djurliv

"{4C964B9E-F8B0-4E60-8D1D-392CD77FA6F9}" = RagnarokOnline-Valkyrie

"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings

"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3

"{54A90A9E-E537-11DE-811A-005056806466}" = Google Earth Plug-in

"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3

"{5A70922D-9365-43CC-ADA9-CB84E4A54E4E}" = Windows Live Essentials

"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy

"{623446F8-D2D4-4942-9CA2-9D71ED8B24E9}" = Football Generation

"{65F6D25C-2B2B-4673-A81D-E7D7D72B29E4}" = Windows Live Family Safety

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3

"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All

"{6AF49698-949A-4C89-9B31-041D2CCB5FBD}" = muvee autoProducer 6.0

"{6B30FB1E-9F4A-49BA-9D74-174F1ECEB59D}" = Windows Live inloggningsassistenten

"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = The Sims 2

"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = The Sims 2 Arbetsliv

"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3

"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support

"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio

"{85262A06-2D8C-4BC1-B6ED-5A705D09CFFC}" = Apache HTTP Server 2.2.8

"{8626171E-41C9-47D2-A24A-FF6231E4F688}" = eBay Motors GRID Demo

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

"{8AA037A8-E104-493A-A962-8D58535A0198}" = MySQL Server 5.0

"{8BA42EAE-19AD-4bf2-88C0-0232B1FBFDE2}" = Microsoft Works

"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3

"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3

"{9085041D-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003

"{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings

"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime

"{9799BD05-5F89-484C-008E-F50592F53440}" = Harry Potter and the Goblet of Fire™

"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6

"{99A40651-0BC2-4095-8F9A-A40FAB224FEF}" = PC Connectivity Solution

"{9A00D1BA-D03A-44E5-AF28-86A1F377DF61}" = The Sims Makin' Magic

"{9BBE7AA1-AFA8-4D76-8FC2-1FDFD9BD3371}" = Windows Live Mail

"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3

"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack

"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback

"{A1288842-D600-453F-B61F-6C2AA3D6A528}" = Ragnarok Online

"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps

"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific

"{A347C572-F7B4-43A3-BD51-FFC99184F70D}" = Jurassic Park Operation Genesis

"{A4CBCF09-0C7E-40AA-0080-34B8A5CFE7FA}" = Harry Potter and the Prisoner of Azkaban

"{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}" = SimCity 4 Deluxe

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}" = Nokia PC Suite

"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements

"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings

"{AC76BA86-7AD7-1053-7B44-A81200000003}" = Adobe Reader 8.1.2 - Svenska

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0

"{B4FEA924-630D-11D4-B78E-005004566E4D}" = ViewSonic Monitor Drivers

"{B6F5B704-06D3-4687-90F3-6195304AD755}" = The Sims™ 2 Livet i lägenhet

"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0

"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3

"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)

"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3

"{C12D609B-EB71-411B-82C3-9BE6D40435D7}" = Google SketchUp LayOut 6

"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2

"{C3FE3DD5-92E1-4EC3-BD6B-822DD99E8991}" = Windows Live Photo Gallery

"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1

"{CFB8F552-804D-4A8E-00AD-F5A5671C82EF}" = Harry Potter II - Demo 1

"{D064F16E-88DA-4E8F-BBAE-0E2AA9A6AE61}" = VP6 Decoder

"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client

"{D17D8B97-F937-432F-88BD-382727D34441}" = EuropeMapleStory

"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup

"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files

"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential

"{DA15D535-5E1D-4076-B520-8571346D6238}" = Norton Security Scan

"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings

"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)

"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings

"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = The Sims™ 2 Året runt

"{E144A786-D2DD-428B-9C1A-0EE3FA3515EA}" = Rappelz_USA

"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

"{E31AC44E-2171-4BDF-AB11-B73FA70B7560}" = Adobe Setup

"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3

"{E8A23C59-0C28-4ADD-A29B-E2DEC3D72D81}" = Adobe Dreamweaver CS3

"{EB459C2F-41CA-4222-B9CA-F8EBA40B8DAB}" = Google SketchUp 6 Exporters

"{EC928237-A3BD-4640-ABD0-E49E758F2315}" = Windows Live Messenger

"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform

"{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}" = Adobe Stock Photos 1.0

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = The Sims 2 Nattliv

"{FD1B1980-8CAB-4474-89F8-1245AF657AD1}" = Harry Potter och Halvblodsprinsen™

"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update

"{FF4F668A-E199-431A-8D93-B2FD14FE3C5C}" = Windows Live Movie Maker

"0C5EDC3653FED5B121F464339EAC12534D253B25" = Windows-drivrutinspaket - Nokia Modem (02/15/2007 3.1)

"4077F884D1BB007055BDB83B621D87220A73F30F" = Windows-drivrutinspaket - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0)

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player

"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3

"Adobe_b3cfa559ce37a120d439ea67f79a7a9" = Adobe Dreamweaver CS3

"AhnLab Online Security" = AhnLab Online Security

"avast!" = avast! Antivirus

"B726756F5B5A5AA9D798B399386FC6205A45F19E" = Windows-drivrutinspaket - Nokia Modem (02/15/2007 3.1)

"BOTS Uninstall" = BOTS Uninstall

"CABAL Online (Europe)_is1" = CABAL Online

"CD8424B9400BFF7D34AA18F816C71322AC4BDAA7" = Windows-drivrutinspaket - Nokia Modem (05/24/2007 6.84.0.1)

"CPUID CPU-Z_is1" = CPUID CPU-Z 1.52

"Creative VF0260" = Creative Live! Cam Vista IM Driver (1.10.04.00)

"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)

"EarthDesk" = EarthDesk

"ENTERPRISE" = Microsoft Office Enterprise 2007

"EVEREST Corporate Edition_is1" = EVEREST Corporate Edition v5.02

"Family Tree Builder" = MyHeritage Family Tree Builder

"FileZilla Client" = FileZilla Client 3.3.0

"Fraps" = Fraps (remove only)

"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 2.4

"FreeCall_is1" = FreeCall

"Gunz" = ijji - Gunz

"HijackThis" = HijackThis 2.0.2

"HP Photosmart Essential" = HP Photosmart Essential 3.5

"InstallShield_{A347C572-F7B4-43A3-BD51-FFC99184F70D}" = Jurassic Park Operation Genesis

"LastFM_is1" = Last.fm 1.5.4.24567

"LimeWire" = LimeWire 4.16.6

"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)

