[Arquivado] Cavalo Troia Generic 15.azym

[frederico ventura 0]

:natal_mad: Meus amigos, alguém sabe como me posso livrar deste trojam?? Está constantemente, no meu AVG, a pipocar uma mensagem de aviso deste trojam " cavalo de troia 15.AZYM ". Como posso fazer para o remover??? Julgo que está associado a um ficheiro do tipo svchost.exe, pois estes estão-se a multiplicar.

Alguém me pode ajudar. Obrigado

Frederico

---------------

---------------

Meu caro António, alegrou-me imenso a sua atenção para comigo.

Desde já digo que a minha experiência ao nível de informática nõ é assim por além, mas, vou dar o meu melhor para as suas solicitações a ver se resolvemos o meu problema.

Então é assim: o anti virus instalado no meu PC é o AVG. Desde segunda-feira comecei a receber uns avisos da protecção residente do AVG a comunicar-me a existência de uma ameaça descrita como: " Cavalo de Tróia Generic15.AZYM " e que removia imediatamente para a quarentena. Perante isto coloquei o AVG a scanear todo o PC e cujo resultado foi negativo, ou seja, não encontrava qualquer tipo de ameaça. Tenho um programa que é o - Spybooth & Destroy, que coloquei também a scanear. O resultado foi o mesmo, ou seja, nada detectado.

O que é certo é que continuava a aparecer as mensagens do Avg prot residente. O meu filhote é que ao aperceber-se da mensagem me disse que já a conhecia de outros amigos e que estaria relacionada com o ficheiro do windows svchost.exe. Quando acessamos a este ficheiro já lá se encontravam 3... tentamos eliminá-los (!!??) mas só conseguiamos fechar o PC. Entretanto apercebo-me que já não conseguia abrir a "Firewall" do windows, pois aparece-me uma mensagem que diz mis ou menos isto: "Devido a um problema desconhecido é impossível acessar à Firewall"!!

Bem, a partir daqui comecei a ficar realmente preocupado. Como eu supunha que o que me estaria a a invadir o PC seria um trojam, baixei um aplicacional chamado "Trojan Remover" e coloquei-o em funcionamento. Detectou ameaças mas também que estas estariam nos arquivos do AVG e que este possívelmente impediria o aceso às mesmas para as poder remover. Como eu não sei onde desactivar o AVG., também este aplicacional não me resolveu a situação.

Entretanto, a qtdd de ficheiros svchost.exe multiplicava-se, já são 9 instalados. :natal_mad:

Procurei tudo e mais alguma coisa sobre o " cavalo de troia generic15.AZYM ". Fiquei a saber que é generic porque será(?) ainda desconhecido(ou novo!!).

Neste momento baixei (julgo que é assim que se diz por aí...)um aplicacional da Microsoft (Microsoft OneCare) que me está a efectuar a verificação de todo o PC e que neste mesmo momento tem a informação de que já detectou " 6 itens, 4 problemas encontrados".

Já instalei o "HijackThis" e vou anexar o log obtido, na esperança de uma resposta sua que me faça alegrar (espero eu!!!)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:54:19, on 30-12-2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Programas\AVG\AVG9\avgchsvx.exe

C:\Programas\AVG\AVG9\avgrsx.exe

C:\Programas\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Programas\AVG\AVG9\avgwdsvc.exe

C:\Programas\Bonjour\mDNSResponder.exe

C:\Programas\AVG\AVG9\avgnsx.exe

C:\Programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Programas\CyberLink\Shared files\RichVideo.exe

C:\Programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe

C:\Programas\iTunes\iTunesHelper.exe

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Programas\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programas\Ficheiros comuns\Ahead\Lib\NMBgMonitor.exe

C:\Programas\uTorrent\uTorrent.exe

C:\Programas\Ficheiros comuns\Ahead\Lib\NMIndexingService.exe

C:\Programas\Ficheiros comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\Programas\iPod\bin\iPodService.exe

C:\Programas\Mozilla Firefox 3.5 Beta 4\firefox.exe

C:\ARQUIVO DE PROGRAMAS\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programas\AVG\AVG9\Toolbar\IEToolbar.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programas\real\realplayer\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programas\AVG\AVG9\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programas\AVG\AVG9\Toolbar\IEToolbar.dll

O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programas\AVG\AVG9\Toolbar\IEToolbar.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [drivevideo] "C:\DOCUME~1\WINDOW~1\APPLIC~1\spoolsv.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [system Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S

O4 - HKLM\..\Run: [TkBellExe] "C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Programas\Ficheiros comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TrojanScanner] C:\Programas\Trojan Remover\Trjscan.exe /boot

O4 - HKLM\..\RunOnce: [AVG Security Toolbar_updateprocess] "C:\Programas\AVG\AVG9\Toolbar\Update\igt86.tmp.dir\ToolbarBroker.exe" /PROCESSBOOTUPDATE "C:\Programas\AVG\AVG9\Toolbar\"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programas\Ficheiros comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [uTorrent] "C:\Programas\uTorrent\uTorrent.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Baixar Usando &BitSpirit - C:\Programas\BitSpirit\bsurl.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Publicar em Blogue - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Publicar no Blogue no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase8942.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programas\AVG\AVG9\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O20 - Winlogon Notify: cbssreg - C:\Documents and Settings\All Users\Documentos\Settings\cbss.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Programas\AVG\AVG9\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Programas\Bonjour\mDNSResponder.exe

O23 - Service: Serviço Google Update (gupdate1ca7799a0f5f73a) (gupdate1ca7799a0f5f73a) - Google Inc. - C:\Programas\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programas\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Programas\Ficheiros comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programas\CyberLink\Shared files\RichVideo.exe

O23 - Service: ServiceLayer - Nokia. - C:\Programas\PC Connectivity Solution\ServiceLayer.exe

 

--

End of file - 10672 bytes

 

Cá está.

Uma vez mais obrigado pela sua atenção e aquele abraço.