"Maestro-K34P-5STG-T7VR4V71LIZJ" = Gustaf - LÄSNING 6-7

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Mat Hoffman's Pro BMX" = Mat Hoffman's Pro BMX

"McDonald's Dragons " = McDonald's Dragons

"MediaCoder" = MediaCoder 0.6.0

"Messenger Plus! Live" = Messenger Plus! Live

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"MilkShape 3D 1.8.4" = MilkShape 3D 1.8.4

"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)

"MV RegClean 5.9_is1" = MV RegClean 5.9

"Nokia PC Suite" = Nokia PC Suite

"Notepad++" = Notepad++

"NVIDIA Drivers" = NVIDIA Drivers

"OpenAL" = OpenAL

"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator

"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools

"Pet Soccer" = Pet Soccer

"RealPlayer 6.0" = RealPlayer

"SimCity2000CDv1" = SimCity 2000® Special Edition

"SimPE_is1" = SimPE 0.72 (alpha)

"SolidStateIONIE" = Solid State ION Internet Explorer Plugin

"UnityWebPlayer" = Unity Web Player

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = Arquivo do WinRAR

"VLC media player" = VLC media player 0.9.6

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-316284770-1064195047-592160855-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"BitTorrent DNA" = DNA

"ijji FireFox Launcher" = ijji FireFox Launcher 1.0

"ijji.com" = ijji

"uTorrent" = µTorrent

 

========== Last 10 Event Log Errors ==========

 

[ Antivirus Events ]

Error - 2008-12-20 16:48:49 | Computer Name = Hemdatorn | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

C:\Users\Diogo Moreira\Contacts\anamoreira45@hotmail.com\contactcoll.cache failed,

000005AD.

 

Error - 2008-12-20 17:36:53 | Computer Name = Hemdatorn | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

C:\Users\Diogo Moreira\Contacts\anamoreira45@hotmail.com\contactcoll.cache failed,

000005AD.

 

Error - 2008-12-20 17:38:10 | Computer Name = Hemdatorn | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

C:\Users\Diogo Moreira\AppData\Local\Microsoft\Messenger\anamoreira45@hotmail.com\SharingMetadata\Working\database_AC8C_DAD9_8CDA_9D60\dfsr.db

failed, 000005AD.

 

Error - 2008-12-20 17:38:12 | Computer Name = Hemdatorn | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

C:\Users\Diogo Moreira\AppData\Local\Microsoft\Messenger\anamoreira45@hotmail.com\SharingMetadata\Working\database_AC8C_DAD9_8CDA_9D60\dfsr.db

failed, 000005AD.

 

Error - 2008-12-20 17:38:12 | Computer Name = Hemdatorn | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

C:\Users\Diogo Moreira\AppData\Local\Microsoft\Messenger\anamoreira45@hotmail.com\SharingMetadata\Working\database_AC8C_DAD9_8CDA_9D60\dfsr.db

failed, 000005AD.

 

Error - 2008-12-20 17:38:12 | Computer Name = Hemdatorn | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

C:\Users\Diogo Moreira\AppData\Local\Microsoft\Messenger\anamoreira45@hotmail.com\SharingMetadata\Working\database_AC8C_DAD9_8CDA_9D60\dfsr.db

failed, 000005AD.

 

Error - 2008-12-20 17:39:15 | Computer Name = Hemdatorn | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

C:\Users\Diogo Moreira\AppData\Local\Microsoft\Messenger\anamoreira45@hotmail.com\SharingMetadata\anairia_20@hotmail.com\DFSR\Staging\CS{BC21811C-F29F-CAF8-DE99-53D9C8C443CB}\72\720-{F8C895C5-FCB7-40E6-8833-B86E42331710}-v272-{9023788D-A329-4CB1-BD1A-EFCC11CB943D}-v720-Downloading.frx

failed, 000005AD.

 

Error - 2009-04-08 02:05:20 | Computer Name = Hemdatorn | Source = avast! | ID = 33554522

Description = Internal error has occurred in module basEncodeFileToSubmit failed!

, function 00000002.

 

Error - 2009-04-08 03:58:43 | Computer Name = Hemdatorn | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

E:\Setup.exe failed, 00000015.

 

Error - 2009-06-24 15:02:22 | Computer Name = Hemdatorn | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

C:\Program Files\Symantec\LiveUpdate\UNRAR.DLL failed, 00000005.

 

[ Application Events ]

Error - 2010-01-09 10:38:39 | Computer Name = Hemdatorn | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description =

 

Error - 2010-01-09 10:38:48 | Computer Name = Hemdatorn | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description =

 

Error - 2010-01-09 10:38:54 | Computer Name = Hemdatorn | Source = WerSvc | ID = 5007

Description =

 

Error - 2010-01-09 11:06:25 | Computer Name = Hemdatorn | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description =

 

Error - 2010-01-09 20:27:15 | Computer Name = Hemdatorn | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description =

 

Error - 2010-01-09 20:40:48 | Computer Name = Hemdatorn | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description =

 

Error - 2010-01-10 02:13:26 | Computer Name = Hemdatorn | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description =

 

Error - 2010-01-10 02:13:44 | Computer Name = Hemdatorn | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description =

 

Error - 2010-01-10 02:19:59 | Computer Name = Hemdatorn | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description =

 

Error - 2010-01-10 02:39:24 | Computer Name = Hemdatorn | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description =

 

[ OSession Events ]

Error - 2008-12-02 17:41:37 | Computer Name = Hemdatorn | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 35

seconds with 0 seconds of active time. This session ended with a crash.

 

Error - 2009-06-29 08:44:38 | Computer Name = Hemdatorn | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 8

seconds with 0 seconds of active time. This session ended with a crash.

 

Error - 2009-06-29 08:45:01 | Computer Name = Hemdatorn | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 0

seconds with 0 seconds of active time. This session ended with a crash.

 

Error - 2009-06-29 08:45:18 | Computer Name = Hemdatorn | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 24

seconds with 0 seconds of active time. This session ended with a crash.

 

Error - 2009-10-22 02:44:26 | Computer Name = Hemdatorn | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 23

seconds with 0 seconds of active time. This session ended with a crash.