 

Frederico

[DigRam 144]

Boa Noite! frederico ventura

 

<@> Baixe: < >

 

<@> < Link - 2 >

 

<@> < Link - 3 >

 

<@> Atualize o programa!

<@> Escolha o escaneamento Completo!

<@> Desabilite programas de proteção,ao executar o malwarebytes.

<@> Ps: Para determinadas infecções,a ferramenta pedirá reboot. <-- Confirme!

<@> Procure enviar os ítens detectados para a quarentena,clicando em Remover itens.

<@> Para maiores detalhes: < Link >

<@> Poste: mbam-log-2009-xx-xx (00-00-00).txt

°°°°°°°°°°°°°°°°°°°°°

°°°°°°°°°°°°°°°°°°°°°

<@> Baixe: < > ( ...by OldTimer Tools )

<@> Salve-o no desktop!

 

 

<@> Segundo a imagem,mude a opção em "Output" para "Minimal Output".

<@> Duplo-clique em OTL.exe --> Marque a opção "Scan All Users".

<@> Marque as caixas:

 

<!> [] LOP check e [] Purity check

 

<@> Clique em: < > --> Aguarde!

<@> Poste:

 

<1> OTL.txt <--

<2> Extra.txt <--

 

Abraços!

[frederico ventura 0]

Bem meu caro DigRam, cá vai o log obtido após scaneamento do malwarebytes. Entretanto efectuei reboot ao PC, mas logo após apareceu aviso do AVG do mesmo problema!!!

 

 

Malwarebytes' Anti-Malware 1.43

Versão do banco de dados: 3459

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

31-12-2009 1:43:53

mbam-log-2009-12-31 (01-43-53).txt

 

Tipo de Verificação: Completa (C:\|H:\|)

Objetos verificados: 271522

Tempo decorrido: 1 hour(s), 19 minute(s), 57 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 1

Chaves do Registo infectadas: 10

Valores do Registo infectados: 0

Ítens do Registo infectados: 3

Pastas infectadas: 1

Ficheiros infectados: 4

 

Processos da Memória infectados:

(Nenhum item malicioso foi detectado)

 

Módulos de Memória Infectados:

C:\Documents and Settings\All Users\Documentos\Settings\cbss.dll (Trojan.Agent) -> Delete on reboot.

 

Chaves do Registo infectadas:

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\ByteLinker (PUP.BitSpirit) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbssreg (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.

 

Valores do Registo infectados:

(Nenhum item malicioso foi detectado)

 

Ítens do Registo infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

 

Pastas infectadas:

C:\WINDOWS\system32\lowsec (Stolen.data) -> Quarantined and deleted successfully.

 

Ficheiros infectados:

C:\Documents and Settings\TÓ\Os meus documentos\Software\SURF-Viajar na NET anónimo\u94.exe (HackTool.Proxy) -> Quarantined and deleted successfully.

C:\Documents and Settings\Windows XP\Os meus documentos\Downloads\install_flash_player.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Documentos\Settings\cbss.dll (Trojan.Agent) -> Delete on reboot.

 

 

 

Vou agora proceder ao resto das suas recomendações...

Já agora gostaria de dizer que o virus que está a aparecer, segundo o AVG estará no seguinte caminho: C:\WINDOWS\system32\svchost.exe e de 5 em 5 minutos recebo a informação da protecção residente do meu AVG de "Ameaça removida" para quarentena, mas na janela da quarentena não tem lá nada...

 

ORA CÁ VAI...

 

 

1--->

 

 

OTL logfile created on: 31-12-2009 2:07:48 - Run 1

OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\TÓ\Ambiente de trabalho

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000816 | Country: Portugal | Language: PTG | Date Format: dd-MM-yyyy

 

1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 61,00% Memory free

3,00 Gb Paging File | 3,00 Gb Available in Paging File | 86,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programas

Drive C: | 182,22 Gb Total Space | 41,52 Gb Free Space | 22,79% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

Drive H: | 4,07 Gb Total Space | 0,37 Gb Free Space | 9,14% Space Free | Partition Type: FAT32

I: Drive not present or media not loaded

 

Computer Name: 8C055DE73DD440B

Current User Name: TÓ

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 

========== Processes (SafeList) ==========

 

PRC - C:\Documents and Settings\TÓ\Ambiente de trabalho\OTL.exe (OldTimer Tools)

PRC - C:\Programas\Mozilla Firefox 3.5 Beta 4\firefox.exe (Mozilla Corporation)

PRC - C:\Programas\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Programas\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Programas\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Programas\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

PRC - C:\Programas\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Programas\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Programas\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Programas\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)

PRC - C:\Programas\Bonjour\mDNSResponder.exe (Apple Inc.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Programas\CyberLink\Shared files\RichVideo.exe ()

 

 

========== Modules (SafeList) ==========

 

MOD - C:\Documents and Settings\TÓ\Ambiente de trabalho\OTL.exe (OldTimer Tools)

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (JavaQuickStarterService) -- C:\Programas\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

SRV - (gupdate1ca7799a0f5f73a) Serviço Google Update (gupdate1ca7799a0f5f73a) -- C:\Programas\Google\Update\GoogleUpdate.exe (Google Inc.)

SRV - (avg9wd) -- C:\Programas\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (iPod Service) -- C:\Programas\iPod\bin\iPodService.exe (Apple Inc.)

SRV - (ServiceLayer) -- C:\Programas\PC Connectivity Solution\ServiceLayer.exe (Nokia.)

SRV - (Apple Mobile Device) -- C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (SeaPort) -- C:\Programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

SRV - (NVSvc) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)

SRV - (Bonjour Service) -- C:\Programas\Bonjour\mDNSResponder.exe (Apple Inc.)

SRV - (odserv) -- C:\Programas\Ficheiros comuns\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)

SRV - (Microsoft Office Groove Audit Service) -- C:\Programas\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)

SRV - (NBService) -- C:\Programas\Nero\Nero 7\Nero BackItUp\NBService.exe (Nero AG)

SRV - (NMIndexingService) -- C:\Programas\Ficheiros comuns\Ahead\Lib\NMIndexingService.exe (Nero AG)

SRV - (ose) -- C:\Programas\Ficheiros comuns\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (RichVideo) Cyberlink RichVideo Service(CRVS) -- C:\Programas\CyberLink\Shared files\RichVideo.exe ()

SRV - (IDriverT) -- C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (pcouffin) -- C:\WINDOWS\system32\drivers\pcouffin.sys (VSO Software)

DRV - (USBAAPL) -- C:\WINDOWS\system32\drivers\usbaapl.sys (Apple, Inc.)

DRV - (GEARAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)

DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)

DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)

DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)

DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)

DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)

DRV - (usbser) -- C:\WINDOWS\system32\drivers\usbser.sys (Microsoft Corporation)

DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)

DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)

DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows ® Server 2003 DDK provider)

DRV - (WN5401) -- C:\WINDOWS\system32\drivers\wn5401.sys (Liteon Technology Corp.)

DRV - (Cap7134) -- C:\WINDOWS\system32\drivers\Cap7134.sys (ASUSTek)

DRV - (PhTVTune) -- C:\WINDOWS\system32\drivers\PhTVTune.sys (ASUSTek)

DRV - (rtl8139) Controlador NT de placa Fast Ethernet baseada na Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

 

 

IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programas\AVG\AVG9\Toolbar\IEToolbar.dll ()

IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programas\AVG\AVG9\Toolbar\IEToolbar.dll ()

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-2052111302-484061587-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://pt.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-2052111302-484061587-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt

IE - HKU\S-1-5-21-2052111302-484061587-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 34 27 73 1B C3 E6 C9 01 [binary data]

IE - HKU\S-1-5-21-2052111302-484061587-682003330-1005\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programas\AVG\AVG9\Toolbar\IEToolbar.dll ()

IE - HKU\S-1-5-21-2052111302-484061587-682003330-1005\S-1-5-21-2052111302-484061587-682003330-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2052111302-484061587-682003330-1005\S-1-5-21-2052111302-484061587-682003330-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"

FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"

FF - prefs.js..browser.startup.homepage: "http://www.sapo.pt/"

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.716

FF - prefs.js..extensions.enabledItems: avg@igeared:3.011.025.005

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2

FF - prefs.js..extensions.enabledItems: 4

FF - prefs.js..extensions.enabledItems: 9

FF - prefs.js..extensions.enabledItems: 1

FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p="

 

FF - HKLM\software\mozilla\Firefox\extensions\\bkmrksync@nokia.com: C:\Programas\Nokia\Nokia PC Suite 7\bkmrksync\ [2009-09-22 20:34:52 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Programas\AVG\AVG9\Firefox [2009-12-12 11:15:09 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\extensions\\avg@igeared: C:\Programas\AVG\AVG9\Toolbar\Firefox\avg@igeared [2009-12-16 14:16:06 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Programas\Mozilla Firefox 3.5 Beta 4\components [2009-12-31 00:04:37 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Programas\Mozilla Firefox 3.5 Beta 4\plugins [2009-12-31 00:04:41 | 00,000,000 | ---D | M]

 

[2009-06-07 01:34:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TÓ\Application Data\mozilla\Extensions

[2009-12-30 18:07:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TÓ\Application Data\mozilla\Firefox\Profiles\rtq8eo67.default\extensions

[2009-11-12 00:01:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TÓ\Application Data\mozilla\Firefox\Profiles\rtq8eo67.default\extensions\firefox@tvunetworks.com

 

O1 HOSTS File: (366603 bytes) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 12614 more lines...

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programas\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programas\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programas\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (Programa Auxiliar de Início de Sessão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programas\AVG\AVG9\Toolbar\IEToolbar.dll ()

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programas\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programas\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programas\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programas\AVG\AVG9\Toolbar\IEToolbar.dll ()

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programas\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programas\AVG\AVG9\Toolbar\IEToolbar.dll ()

O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programas\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programas\AVG\AVG9\Toolbar\IEToolbar.dll ()

O3 - HKU\S-1-5-21-2052111302-484061587-682003330-1005\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programas\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKU\S-1-5-21-2052111302-484061587-682003330-1005\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programas\AVG\AVG9\Toolbar\IEToolbar.dll ()

O4 - HKLM..\Run: [AVG9_TRAY] C:\Programas\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Programas\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [TrojanScanner] C:\Programas\Trojan Remover\Trjscan.exe (Simply Super Software)

O4 - HKU\.DEFAULT..\Run: [ZagrebLand] C:\WINDOWS\TEMP\c.exe File not found

O4 - HKU\S-1-5-18..\Run: [ZagrebLand] C:\WINDOWS\TEMP\c.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-2052111302-484061587-682003330-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Baixar Usando &BitSpirit - C:\Programas\BitSpirit\bsurl.htm ()

O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Programas\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Publicar em Blogue - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programas\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Publicar no Blogue no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programas\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programas\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programas\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programas\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programas\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programas\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKU\S-1-5-21-2052111302-484061587-682003330-1005\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab (Windows Live Safety Center Base Module)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programas\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programas\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programas\Ficheiros comuns\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programas\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programas\Ficheiros comuns\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O24 - Desktop Components:0 (A minha home page actual) - About:Home

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programas\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2001-07-27 20:07:38 | 00,000,000 | -HS- | M] () - H:\AUTOEXEC.BAT -- [ FAT32 ]

O32 - AutoRun File - [2004-04-30 12:01:14 | 00,000,053 | -HS- | M] () - H:\Autorun.inf -- [ FAT32 ]

O32 - AutoRun File - [2004-04-30 16:01:14 | 00,000,053 | -HS- | M] () - H:\AUTORUN.FCB -- [ FAT32 ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*

 

========== Files/Folders - Created Within 30 Days ==========

 

[2009-12-31 02:03:33 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\TÓ\Ambiente de trabalho\OTL.exe

[2009-12-30 23:59:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TÓ\Application Data\Malwarebytes