 

[ System Events ]

Error - 2010-01-09 10:44:11 | Computer Name = Hemdatorn | Source = DCOM | ID = 10010

Description =

 

Error - 2010-01-09 10:54:55 | Computer Name = Hemdatorn | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001

Description =

 

Error - 2010-01-10 02:12:37 | Computer Name = Hemdatorn | Source = ACPI | ID = 327686

Description = IRQARB: ACPI BIOS har inte någon IRQ för enheten i PCI-fack 9, funktion

0. Kontakta återförsäljaren för teknisk support.

 

Error - 2010-01-10 02:12:37 | Computer Name = Hemdatorn | Source = ACPI | ID = 327686

Description = IRQARB: ACPI BIOS har inte någon IRQ för enheten i PCI-fack 11, funktion

0. Kontakta återförsäljaren för teknisk support.

 

Error - 2010-01-10 02:12:38 | Computer Name = Hemdatorn | Source = Application Popup | ID = 875

Description = Drivrutinen sfvfs02.sys har blockerats för inläsning

 

Error - 2010-01-10 02:14:44 | Computer Name = Hemdatorn | Source = Service Control Manager | ID = 7000

Description =

 

Error - 2010-01-10 02:14:44 | Computer Name = Hemdatorn | Source = Service Control Manager | ID = 7000

Description =

 

Error - 2010-01-10 02:14:44 | Computer Name = Hemdatorn | Source = Service Control Manager | ID = 7026

Description =

 

Error - 2010-01-10 02:19:31 | Computer Name = Hemdatorn | Source = DCOM | ID = 10010

Description =

 

Error - 2010-01-10 02:29:01 | Computer Name = Hemdatorn | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001

Description =

 

 

< End of report >

 

E log de Malwarebytes:

 

Malwarebytes' Anti-Malware 1.44

Versão do banco de dados: 3531

Windows 6.0.6000

Internet Explorer 7.0.6000.16681

 

2010-01-10 07:10:02

mbam-log-2010-01-10 (07-10-02).txt

 

Tipo de Verificação: Completa (C:\|D:\|)

Objetos verificados: 604568

Tempo decorrido: 7 hour(s), 54 minute(s), 39 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registo infectadas: 49

Valores do Registo infectados: 1

Ítens do Registo infectados: 0

Pastas infectadas: 16

Ficheiros infectados: 179

 

Processos da Memória infectados:

(Nenhum item malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum item malicioso foi detectado)

 

Chaves do Registo infectadas:

HKEY_CLASSES_ROOT\browsingenhancer.browserwatcher (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\browsingenhancer.browserwatcher.1 (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\browsingenhancer.---pro_bho (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\browsingenhancer.---pro_bho.1 (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\browsingenhancer.precachebrowserhost (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\browsingenhancer.precachebrowserhost.1 (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\hbmain.commband (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\hbmain.commband.1 (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\hbr.hbmain (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\hbr.hbmain.1 (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\hostie.bho (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\hostie.bho.1 (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\videoegg.activexloader (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{168dc258-1455-4e61-8590-9dac2f27b675} (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{1a8642f1-dc80-4edc-a39d-0fb62a58b455} (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{3f91eb90-ef62-44ee-a685-fac29af111cd} (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{5c29c7e4-5321-4cad-be2e-877666bed5df} (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{83dfb6ee-ab18-41b5-86d4-b544a141d67e} (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{88d6cf0e-cf70-4c24-bf6e-e4e414bc649c} (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{8f6a82a2-d7b1-443e-bb9f-f7dc887dd618} (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{9856e2d8-ffb2-4fe5-8cad-d5ad6a35a804} (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{a3d06987-c35e-49e4-8fe2-ac67b9fbfb4c} (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{a58c497b-3ee2-45e7-9594-daca6be2a0d0} (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{ad0a3058-fd49-4f98-a514-fd055201835e} (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{ad5915ea-b61a-4dba-b5c8-ef4b2df0a3c7} (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{bb187c0d-6f53-4f3e-9590-98fd3a7364a2} (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{c5041fd9-4819-4dc4-b20e-c950b5b03d2a} (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{d17726cc-d4dd-4c4a-9671-471d56e413b5} (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{db8cce99-59c6-4552-8bfc-058feb38d6ce} (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{dc3a04ee-cdd7-4407-915c-a5502f97eecd} (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{e1a63484-a022-4d42-830a-fbd411514440} (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{e282c728-189d-419e-8ee2-1601f4b39ba5} (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\videoegg.activexloader.1 (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\{40b2127e-cc18-37d0-43ca-afa158c64001} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\videoegg (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\browsingenhancer (Adware.PLayMP3z) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\playmp3 (Adware.PLayMP3z) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\LREC75DND7 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\E8WECRKKMV (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\BrowsingEnhancer.dll (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\BrowsingEnhancer (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\MozillaPlugins\@videoegg.com/publisher,version=1.5 (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PLayMP3z) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videoegg.com/publisher,version=1.5 (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.

 

Valores do Registo infectados:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\losalamos (Trojan.Downloader) -> Quarantined and deleted successfully.

 

Ítens do Registo infectados:

(Nenhum item malicioso foi detectado)

 

Pastas infectadas:

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Loader (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Loader\4665 (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520 (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\messages (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4665 (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Updater (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Updater\4665 (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Program Files\A360 (Rogue.A360AntiVirus) -> Quarantined and deleted successfully.

C:\Program Files\BrowsingEnhancer (Adware.PLayMP3z) -> Quarantined and deleted successfully.

C:\Program Files\PlayMP3z (Adware.PLayMP3z) -> Quarantined and deleted successfully.

C:\Users\Tiago Moreira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlayMP3z (Adware.PLayMP3z) -> Quarantined and deleted successfully.

 

Ficheiros infectados:

C:\Windows\System32\sshnas.dll (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Loader\4665\npvideoegg-loader.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Local\Temp\563.exe (Worm.Autorun) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Local\Temp\434.exe (Worm.Autorun) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Local\Temp\466.exe (Worm.Autorun) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Local\Temp\175.exe (Worm.Autorun) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Local\Temp\584.exe (Worm.Autorun) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Local\Temp\616.exe (Worm.Autorun) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Local\Temp\627.exe (Worm.Autorun) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Local\Temp\660.exe (Worm.Autorun) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Local\Temp\820.exe (Worm.Autorun) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Local\Temp\867.exe (Worm.Autorun) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Local\Temp\877.exe (Worm.Autorun) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Local\Temp\a.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Updater\updater.exe (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Updater\VideoEggBroker.exe (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Updater\VideoEggBroker.exe.old (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Paulino Moreira\AppData\Local\Temp\130.exe (Worm.Autorun) -> Quarantined and deleted successfully.

C:\Users\Paulino Moreira\AppData\Local\Temp\301.exe (Worm.Autorun) -> Quarantined and deleted successfully.

C:\Users\Paulino Moreira\AppData\Local\Temp\949.exe (Worm.Autorun) -> Quarantined and deleted successfully.