[2009-12-30 23:59:54 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009-12-30 23:59:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2009-12-30 23:59:51 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009-12-30 23:59:51 | 00,000,000 | ---D | C] -- C:\Programas\Malwarebytes' Anti-Malware

[2009-12-30 23:21:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TÓ\Ambiente de trabalho\KASPERSKY VIRUS REMOVAL TOOL

[2009-12-30 22:51:01 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\TÓ\Recent

[2009-12-30 21:58:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TÓ\Ambiente de trabalho\MICROSOFT SECURITY ESSENTIALS

[2009-12-30 21:57:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TÓ\Ambiente de trabalho\FERRAMENTA REMOÇÃO SOFTWARE MALICIOSO MICROSOFT

[2009-12-30 21:15:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TÓ\Definições locais\Application Data\Help

[2009-12-30 21:15:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TÓ\Application Data\Help

[2009-12-30 19:50:13 | 00,000,000 | ---D | C] -- C:\ARQUIVO DE PROGRAMAS

[2009-12-29 22:50:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan

[2009-12-29 22:49:55 | 00,000,000 | ---D | C] -- C:\Programas\Security Task Manager

[2009-12-29 22:23:59 | 00,000,000 | ---D | C] -- C:\Programas\CCleaner

[2009-12-29 14:34:27 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ztvcabinet.dll

[2009-12-29 14:34:25 | 00,000,000 | ---D | C] -- C:\Programas\Trojan Remover

[2009-12-29 14:34:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TÓ\Os meus documentos\Simply Super Software

[2009-12-29 14:34:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TÓ\Application Data\Simply Super Software

[2009-12-29 14:34:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software

[2009-12-23 17:37:26 | 00,298,496 | ---- | C] (InstallShield Corporation, Inc.) -- C:\WINDOWS\unin0416.exe

[2009-12-23 01:12:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TÓ\Application Data\dvdcss

[2009-12-23 01:09:58 | 00,000,000 | ---D | C] -- C:\Programas\VideoLAN

[2009-12-22 00:04:02 | 00,000,000 | ---D | C] -- C:\Programas\uTorrent

[2009-12-22 00:01:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TÓ\Application Data\uTorrent

[2009-12-19 12:53:23 | 00,000,000 | ---D | C] -- C:\Programas\Ficheiros comuns\Nero

[2009-12-17 13:50:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

[2009-12-17 13:50:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

[2009-12-15 13:12:03 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Documentos\Settings

[2009-12-12 20:25:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2009-12-12 20:09:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\TÓ\Os meus documentos\Os meus ficheiros recebidos

[2009-12-09 23:13:37 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2009-12-09 23:13:37 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2009-12-09 23:13:37 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2009-12-09 23:13:37 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl

[2009-12-08 00:22:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Definições locais\Application Data\Google

[2009-12-08 00:01:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Definições locais\Application Data\Google

[2009-12-08 00:01:32 | 00,000,000 | ---D | C] -- C:\Programas\Google

[2009-12-06 12:58:22 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF

[2009-10-05 14:08:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Definições locais\Application Data\Microsoft

[2009-06-09 23:59:13 | 00,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\TÓ\Application Data\pcouffin.sys

[2009-06-05 12:04:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Definições locais\Application Data\Apple

[2009-05-31 19:09:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Definições locais\Application Data\Microsoft

[2009-05-22 14:30:23 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

[2009-05-22 14:30:06 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft

 

========== Files - Modified Within 30 Days ==========

 

[2009-12-31 02:03:40 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\TÓ\Ambiente de trabalho\OTL.exe

[2009-12-31 01:46:49 | 00,210,919 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2009-12-31 01:46:40 | 00,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2009-12-31 01:46:22 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009-12-31 01:46:15 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009-12-31 01:45:24 | 09,699,328 | -H-- | M] () -- C:\Documents and Settings\TÓ\NTUSER.DAT

[2009-12-31 01:42:04 | 00,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8AFBCEC2-1D39-4C8E-88C5-8B5FA1858177}.job

[2009-12-31 01:22:04 | 00,001,002 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2009-12-31 00:09:23 | 00,276,248 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009-12-30 23:59:56 | 00,000,676 | ---- | M] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\Malwarebytes' Anti-Malware.lnk

[2009-12-30 22:49:08 | 00,000,164 | ---- | M] () -- C:\Documents and Settings\TÓ\Os meus documentos\cc_20091230_224900.reg

[2009-12-30 22:48:20 | 00,000,994 | ---- | M] () -- C:\Documents and Settings\TÓ\Os meus documentos\cc_20091230_224813.reg

[2009-12-30 22:47:37 | 00,087,654 | ---- | M] () -- C:\Documents and Settings\TÓ\Os meus documentos\cc_20091230_224712.reg

[2009-12-30 22:34:08 | 00,001,512 | ---- | M] () -- C:\Documents and Settings\TÓ\Ambiente de trabalho\CCleaner.lnk

[2009-12-30 15:21:53 | 00,000,188 | -HS- | M] () -- C:\Documents and Settings\TÓ\ntuser.ini

[2009-12-30 15:06:09 | 00,000,199 | ---- | M] () -- C:\Documents and Settings\TÓ\default.pls

[2009-12-30 15:06:08 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2009-12-30 14:55:24 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009-12-30 14:54:58 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009-12-30 11:38:44 | 47,219,801 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2009-12-29 22:49:17 | 01,709,408 | ---- | M] () -- C:\Documents and Settings\TÓ\Ambiente de trabalho\taskmanager17.exe

[2009-12-29 20:31:01 | 00,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2009-12-29 19:23:50 | 00,128,231 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg

[2009-12-29 14:34:35 | 00,000,798 | ---- | M] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\Trojan Remover.lnk

[2009-12-26 21:27:54 | 00,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atapi.sys

[2009-12-26 20:06:22 | 00,000,909 | ---- | M] () -- C:\Documents and Settings\TÓ\Ambiente de trabalho\hjsplit.lnk

[2009-12-23 23:04:05 | 00,000,889 | ---- | M] () -- C:\Documents and Settings\TÓ\Ambiente de trabalho\Revo Uninstaller.lnk

[2009-12-23 16:25:35 | 00,001,080 | ---- | M] () -- C:\WINDOWS\AUTOLNCH.REG

[2009-12-23 00:35:28 | 00,072,192 | ---- | M] () -- C:\Documents and Settings\TÓ\Definições locais\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009-12-22 00:04:04 | 00,000,610 | ---- | M] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\µTorrent.lnk

[2009-12-20 22:51:17 | 00,071,240 | ---- | M] () -- C:\Documents and Settings\TÓ\Definições locais\Application Data\GDIPFONTCACHEV1.DAT

[2009-12-19 00:00:44 | 00,366,603 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2009-12-18 22:19:25 | 00,000,202 | ---- | M] () -- C:\WINDOWS\wininit.ini

[2009-12-14 22:47:17 | 00,000,572 | ---- | M] () -- C:\WINDOWS\win.ini

[2009-12-13 19:49:30 | 01,084,404 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2009-12-13 19:49:30 | 00,486,148 | ---- | M] () -- C:\WINDOWS\System32\perfh016.dat

[2009-12-13 19:49:30 | 00,435,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2009-12-13 19:49:30 | 00,082,794 | ---- | M] () -- C:\WINDOWS\System32\perfc016.dat

[2009-12-13 19:49:30 | 00,068,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2009-12-11 19:05:33 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009-12-10 22:18:14 | 00,362,943 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091219-000043.backup

[2009-12-09 23:13:19 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll

[2009-12-09 23:13:19 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2009-12-09 23:13:19 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2009-12-09 23:13:19 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2009-12-09 23:13:19 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl

 

========== Files Created - No Company Name ==========

 

[2009-12-30 23:59:56 | 00,000,676 | ---- | C] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\Malwarebytes' Anti-Malware.lnk

[2009-12-30 22:49:02 | 00,000,164 | ---- | C] () -- C:\Documents and Settings\TÓ\Os meus documentos\cc_20091230_224900.reg

[2009-12-30 22:48:17 | 00,000,994 | ---- | C] () -- C:\Documents and Settings\TÓ\Os meus documentos\cc_20091230_224813.reg

[2009-12-30 22:47:21 | 00,087,654 | ---- | C] () -- C:\Documents and Settings\TÓ\Os meus documentos\cc_20091230_224712.reg

[2009-12-30 22:34:08 | 00,001,512 | ---- | C] () -- C:\Documents and Settings\TÓ\Ambiente de trabalho\CCleaner.lnk

[2009-12-29 22:48:14 | 01,709,408 | ---- | C] () -- C:\Documents and Settings\TÓ\Ambiente de trabalho\taskmanager17.exe

[2009-12-29 14:34:35 | 00,000,798 | ---- | C] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\Trojan Remover.lnk

[2009-12-29 14:34:27 | 00,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll

[2009-12-29 14:34:27 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll

[2009-12-29 14:34:27 | 00,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll

[2009-12-29 14:34:27 | 00,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll

[2009-12-26 20:06:22 | 00,000,909 | ---- | C] () -- C:\Documents and Settings\TÓ\Ambiente de trabalho\hjsplit.lnk

[2009-12-23 23:04:05 | 00,000,889 | ---- | C] () -- C:\Documents and Settings\TÓ\Ambiente de trabalho\Revo Uninstaller.lnk

[2009-12-22 00:04:04 | 00,000,610 | ---- | C] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\µTorrent.lnk

[2009-12-18 22:19:24 | 00,000,202 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2009-12-08 00:17:26 | 00,001,002 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2009-12-08 00:17:26 | 00,000,998 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2009-08-22 21:30:28 | 00,306,688 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll

[2009-08-22 21:30:28 | 00,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll

[2009-07-12 23:13:02 | 00,000,396 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2009-06-25 10:55:19 | 00,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2009-06-25 10:55:19 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini

[2009-06-25 10:55:18 | 00,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2009-06-25 10:55:18 | 00,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2009-06-25 10:55:17 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2009-06-25 10:55:16 | 00,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2009-06-10 00:23:47 | 00,004,938 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ypkpiykb.yyr

[2009-06-09 23:59:18 | 00,000,033 | ---- | C] () -- C:\Documents and Settings\TÓ\Application Data\pcouffin.log

[2009-06-09 23:59:13 | 00,087,608 | ---- | C] () -- C:\Documents and Settings\TÓ\Application Data\ezpinst.exe

[2009-06-09 23:59:13 | 00,001,144 | ---- | C] () -- C:\Documents and Settings\TÓ\Application Data\pcouffin.inf

[2009-06-09 23:59:13 | 00,001,074 | ---- | C] () -- C:\Documents and Settings\TÓ\Application Data\pcouffin.cat

[2009-06-09 23:49:51 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\AVERM.dll

[2009-06-06 14:36:19 | 00,072,192 | ---- | C] () -- C:\Documents and Settings\TÓ\Definições locais\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009-05-24 16:59:41 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2009-05-22 15:47:48 | 00,012,953 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2009-05-22 15:47:35 | 00,012,536 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2009-02-09 12:18:00 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2009-02-09 12:18:00 | 01,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2009-02-09 12:18:00 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2009-02-09 12:18:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2008-09-12 15:21:02 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest

 

========== LOP Check ==========

 

[2009-11-07 19:44:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar

[2009-12-30 12:57:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9

[2009-09-22 20:31:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations

[2009-09-22 20:30:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations

[2009-09-22 20:50:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite

[2009-12-30 23:29:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan

[2009-12-29 14:34:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software

[2009-12-30 22:08:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2009-09-13 14:51:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2009-05-24 14:53:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

[2009-11-17 20:17:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Convidado\Application Data\Nokia

[2009-09-26 13:38:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Convidado\Application Data\PC Suite

[2009-11-07 19:43:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Marco\Application Data\PC Suite

[2009-12-30 02:41:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Marco\Application Data\uTorrent

[2009-12-30 12:15:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Pedro\Application Data\Simply Super Software