C:\Users\Tiago Moreira\AppData\Local\Temp\upd5F74.tmp.exe (Trojan.BHO) -> Quarantined and deleted successfully.

C:\Users\Tiago Moreira\AppData\Local\Temp\tem9257.tmp.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\Tiago Moreira\AppData\Local\Temp\temFABB.tmp.exe (Trojan.BHO) -> Quarantined and deleted successfully.

C:\Windows\Temp\TMP000000026EE9B04737F65099 (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Uninstall.exe (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Loader\loader.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\publisher.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\avcodec.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\crashRpt.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\FLVEncoder.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\lame_enc.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\LevelMeter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\libpng.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\npvideoegg-publisher.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\VideoEgg_FLVWriter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\zlib.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\aol_watermark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\audio_combo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\audio_source.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\big_gray_logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\big_logo_cropped.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\blank_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorders_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorder_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorder_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_left_curve.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_top_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\done.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_horiz.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_vertical.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropzone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_instructions.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\eraser.CUR (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\eraser_cursor.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\file_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\file_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\help.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorders.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_ff.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_file_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_file_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_phone_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_phone_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcams.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\loading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\loading_movie.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\locating.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_bottom.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_middle.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_top.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_slide_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\movie_placeholder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fast_forward_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind_to_start.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\playhead.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\powered_by.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\progress.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\restart.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\restart_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_over_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\tab_slide_deselected.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\tape_control.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_camcorder_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_file.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_file_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_phone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_phone_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_webcam_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_medium.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_thumbnail.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_from.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_gray.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_green.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_orange.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_red.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\waiting_for_email.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcams_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcam_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcam_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\messages\messages.en-US.bundle (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Updater\updater.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Updater\4665\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Roaming\VideoEgg\Updater\4665\updater.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.

C:\Program Files\A360\av360.exe.tmp (Rogue.A360AntiVirus) -> Quarantined and deleted successfully.

C:\Program Files\BrowsingEnhancer\BrowsingEnhancer.dat (Adware.PLayMP3z) -> Quarantined and deleted successfully.

C:\Program Files\BrowsingEnhancer\pcre3.dll (Adware.PLayMP3z) -> Quarantined and deleted successfully.

C:\Program Files\BrowsingEnhancer\uninstall.exe (Adware.PLayMP3z) -> Quarantined and deleted successfully.

C:\Program Files\PlayMP3z\uninstall.exe (Adware.PLayMP3z) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Local\Temp\b.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Users\Diogo Moreira\AppData\Local\Temp\c.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

 

 

Obrigada!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá _The_Punk_Rocker_ o Digram teve que se ausentar e vou assumir o caso em diante.

 

• Execute o OTL.exe.

• Copie estas informações que estão no Quote, para o campo clipboard da ferramenta. ( Custom Scans/Fixes )

 

:files

C:\found.002

C:\found.001

C:\Windows\tasks\User_Feed_Synchronization-{C317DACC-71D5-431E-8CDD-7C664B22605B}.job

 

:otl

O4 - HKLM..\Run: [] File not found

O33 - MountPoints2\{d84ef5ce-645c-11dd-98b7-001bfc68f30a}\Shell\AutoRun\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhx32.exe

O33 - MountPoints2\{d84ef5ce-645c-11dd-98b7-001bfc68f30a}\Shell\open\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhx32.exe

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

 

:Commands

[resethosts]

[purity]

[emptytemp]

[Reboot]

 

• Clique no botão Run Fix --> Aguarde a conclusão!

• Terminando,vá até a pasta: C:\_OTL\MovedFiles\*.log <-- Poste!

 

Logo em seguida use o UsbFix de acordo com esse link

 

Abraços

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desculpem estar a fazer outro double-post (o botão de editar está desaparecido de novo...), mas quando colei esse pedaço de texto no custom scans/fixes e carreguei em run fix, o computador já está a executar o mesmo há mais 10 horas. Lá em baixo na barra diz:

"Moving C:\found.002..."

O que devo fazer? Estou a acessar o fórum num computador da escola actualmente.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Use somento o Usbfix no momento por favor.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Sim, fexe-o.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Pronto, o USBFix já foi executado, que devo fazer a seguir?

 

PS. Se isto significa alguma coisa, há alguns ficheiros desconhecidos no pc e no meu desktop, penso que seja do OTL quando encravou. Bem só queria dizer isso. Obrigada dese já.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Esqueceu de postar o log do UsbFix

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ah afinal era para postar também. xD Aqui vai:

 

 

############################## | UsbFix V6.073 |

 

User : Diogo Moreira (Administratörer) # HEMDATORN

Update on 09/01/2010 by El Desaparecido , C_XX & Chimay8

Start at: 22:59:22 | 2010-01-13

Website : http://pagesperso-orange.fr/NosTools/index.html

Contact : FindyKill.Contact@gmail.com

 

AMD Athlon 64 Processor 3800+

Microsoft® Windows Vista™ Home Basic (6.0.6000 32-bit) #

Internet Explorer 7.0.6000.16681

Windows Firewall Status : Enabled

 

C:\ -> Local Fixed Disk # 225,97 Go (17,72 Go free) [HP] # NTFS

D:\ -> Local Fixed Disk # 6,91 Go (1,26 Go free) [Recovery] # NTFS

E:\ -> CD-ROM Disc

F:\ -> Removable Disk

G:\ -> Removable Disk

H:\ -> Removable Disk

I:\ -> Removable Disk

J:\ -> CD-ROM Disc

K:\ -> CD-ROM Disc

 

############################## | Processos activos |

 