[2009-11-27 23:37:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TÓ\Application Data\BitSpirit

[2009-12-05 23:15:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TÓ\Application Data\LimeWire

[2009-09-22 22:51:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TÓ\Application Data\Nokia

[2009-09-22 20:50:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TÓ\Application Data\PC Suite

[2009-12-29 14:34:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TÓ\Application Data\Simply Super Software

[2009-12-30 20:38:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TÓ\Application Data\uTorrent

[2009-06-10 00:35:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\TÓ\Application Data\Vso

[2009-12-31 01:42:04 | 00,000,428 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{8AFBCEC2-1D39-4C8E-88C5-8B5FA1858177}.job

 

========== Purity Check ==========

 

 

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9

< End of report >

 

 

 

2--->

 

 

OTL Extras logfile created on: 31-12-2009 2:07:49 - Run 1

OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\TÓ\Ambiente de trabalho

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000816 | Country: Portugal | Language: PTG | Date Format: dd-MM-yyyy

 

1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 61,00% Memory free

3,00 Gb Paging File | 3,00 Gb Available in Paging File | 86,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programas

Drive C: | 182,22 Gb Total Space | 41,52 Gb Free Space | 22,79% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

Drive H: | 4,07 Gb Total Space | 0,37 Gb Free Space | 9,14% Space Free | Partition Type: FAT32

I: Drive not present or media not loaded

 

Computer Name: 8C055DE73DD440B

Current User Name: TÓ

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- C:\Programas\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-2052111302-484061587-682003330-1005\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Programas\Mozilla Firefox 3.5 Beta 4\firefox.exe (Mozilla Corporation)

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Programas\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [open] -- "C:\Programas\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

htmlfile [opennew] -- "C:\Programas\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Programas\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

http [open] -- "C:\Programas\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

https [open] -- "C:\Programas\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Programas\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Programas\Internet Explorer\iexplore.exe" (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

 

========== Authorized Applications List ==========

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour

"{0C973594-7DDF-4BD0-84ED-3517F7622037}" = PC Connectivity Solution

"{1965B596-3CA8-4AED-AF1F-91D48A47F4DE}" = Windows Live Toolbar

"{1FCC8C70-66B9-420D-942C-2C2A8441C744}" = Imperial Glory

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live

"{20B05668-C9F0-4469-AEF4-14DF41D6ACB6}" = Windows Live Messenger

"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java 6 Update 17

"{28DA1AA2-07F2-4451-A28B-A6A01A9CE8E9}" = Assistente de Início de Sessão do Windows Live

"{34795BBE-39E4-41B6-997A-B88FD7306562}" = Windows Live Sync

"{350C9816-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3D39E775-DDDA-4327-B747-0BDC5F191331}" = Nokia PC Suite

"{418001D0-F48E-4910-966C-0DCCC996A87A}" = Windows Live Call

"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack

"{50CEA963-2745-46A8-BE71-767F2B36FEF2}" = Windows Live Essentials

"{52D02A2B-03D2-4E34-A358-DC5D951FD296}" = Nokia Connectivity Cable Driver

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart

"{7BA57438-E0E4-46D1-9161-480FFB76FB62}" = Windows Live Writer

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

"{90120000-0010-0816-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Portuguese (Portugal)) 12

"{90120000-0015-0816-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Portugal)) 2007

"{90120000-0015-0816-0000-0000000FF1CE}_ENTERPRISE_{C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0816-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Portugal)) 2007

"{90120000-0016-0816-0000-0000000FF1CE}_ENTERPRISE_{C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0816-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Portugal)) 2007

"{90120000-0018-0816-0000-0000000FF1CE}_ENTERPRISE_{C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0816-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Portugal)) 2007

"{90120000-0019-0816-0000-0000000FF1CE}_ENTERPRISE_{C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0816-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Portugal)) 2007

"{90120000-001A-0816-0000-0000000FF1CE}_ENTERPRISE_{C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0816-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Portugal)) 2007

"{90120000-001B-0816-0000-0000000FF1CE}_ENTERPRISE_{C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0816-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Portugal)) 2007

"{90120000-001F-0816-0000-0000000FF1CE}_ENTERPRISE_{C312E1CD-EC19-4270-A072-F36F634DFF79}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0816-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Portugal)) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-0044-0816-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Portugal)) 2007

"{90120000-0044-0816-0000-0000000FF1CE}_ENTERPRISE_{C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0816-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Portugal)) 2007

"{90120000-006E-0816-0000-0000000FF1CE}_ENTERPRISE_{A8523DA4-5563-4F0E-BD9D-4E4CC3CF7239}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0816-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Portugal)) 2007

"{90120000-00A1-0816-0000-0000000FF1CE}_ENTERPRISE_{C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00BA-0816-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Portugal)) 2007

"{90120000-00BA-0816-0000-0000000FF1CE}_ENTERPRISE_{C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91C0B95B-B83A-4828-A775-BBE2DD422070}" = Nero 7 Premium

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support

"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2

"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center

"{B37F12C4-1ED6-4E72-99CD-8D9415FE6A06}" = Galeria de Fotografias do Windows Live

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support

"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes

"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

"{E5B86403-C054-400B-86F5-7F1D66FBDDC6}" = Windows Live Mail

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"504244733D18C8F63FF584AEB290E3904E791693" = Pacote de controladores do Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"AVG9Uninstall" = AVG Free 9.0

"BitSpirit_is1" = BitSpirit v3.6.0.330 Stable

"CCleaner" = CCleaner

"E8A6D621B6D3FC5D43C68C549D959DE76EEF5D84" = Pacote de controladores do Windows - Nokia Modem (06/01/2009 4.1)

"ENTERPRISE" = Microsoft Office Enterprise 2007

"F779F5541ABD99C95C03B0FD5E3C058B22DA0FF7" = Pacote de controladores do Windows - Nokia Modem (06/01/2009 7.01.0.3)