C:\Windows\System32\smss.exe 452

C:\Windows\system32\csrss.exe 516

C:\Windows\system32\wininit.exe 560

C:\Windows\system32\csrss.exe 568

C:\Windows\system32\services.exe 608

C:\Windows\system32\lsass.exe 620

C:\Windows\system32\lsm.exe 628

C:\Windows\system32\winlogon.exe 656

C:\Windows\system32\svchost.exe 816

C:\Windows\system32\nvvsvc.exe 872

C:\Windows\system32\svchost.exe 888

C:\Windows\System32\svchost.exe 928

C:\Windows\system32\LogonUI.exe 976

C:\Windows\System32\svchost.exe 992

C:\Windows\System32\svchost.exe 1084

C:\Windows\system32\svchost.exe 1100

C:\Windows\system32\SLsvc.exe 1204

C:\Windows\system32\svchost.exe 1240

C:\Windows\system32\svchost.exe 1340

C:\Windows\system32\rundll32.exe 1392

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 1528

C:\Program Files\Alwil Software\Avast4\ashServ.exe 1544

C:\Windows\System32\spoolsv.exe 1852

C:\Windows\system32\svchost.exe 1880

C:\Program Files\Alwil Software\Avast4\setup\avast.setup 2016

C:\Windows\system32\taskeng.exe 940

C:\Windows\system32\userinit.exe 1164

C:\Windows\system32\Dwm.exe 1316

C:\Windows\Explorer.EXE 1476

C:\Windows\system32\runonce.exe 1488

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 1920

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe 908

C:\Program Files\Bonjour\mDNSResponder.exe 2168

C:\Program Files\Google\Update\GoogleUpdate.exe 2192

c:\Program Files\Common Files\LightScribe\LSSrvc.exe 2260

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe 2320

C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe 2352

C:\Program Files\Google\Update\GoogleUpdate.exe 2360

C:\Windows\system32\svchost.exe 2396

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 2432

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe 2488

C:\Windows\system32\svchost.exe 2524

C:\Windows\System32\svchost.exe 2604

C:\Windows\system32\SearchIndexer.exe 2688

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe 2884

C:\Windows\system32\WUDFHost.exe 2904

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 2920

C:\Windows\system32\wbem\wmiprvse.exe 3416

C:\Windows\system32\taskeng.exe 3480

C:\Windows\system32\OGAExec.exe 3648

 

################## | Ficheiros # pastas infeciosos |

 

Supprimido ! C:\Users\DIOGOM~1\AppData\Local\Temp\7z462.exe

Supprimido ! C:\$Recycle.Bin\S-1-5-21-316284770-1064195047-592160855-1000

Supprimido ! C:\$Recycle.Bin\S-1-5-21-316284770-1064195047-592160855-1001

Supprimido ! C:\$Recycle.Bin\S-1-5-21-316284770-1064195047-592160855-1002

Supprimido ! C:\$Recycle.Bin\S-1-5-21-316284770-1064195047-592160855-1003

Supprimido ! C:\$Recycle.Bin\S-1-5-21-316284770-1064195047-592160855-1004

Supprimido ! C:\$Recycle.Bin\S-1-5-21-316284770-1064195047-592160855-1007

Supprimido ! C:\$Recycle.Bin\S-1-5-21-316284770-1064195047-592160855-1010

Supprimido ! C:\$Recycle.Bin\S-1-5-21-316284770-1064195047-592160855-501

Supprimido ! C:\Recycler\S-1-5-21-7384633042-2799546192-140258171-0972

Supprimido ! D:\$Recycle.Bin\S-1-5-21-316284770-1064195047-592160855-1000

Supprimido ! D:\$Recycle.Bin\S-1-5-21-316284770-1064195047-592160855-1001

Supprimido ! D:\$Recycle.Bin\S-1-5-21-316284770-1064195047-592160855-1002

Supprimido ! D:\$Recycle.Bin\S-1-5-21-316284770-1064195047-592160855-1003

Supprimido ! D:\$Recycle.Bin\S-1-5-21-316284770-1064195047-592160855-1004

Supprimido ! D:\$Recycle.Bin\S-1-5-21-316284770-1064195047-592160855-1007

Supprimido ! D:\$Recycle.Bin\S-1-5-21-316284770-1064195047-592160855-1010

Supprimido ! D:\$Recycle.Bin\S-1-5-21-316284770-1064195047-592160855-501

 

################## | Registro # Chaves infectieuses |

 

 

################## | Registro # Mountpoints2 |

 

Supprimido ! HKCU\...\Explorer\MountPoints2\{d84ef5ce-645c-11dd-98b7-001bfc68f30a}\Shell\AutoRun\Command

 

################## | Listing |

 

[2007-05-26 17:05|--a------|74] C:\autoexec.bat

[2006-11-02 10:53|-rahs----|438840] C:\bootmgr

[2007-05-27 02:00|-ra-s----|8192] C:\BOOTSECT.BAK

[2006-09-18 22:43|--a------|10] C:\config.sys

[?|?|?] C:\hiberfil.sys

[2008-02-01 16:02|--a------|3477184] C:\Identity live at the Roxy.mp3

[2009-03-08 19:49|--a------|378] C:\ijjiFFPlugin.log

[2007-09-09 13:33|-rahs----|0] C:\IO.SYS

[2007-09-09 13:33|-rahs----|0] C:\MSDOS.SYS

[?|?|?] C:\pagefile.sys

[2007-05-26 16:44|--a------|471] C:\RHDSetup.log

[2008-12-06 00:04|--a------|594] C:\updatedatfix.log

[2010-01-13 23:11|--a------|5334] C:\UsbFix.txt

[2006-10-04 00:02|--ahs----|438328] D:\boo.mgr

[2006-11-02 00:53|--ahs----|438840] D:\bootmgr

[2006-10-13 15:00|--ahs----|1322] D:\Desktop.ini

[2007-05-27 05:04|--ahs----|277] D:\MASTER.LOG

[2007-08-23 16:12|---hs----|429] D:\pcdr.ini

[2004-11-22 15:28|--ahs----|181648] D:\Protect.ed

[2007-05-27 04:59|--ahs----|45] D:\RESTORE.INI

[2007-02-07 14:56|--ahs----|34] D:\SystemRecovery.txt

 

################## | Vaccinação |

 

# C:\autorun.inf -> Folder criado por UsbFix.

# D:\autorun.inf -> Folder criado por UsbFix.

 

################## | Crack > Keygen > Serial |

 

"C:\Users\Diogo Moreira\Documents\Downloads\Harry Potter - Order of Pheonix\Crack\hatred.exe"

2008-10-26 17:52 |Size 163840 |Crc32 7ca0e64b |Md5 0ffe2291a6d819a89856decba1c8cf19

 

"C:\Users\Diogo Moreira\Documents\Downloads\Harry Potter - Order of Pheonix\Crack\hp.exe"

2008-10-26 17:59 |Size 5427200 |Crc32 ff992a6d |Md5 4c852b5e46484b5600c309b3867afc9e

 

"C:\Users\Diogo Moreira\Documents\Downloads\Harry Potter - Order of Pheonix\Crack\keygen.exe"

2008-10-26 17:36 |Size 81920 |Crc32 3bf916c6 |Md5 9b33d67e6d3b1527984be37c5576ecbf

 

"C:\UsbFix\Quarantine\C\$RECYCLE.BIN\S-1-5-21-316284770-1064195047-592160855-1000.UsbFix\$RVPQOJO.org]\C U R A\Crack&Mini.Image.rar"

-> contain : Crack\Sims2.exe

 

 

################## | ! Fim do relatório # UsbFix V6.073 ! |

Compartilhar este post


Link para o post
Compartilhar em outros sites

Faça o download do ComboFix de um destes locais:

 

Link 1.

Link 2.

Link 3.

 

Importante!

Você não deve usar Combofix a menos que você tenha sido instruído a fazê-lo por um análista de segurança.

Destina-se pelo seu criador para ser utilizado sob orientação e supervisão de um especialista, e não para uso privado.

Utilizando esta ferramenta incorreto poderia levar a desastrosa problemas com o seu sistema operacional.

 

Certifique-se de que você salvou ComboFix.exe para o seu desktop.

 

• Desabilite o seu Antivírus e AntiSpyware , geralmente através de um clique direito sobre o ícone da bandeja do sistema. Eles podem interferir na execução da ferramenta.

 

• Dê um duplo clique no ComboFix.exe & siga as instruções.

 

• Como parte de seu processo, ComboFix irá verificar se o Microsoft Windows Recovery Console está instalado. Como as infecções de malware são hoje, é fortemente recomendado que esteja pré-instalado em sua máquina antes de fazer qualquer remoção de malware. Ela permitirá que você arrancar em especial uma recuperação / reparação modo a permitir-nos-á mais fácil ajudá-lo a seu computador deve ter um problema após uma tentativa de remoção de malware.

 

• Siga as instruções para permitir ComboFix para baixar e instalar o Microsoft Windows Recovery Console e, quando for solicitado, concordar com o End-User License Agreement para instalar o Microsoft Windows Recovery Console.

 

-- Atenção: Se a consola de recuperação do Microsoft Windows já estiver instalado, ComboFix irá continuar a sua remoção malware procedimentos.

 

RcAuto1.gif

 

Uma vez que o Microsoft Windows Recovery Console é instalado usando o ComboFix, você deverá ver a seguinte mensagem:

 

whatnext.png

 

Clique em Sim, para continuar a varredura de malware.

 

Quando terminar, ela deve produzir um log para você. Poste o relatorio do combofix que estar em C: \ ComboFix.txt junto com um log do hijackthis.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ah é estranho... o meu pc tinha só 17 gb de espaço livre e agora depois da varredura tem 40 gb. :huh: E apareceu um novo ícone do internet explorer no meu desktop. Aqui vão os logs:

 

ComboFix:

 

ComboFix 10-01-14.01 - Diogo Moreira 2010-01-14 21:19:10.1.1 - x86

Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.351.1053.18.2942.2061 [GMT 1:00]

Executando de: c:\users\Diogo Moreira\Desktop\ComboFix.exe

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\users\Miguel Moreira\autorun.inf

c:\users\Tiago Moreira\AppData\Local\Microsoft\Windows\Temporary Internet Files\ijjistarter_verinfo.dat

c:\windows\system32\twain_32.dll

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-12-15 to 2010-01-15 ))))))))))))))))))))))))))))

.

 

2010-01-15 06:39 . 2010-01-15 07:16 -------- d-----w- c:\users\Diogo Moreira\AppData\Local\temp

2010-01-15 06:39 . 2010-01-15 06:39 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-01-15 06:39 . 2010-01-15 06:39 -------- d-----w- c:\users\Paulino Moreira\AppData\Local\temp

2010-01-15 06:39 . 2010-01-15 06:39 -------- d-----w- c:\users\Nuno Moreira\AppData\Local\temp

2010-01-15 06:39 . 2010-01-15 06:39 -------- d-----w- c:\users\Miguel Moreira\AppData\Local\temp

2010-01-15 06:39 . 2010-01-15 06:39 -------- d-----w- c:\users\Maria Moreira\AppData\Local\temp

2010-01-15 06:39 . 2010-01-15 06:39 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp

2010-01-15 06:39 . 2010-01-15 06:39 -------- d-----w- c:\users\Tiago Moreira\AppData\Local\temp

2010-01-13 21:56 . 2010-01-13 22:58 -------- d-----w- C:\UsbFix

2010-01-12 22:04 . 2010-01-12 22:04 -------- d-----w- C:\_OTL

2010-01-08 03:49 . 2010-01-08 03:49 -------- d-----w- c:\users\Diogo Moreira\AppData\Roaming\Malwarebytes

2010-01-08 03:49 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-08 03:49 . 2010-01-08 03:49 -------- d-----w- c:\programdata\Malwarebytes

2010-01-08 03:49 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-01-08 03:49 . 2010-01-09 16:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-12-31 12:13 . 2009-12-31 12:13 -------- d-----w- c:\program files\Trend Micro

2009-12-28 21:49 . 2009-12-28 21:49 -------- d-----w- c:\program files\Marcos Velasco Security

2009-12-24 13:25 . 2009-12-24 13:25 -------- d-----w- c:\users\Miguel Moreira\5DB65884C9634454AABA4CA3089281FA.TMP

2009-12-24 13:11 . 2009-09-17 10:35 -------- d-----w- c:\users\Miguel Moreira\Support

2009-12-24 13:11 . 2009-09-16 11:19 7887120 ----a-w- c:\users\Miguel Moreira\shiftdemo.exe

2009-12-24 13:11 . 2009-09-17 10:35 -------- d-----w- c:\users\Miguel Moreira\Redistributable

2009-12-24 13:11 . 2009-09-17 10:35 -------- d-----w- c:\users\Miguel Moreira\PhysX

2009-12-24 13:08 . 2009-09-17 10:34 -------- d-----w- c:\users\Miguel Moreira\Pakfiles

2009-12-24 13:07 . 2009-08-24 15:46 1688848 ----a-r- c:\users\Miguel Moreira\GDFBinary.dll

2009-12-24 13:07 . 2009-08-28 08:20 423184 ----a-w- c:\users\Miguel Moreira\EASetup.exe

2009-12-24 13:06 . 2009-09-17 10:35 -------- d-----w- c:\users\Miguel Moreira\DirectX

2009-12-24 13:06 . 2009-07-29 09:55 419088 ----a-w- c:\users\Miguel Moreira\AutoRun.exe

2009-12-24 13:06 . 2009-09-17 10:35 -------- d-----w- c:\users\Miguel Moreira\Autorun

2009-12-24 13:06 . 2009-09-17 09:31 10810880 ----a-r- c:\users\Miguel Moreira\autorun.dat

2009-12-23 17:28 . 2009-12-23 17:28 -------- d-----w- c:\users\Nuno Moreira\AppData\Roaming\Unity

2009-12-23 17:25 . 2009-12-23 17:25 -------- d-----w- c:\users\Nuno Moreira\AppData\Local\Unity