"FlyakiteOSX" = FlyakiteOSX

"HijackThis" = HijackThis 2.0.2

"HP PrecisionScan LTX" = HP PrecisionScan LTX

"ie8" = Windows Internet Explorer 8

"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X

"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.9.0

"KMPlayer Plus 1.00" = KMPlayer Plus 1.00

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)

"Nokia PC Suite" = Nokia PC Suite

"NVIDIA Drivers" = NVIDIA Drivers

"Revo Uninstaller" = Revo Uninstaller 1.85

"Security Task Manager" = Security Task Manager 1.7h

"Trojan Remover_is1" = Trojan Remover 6.8.1

"uTorrent" = µTorrent

"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

"Win AVI HelixSDK_is1" = Win AVI HelixSDK

"WinAVI Video Converter_is1" = WinAVI Video Converter

"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = WinRAR archiver

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-2052111302-484061587-682003330-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 20-12-2009 10:22:14 | Computer Name = 8C055DE73DD440B | Source = Google Update | ID = 20

Description =

 

Error - 21-12-2009 4:30:53 | Computer Name = 8C055DE73DD440B | Source = Application Hang | ID = 1002

Description = A desligar a aplicação BitSpirit.exe, versão 3.6.0.330, modulo de

desligar hungapp, versão 0.0.0.0, endereço de desligar 0x00000000.

 

Error - 24-12-2009 21:25:39 | Computer Name = 8C055DE73DD440B | Source = Application Hang | ID = 1002

Description = A desligar a aplicação wmplayer.exe, versão 11.0.5358.4827, modulo

de desligar hungapp, versão 0.0.0.0, endereço de desligar 0x00000000.

 

Error - 25-12-2009 21:01:08 | Computer Name = 8C055DE73DD440B | Source = Application Hang | ID = 1002

Description = A desligar a aplicação iexplore.exe, versão 8.0.6001.18702, modulo

de desligar hungapp, versão 0.0.0.0, endereço de desligar 0x00000000.

 

Error - 25-12-2009 21:01:09 | Computer Name = 8C055DE73DD440B | Source = Application Hang | ID = 1002

Description = A desligar a aplicação iexplore.exe, versão 8.0.6001.18702, modulo

de desligar hungapp, versão 0.0.0.0, endereço de desligar 0x00000000.

 

Error - 26-12-2009 16:05:32 | Computer Name = 8C055DE73DD440B | Source = Application Hang | ID = 1002

Description = A desligar a aplicação hjsplit.exe, versão 2.3.0.0, modulo de desligar

hungapp, versão 0.0.0.0, endereço de desligar 0x00000000.

 

Error - 30-12-2009 9:52:06 | Computer Name = 8C055DE73DD440B | Source = Application Hang | ID = 1002

Description = A desligar a aplicação ShowTime.exe, versão 3.10.1.0, modulo de desligar

hungapp, versão 0.0.0.0, endereço de desligar 0x00000000.

 

Error - 30-12-2009 9:54:15 | Computer Name = 8C055DE73DD440B | Source = EventSystem | ID = 4609

Description = O sistema de registo de eventos do COM+ detectou um código devolvido

inválido durante o respectivo processamento interno. O HRESULT é 800706BF na linha

44 de d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Contacte o suporte

técnico da Microsoft para comunicar este err

 

Error - 30-12-2009 16:37:23 | Computer Name = 8C055DE73DD440B | Source = Application Error | ID = 1000

Description = Aplicação em falha explorer.exe, versão 6.0.2900.5512, módulo em falha

unknown, versão 0.0.0.0, endereço em falha 0x029429c0.

 

Error - 30-12-2009 22:06:40 | Computer Name = 8C055DE73DD440B | Source = Application Hang | ID = 1002

Description = A desligar a aplicação OTL.exe, versão 3.1.20.1, modulo de desligar

hungapp, versão 0.0.0.0, endereço de desligar 0x00000000.

 

[ OSession Events ]

Error - 10-10-2009 10:00:48 | Computer Name = 8C055DE73DD440B | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 44

seconds with 0 seconds of active time. This session ended with a crash.

 

Error - 12-11-2009 17:27:38 | Computer Name = 8C055DE73DD440B | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 16

seconds with 0 seconds of active time. This session ended with a crash.

 

[ System Events ]

Error - 30-12-2009 13:34:43 | Computer Name = 8C055DE73DD440B | Source = Service Control Manager | ID = 7023

Description = O serviço SSHNAS terminou com o seguinte erro: %%2

 

Error - 30-12-2009 13:34:43 | Computer Name = 8C055DE73DD440B | Source = Service Control Manager | ID = 7023

Description = O serviço Browser de computador terminou com o seguinte erro: %%1060

 

Error - 30-12-2009 20:09:51 | Computer Name = 8C055DE73DD440B | Source = Ftdisk | ID = 262189

Description = O sistema não conseguiu carregar com êxito o controlador de informação

de falha de sistema.

 

Error - 30-12-2009 20:09:51 | Computer Name = 8C055DE73DD440B | Source = Ftdisk | ID = 262193

Description = A configurar o ficheiro de página porque a informação de falha de

sistema falhou. Certifique-se de que existe um ficheiro de página na partição de

arranque e de que esta é suficientemente grande para conter toda a memória física.

 

Error - 30-12-2009 20:10:58 | Computer Name = 8C055DE73DD440B | Source = Service Control Manager | ID = 7023

Description = O serviço SSHNAS terminou com o seguinte erro: %%2

 

Error - 30-12-2009 20:10:58 | Computer Name = 8C055DE73DD440B | Source = Service Control Manager | ID = 7023

Description = O serviço Browser de computador terminou com o seguinte erro: %%1060

 

Error - 30-12-2009 21:46:40 | Computer Name = 8C055DE73DD440B | Source = Ftdisk | ID = 262189

Description = O sistema não conseguiu carregar com êxito o controlador de informação

de falha de sistema.

 

Error - 30-12-2009 21:46:40 | Computer Name = 8C055DE73DD440B | Source = Ftdisk | ID = 262193

Description = A configurar o ficheiro de página porque a informação de falha de

sistema falhou. Certifique-se de que existe um ficheiro de página na partição de

arranque e de que esta é suficientemente grande para conter toda a memória física.