2009-12-20 04:27 . 2009-12-20 04:27 -------- d-----w- c:\program files\Gravity

2009-12-18 17:19 . 2009-12-18 17:19 -------- d-----w- c:\users\Miguel Moreira\AppData\Local\Apple

2009-12-17 13:29 . 2010-01-12 22:09 -------- d-----w- C:\found.002

2009-12-16 19:10 . 2009-12-16 19:10 -------- d-----w- C:\found.001

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-01-01 08:16 . 2007-10-28 16:16 126112 ----a-w- c:\users\Maria Moreira\AppData\Local\GDIPFONTCACHEV1.DAT

2009-12-30 05:24 . 2007-08-23 16:19 126112 ----a-w- c:\users\Paulino Moreira\AppData\Local\GDIPFONTCACHEV1.DAT

2009-12-29 17:58 . 2007-08-23 15:15 126112 ----a-w- c:\users\Diogo Moreira\AppData\Local\GDIPFONTCACHEV1.DAT

2009-12-29 17:05 . 2008-08-23 11:33 126112 ----a-w- c:\users\Nuno Moreira\AppData\Local\GDIPFONTCACHEV1.DAT

2009-12-29 15:27 . 2009-12-12 11:10 126112 ----a-w- c:\users\Miguel Moreira\AppData\Local\GDIPFONTCACHEV1.DAT

2009-12-29 13:32 . 2009-07-11 06:57 126112 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT

2009-12-29 13:32 . 2007-08-23 16:38 8224 ----a-w- c:\users\Tiago Moreira\AppData\Local\GDIPFONTCACHEV1.DAT

2009-12-24 06:07 . 2007-05-26 15:44 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-12-24 05:20 . 2009-08-24 21:50 -------- d-----w- c:\program files\Guild Wars

2009-12-24 05:19 . 2007-09-07 16:16 -------- d-----w- c:\program files\BitComet

2009-12-20 20:00 . 2008-01-26 00:34 -------- d-----w- c:\users\Diogo Moreira\AppData\Roaming\uTorrent

2009-12-20 04:44 . 2007-08-23 17:25 -------- d-----w- c:\program files\Java

2009-12-19 03:49 . 2008-10-26 02:27 -------- d-----w- c:\programdata\Microsoft Help

2009-12-12 11:10 . 2009-12-12 11:10 -------- d-----w- c:\users\Miguel Moreira\AppData\Roaming\PC Suite

2009-12-12 11:01 . 2007-08-23 14:55 8224 ----a-w- c:\windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT

2009-12-11 13:44 . 2008-05-23 15:21 -------- d-----w- c:\program files\Football Generation

2009-12-10 19:19 . 2008-11-07 00:17 -------- d-----w- c:\program files\FirstClass

2009-12-06 23:51 . 2009-12-06 23:48 69 ----a-w- c:\users\Diogo Moreira\jagex_runescape_preferences2.dat

2009-12-06 23:48 . 2008-11-15 02:22 39 ----a-w- c:\users\Diogo Moreira\jagex_runescape_preferences.dat

2009-11-24 23:54 . 2007-11-19 19:32 1280480 ----a-w- c:\windows\system32\aswBoot.exe

2009-11-24 23:50 . 2008-04-01 18:17 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys

2009-11-24 23:50 . 2008-04-01 18:17 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2009-11-24 23:49 . 2007-11-19 19:32 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2009-11-24 23:49 . 2007-11-19 19:32 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2009-11-24 23:48 . 2007-11-19 19:32 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2009-11-24 23:47 . 2007-11-19 19:32 97480 ----a-w- c:\windows\system32\AvastSS.scr

2009-11-22 16:12 . 2007-05-27 00:59 90558 ----a-w- c:\windows\system32\perfc01D.dat

2009-11-22 16:12 . 2007-05-27 00:59 479168 ----a-w- c:\windows\system32\perfh01D.dat

2009-11-16 19:10 . 2008-04-26 15:20 -------- d-----w- c:\users\Maria Moreira\AppData\Roaming\LimeWire

2009-11-02 19:42 . 2009-10-04 00:21 195456 ------w- c:\windows\system32\MpSigStub.exe

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48}"= "c:\program files\Family Toolbar\tbhelper.dll" [2009-05-07 355840]

 

[HKEY_CLASSES_ROOT\clsid\{1c4ab6a5-595f-4e86-b15f-f93cce2bbd48}]

[HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook.1]

[HKEY_CLASSES_ROOT\TypeLib\{1EA6B471-CAD2-419a-9539-0586EEFE2D09}]

[HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}]

2009-05-07 21:46 2642432 ----a-w- c:\program files\Family Toolbar\tbcore3.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Family Toolbar\tbcore3.dll" [2009-05-07 2642432]

 

[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]

[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]

[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]

[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Family Toolbar\tbcore3.dll" [2009-05-07 2642432]

 

[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]

[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]

[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]

[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-10 1232896]

"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883840]

"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-08-16 167368]

"FreeCall"="c:\program files\FreeCall.com\FreeCall\FreeCall.exe" [2008-09-01 9109296]

"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2009-02-19 2356088]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-05-26 1006264]

"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]

"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]

"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]

"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 4390912]

"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 517768]

"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-05-26 185896]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"DPService"="c:\program files\HP\DVDPlay\DPService.exe" [2007-12-18 90112]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-22 13539872]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-22 92704]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]

"Family Tree Builder Update"="c:\myheritage\Bin\FTBCheckUpdates.exe" [2009-01-14 113680]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-07 44168]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

 

c:\users\Tiago Moreira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Last.fm Helper.lnk - c:\program files\Last.fm\LastFMHelper.exe [2007-8-24 106496]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Monitor Apache Servers.lnk - c:\program files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2008-1-18 41041]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"HonorAutoRunSetting"= 0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"HonorAutoRunSetting"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2008-04-01 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2008-04-01 20560]

R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2007-11-19 53328]

S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [2007-09-09 685816]

S2 gupdate1c95234997d78cf;Google Update Service (gupdate1c95234997d78cf);c:\program files\Google\Update\GoogleUpdate.exe [2008-11-29 133104]

S3 Apache2.2;Apache2.2;c:\program files\Apache Software Foundation\Apache2.2\bin\httpd.exe [2008-01-18 24635]

S3 cpuz132;cpuz132;c:\windows\System32\drivers\cpuz132_x32.sys [2009-07-21 12672]

S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [2009-11-06 54632]

S3 fsssvc;Tjänsten Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]

S3 Mkd2kfNt;Mkd2kfNt;c:\windows\System32\drivers\Mkd2kfNT.sys [2009-05-03 131072]

S3 Mkd2Nadr;Mkd2Nadr;c:\windows\System32\drivers\Mkd2Nadr.sys [2009-05-03 79104]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 V0260VID;Live! Cam Vista IM;c:\windows\System32\drivers\V0260Vid.sys [2008-10-04 154560]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2008-11-29 15:22]

 

2010-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2008-11-29 15:22]

 

2007-10-22 c:\windows\Tasks\HPCeeScheduleForDiogo Moreira.job

- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2007-05-26 09:56]

 

2010-01-15 c:\windows\Tasks\User_Feed_Synchronization-{C317DACC-71D5-431E-8CDD-7C664B22605B}.job

- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]

.

.

------- Scan Suplementar -------

.

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\Diogo Moreira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk

FF - ProfilePath - c:\users\Diogo Moreira\AppData\Roaming\Mozilla\Firefox\Profiles\jh2fjusv.default\

FF - prefs.js: browser.startup.homepage - hxxp://search.myheritage.com/

FF - prefs.js: keyword.URL - hxxp://search.myheritage.com/?orig=ds&q=

FF - plugin: c:\program files\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll

FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

 

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

.

- - - - ORFÃOS REMOVIDOS - - - -

 

HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

AddRemove-ijji.com - c:\ijji\ENGLISH\ijjiUninstall.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-01-15 08:16

Windows 6.0.6000 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySQL]

"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Tempo para conclusão: 2010-01-15 08:29:43

ComboFix-quarantined-files.txt 2010-01-15 07:27

 

Pré-execução: 19 324 477 440 byte ledigt

Pós execução: 35 130 245 120 byte ledigt

 

- - End Of File - - 85AF2DA44D0A9C8271457406343C9145

 

HijackThis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:01:54, on 2010-01-15

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16681)

Boot mode: Safe mode

 

Running processes:

C:\Windows\Explorer.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: MHURLSearchHook Class - {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Program Files\Family Toolbar\tbhelper.dll

O1 - Hosts: ::1 localhost

O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: MHTBPos00 - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files\Family Toolbar\tbcore3.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Family Toolbar - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE

O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [DPService] "C:\Program Files\HP\DVDPlay\DPService.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

O4 - HKLM\..\Run: [Family Tree Builder Update] C:\MyHeritage\Bin\FTBCheckUpdates.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [FreeCall] "C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" -nosplash -minimized

O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"

O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')

O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Diogo Moreira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk

O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab

O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab

O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1206480373480

O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab

O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab

O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Update Service (gupdate1c95234997d78cf) (gupdate1c95234997d78cf) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)

O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

 

--

End of file - 11306 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

• Baixe: < '>http://eric.71.mespages.googlepages.com/ToolBarSD.exe"]ToolBar S&D >

• Salve-o no Disco Local-C, em uma pasta própria.

• Reinicie o computador, em Modo de Segurança. <-- Importante!

• Execute o programa, e à seguir, aperte o "p" --> Enter --> Ok.

• Digite o dois! ( 2 ) --> Aperte Enter --> Aguarde!

• Terminando, poste o relatório. ( C:\ToolBar SD\TB_1.txt )

Compartilhar este post


Link para o post
Compartilhar em outros sites

Aqui vai:

 

 

-----------\\ ToolBar S&D 1.2.9 XP/Vista

 

Microsoft® Windows Vista™ Home Basic ( v6.0.6000 )

X86-based PC ( Multiprocessor Free : AMD Athlon 64 Processor 3800+ )

BIOS : Phoenix - AwardBIOS v6.00PG

USER : Diogo Moreira ( Not Administrator ! )

BOOT : Fail-safe boot

C:\ (Local Disk) - NTFS - Total:225 Go (Free:42 Go)

D:\ (Local Disk) - NTFS - Total:6 Go (Free:1 Go)

E:\ (CD or DVD)

F:\ (USB)

G:\ (USB)

H:\ (USB)

I:\ (USB)

J:\ (CD or DVD)

K:\ (CD or DVD)

 

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )

Option : [2] ( 2010-01-15|21:07 )

 

[ UAC => 0 ]

 

-----------\\ Procura por Arquivos / Ficheiros ...

 

 

-----------\\ [..\Internet Explorer\Main]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

"Local Page"="C:\\Windows\\system32\\blank.htm"

"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.msn.com/"

"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

 

 

--------------------\\ Procurando por outras infecções

 

--------------------\\ Cracks & Keygens ..

 

C:\Users\DIOGOM~1\AppData\Roaming\Microsoft\Windows\Recent\SimCity 4 Deluxe + Crack.lnk

C:\Users\DIOGOM~1\AppData\Roaming\Microsoft\Windows\Recent\SimCity_4_Deluxe_w__Crack___Serial.3835360.TPB [mininova].lnk

C:\Users\DIOGOM~1\Documents\Downloads\Harry Potter - Order of Pheonix\Crack

C:\Users\DIOGOM~1\Documents\Downloads\Harry Potter - Order of Pheonix\Crack\hatred.exe

C:\Users\DIOGOM~1\Documents\Downloads\Harry Potter - Order of Pheonix\Crack\hp.exe

C:\Users\DIOGOM~1\Documents\Downloads\Harry Potter - Order of Pheonix\Crack\keygen.exe

C:\Users\DIOGOM~1\Documents\Downloads\Harry Potter - Order of Pheonix\Crack\xinput1_3.dll

C:\Users\DIOGOM~1\Downloads\SimCity 4 Deluxe + Crack.zip

C:\Users\DIOGOM~1\Downloads\SimCity_4_Deluxe_w__Crack___Serial.3835360.TPB [mininova].torrent

 

 

[ UAC => 1 ]

 

 

1 - "C:\ToolBar SD\TB_1.txt" - 2010-01-15|21:10 - Option : [2]

Compartilhar este post


Link para o post
Compartilhar em outros sites

Acesse este site:

http://www.kaspersky.com/kos/eng/partner/default/pages/default/check.html?n=1261360413531

 

Clique em Clipboard01-1.jpg

Siga as instruções de configuração do verificador conforme imagem abaixo.

kosjn0.gif

poste o log do scan aqui mesmo no tópico

Compartilhar este post


Link para o post
Compartilhar em outros sites

Hm, quando chego á parte onde aquilo baixa coisas, diz:

 

"Launch of the Java application is interrupted! PLease establish an uninterrupted Internet connection for work with this program."

 

Já tentei três vezes... :/

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.