 

Error - 30-12-2009 21:47:46 | Computer Name = 8C055DE73DD440B | Source = Service Control Manager | ID = 7023

Description = O serviço Browser de computador terminou com o seguinte erro: %%1060

 

Error - 30-12-2009 21:47:46 | Computer Name = 8C055DE73DD440B | Source = Service Control Manager | ID = 7026

Description = Falhou o carregamento dos seguintes controladores de início de arranque

ou de início do sistema: PCIIde

 

 

< End of report >

[DigRam 144]

Bom Dia! frederico ventura

 

<!> Desinstale: Trojan Remover 6.8.1

°°°°°°°°°°°°°°°°°°°°°

°°°°°°°°°°°°°°°°°°°°°

<@> Abra o Spybot Search & Destroy!

<@> No menu superior,vá em Modo e selecione a opção Avançado. --> Confirme!

<@> Clique no botão Ferramentas e depois em Residente.

<@> Desmarque a opção: Ativar "TeaTimer" do Residente. ( Proteção geral das configurações de sistema )

°°°°°°°°°°°°°°°°°°°°°

°°°°°°°°°°°°°°°°°°°°°

<@> Desabilite a residente do AVG9: Acesse a interface de usuário,dê um duplo clique no ícone da Proteção Residente e desmarque a opção de proteção residente ativa.

°°°°°°°°°°°°°°°°°°°°°

°°°°°°°°°°°°°°°°°°°°°

<@> Execute o OTL.exe.

<@> Copie estas informações que estão no Quote,para o campo clipboard da ferramenta. ( Custom Scans/Fixes )

 

:OTL

O4 - HKU\.DEFAULT..\Run: [ZagrebLand] C:\WINDOWS\TEMP\c.exe File not found

O4 - HKU\S-1-5-18..\Run: [ZagrebLand] C:\WINDOWS\TEMP\c.exe File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9

 

:files

C:\Documents and Settings\TÓ\Definições locais\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

 

:Commands

[purity]

[emptytemp]

<@> Clique no botão Run Fix --> Aguarde a conclusão!

<@> Terminando,vá até a pasta: C:\_OTL\MovedFiles\*.log <-- Poste!

°°°°°°°°°°°°°°°°°°°°°

°°°°°°°°°°°°°°°°°°°°°

<@> Baixe: < > ( ...by sUBs )

 

<!> Link-2 --> < ForoSpyware >

 

<!> Link-3 --> < GeeksToGo >

 

<!> Link-4 --> < como usar o combofix >

 

<@> Salve-o no desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

<@> Feche todas as janelas e execute a ferramenta!

 

<@> Ps: A execução,por comando,também é possível:

<@> Vá em Iniciar --> Executar --> Digite ou cole: "%userprofile%\desktop\Combofix.exe" /killall

 

 

<@> Clique em Ok.

<@> Na solicitação: "Negação de garantia de software" --> Clique em Sim!

 

 

<@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

<@> Terminando,clique Sim ou Yes. --> Aguarde!

 

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta ComboFix.exe e faça,novamente,seu download.

<!> Salve-a no desktop,renomeada como: Kombo.exe

<!> Ps: Nomeie durante o salvamento,e não após salvá-la!

<!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em "Modo de Segurança". <-- Link!

<!> Ps: Na presença de atividades rootkit,teremos a seguinte janela de notificação:

 

 

<!> Ps: Anote essas detecções,e dê o OK.

<!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

<!> Ps: Evite executar,voluntariamente,esta ferramenta!

<!> Ps: Para evitar problemas,siga todas as recomendações propostas.

<!> O ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão profissional.

<@> Abrir-se-á a janela Auto Scan. --> Aguarde!

<@> Àfim de completar as remoções,o ComboFix poderá reiniciar o computador.

<@> Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!

<@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

<@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter!

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

[frederico ventura 0]

Ok amigo dig ram,

Hoje como é dia de passagem de ano já não irei fazer o que meu amigo indicou, no entanto, como estou de férias, irei aproveitar o dia de amanhão para as executar. Um grande abraço e bom ano para si e os seus.

 

Frederico

[frederico ventura 0]

Boa tarde DigRam,

 

segue post do otl.exe conforme suas instruções.

Fiquei na duvida se deveria correr o spybot ou não. Vou continuar a realizar as restantes instruções.

 

Abraço,

 

Frederico

 

 

All processes killed

========== OTL ==========

Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\ZagrebLand deleted successfully.

Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\ZagrebLand not found.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9 deleted successfully.

========== FILES ==========

C:\Documents and Settings\TÓ\Definições locais\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Convidado

->Temp folder emptied: 20651296 bytes

->Temporary Internet Files folder emptied: 25078580 bytes

->Java cache emptied: 7226469 bytes

->FireFox cache emptied: 62113693 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Marco

->Temp folder emptied: 1560831 bytes

->Temporary Internet Files folder emptied: 78429 bytes

->Java cache emptied: 13690431 bytes

->FireFox cache emptied: 92316432 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 49919917 bytes

 

User: Pedro

->Temp folder emptied: 196066539 bytes

->Temporary Internet Files folder emptied: 4539959 bytes

->Java cache emptied: 26135047 bytes

->FireFox cache emptied: 105573859 bytes

 

User: TÓ

->Temp folder emptied: 65060 bytes

->Temporary Internet Files folder emptied: 5276161 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 78655035 bytes

->Apple Safari cache emptied: 0 bytes

 

User: Windows XP

->Apple Safari cache emptied: 11817883 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

Windows Temp folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 668,00 mb

 

 

OTL by OldTimer - Version 3.1.20.1 log created on 01022010_185839

 

Files\Folders moved on Reboot...

File move failed. C:\Documents and Settings\Windows XP\Definições locais\Application Data\Apple Computer\Safari\FontsList.plist scheduled to be moved on reboot.

 

Registry entries deleted on Reboot...

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.