Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Calquito

[Resolvido] &nbspPC extremamente lento

Recommended Posts

Bom dia!

À cerca de uns tempos para cá que tenho notado que tenho o meu PC bastante lento.

Demora a abrir programas, crácha algumas vezes, e a nivel de navegaçao na internet, atendendo que tenho uma boa velocidade, tambem apresenta demora.

Deixo aqui o log do Hijack This.

Desde já o meu obrigado pela vossa atençao.

Abraço!

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 11:28:07, on 10-04-2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\AVAST Software\Avast\afwServ.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Vongo\VongoService.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\AVAST Software\Avast\avastUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Documents and Settings\saraparreira\Desktop\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=presario&pf=laptop

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe

O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - S-1-5-18 Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')

O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1276289115890

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/m3/photouploadcontrol/MSNPUpld.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{5A479333-2E5C-425A-8E7D-4369BB0EF93B}: NameServer = 192.168.1.1

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)

O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe

O23 - Service: Serviço de Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\PIF\smss.exe (file missing)

O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe

 

--

End of file - 11526 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Calquito

 

 

*Instale o MalwareBytes

 

*Aguarde a atualização e o programa será aberto automaticamente

 

*Selecione [Verificação completa]

 

15i807m.jpg

 

*Clique [Verificar] e selecione a partição onde o Windows está instalado ( C:\ )

 

*Clique [Verificar]

 

*Ao término, clique [OK] > [Ver Resultados] > [Remover Selecionados]

 

*Cole o relatório apresentado

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá wings.

Conforme pedido, aqui fica o relatório do MalwareBytes.

Obrigado.

 

p.s. Tenho recebido tambem a mensagem do sistema a dizer que a minha memoria virtual se encontra baixa...

 

 

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

 

Versão da base de dados: v2012.04.10.05

 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

saraparreira :: SARA [limitado]

 

10-04-2012 15:16:31

mbam-log-2012-04-10 (15-16-31).txt

 

Tipo de pesquisa: Completa

Opções de pesquisa activadas: Memoria | Arranque | Registo | Sistema de Ficheiros | Heurísticos/Extra | Heurísticos/Shuriken | PPI | MPI

Opções de pesquisa desactivadas: P2P

Objectos verificados: 432209

Tempo decorrido: 3 hora(s), 23 minuto(s), 32 segundo(s)

 

Processos de memória Detectados: 0

(Nenhum item malicioso detectado)

 

Módulos de Memória Detectados: 0

(Nenhum item malicioso detectado)

 

Chaves do Registo Detectadas: 0

(Nenhum item malicioso detectado)

 

Valores do Registo Detectados: 0

(Nenhum item malicioso detectado)

 

Itens de dados do Registo Detectados: 0

(Nenhum item malicioso detectado)

 

Pastas Detectadas: 1

C:\WINDOWS\system32\28463 (Keylogger.Ardamax) -> Movido para a quarentena e eliminado com sucesso.

 

Ficheiros Detectados: 6

C:\WINDOWS\PIF\AdmDll.dll (PUP.RemoteAdmin) -> Nenhuma acção tomada.

C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP704\A0053978.exe (Affiliate.Downloader) -> Movido para a quarentena e eliminado com sucesso.

C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP704\A0054031.EXE (Dont.Steal.Our.Software) -> Movido para a quarentena e eliminado com sucesso.

C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP704\A0054032.exe (Malware.Packer) -> Movido para a quarentena e eliminado com sucesso.

C:\WINDOWS\PIF\AdmDll.dll (Trojan.Agent) -> Movido para a quarentena e eliminado com sucesso.

C:\WINDOWS\system32\28463\DVYY.001 (Keylogger.Ardamax) -> Movido para a quarentena e eliminado com sucesso.

 

(fim)

Compartilhar este post


Link para o post
Compartilhar em outros sites

1.

*Desative temporariamente seu antivírus

Clique com o botão direito do mouse no ícone do Avast ao lado do relógio > Selecione "Pausar a proteção residente" > OK.

 

2.

*Baixe o Kaspersky Virus Removal Tool Versão 11 e salve-o no desktop

 

*Execute-o, aguarde a instalação, aceite o contrato e clique [start]

 

70441078.jpg

 

*Clique no botão kvrt111.png

 

*Acrescente na pesquisa Meu computador

 

91605151.jpg

 

*Clique Actions, selecione a opção Select action e mantenha as opções Disinfect e Delete marcadas.

 

 

95015302.jpg

 

 

*Clique kvrt112.png

 

*Clique [start scanning]

 

*Ao término, clique kvrt113.png

 

*Clique Detected threats > Save e salve no desktop como log.txt

 

*Cole o relatório log.txt salvo no desktop

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa tarde wings.

Conforme pedido, aqui esta o log do Kaspersky.

Obrigado.

 

Status: Deleted (events: 24)

11-04-2012 12:22:15 Deleted virus Email-Worm.Win32.Brontok.jx C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2DCE71DA.exe High

11-04-2012 12:22:15 Deleted virus Email-Worm.Win32.Brontok.jx C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2DCE71DA.exe//CryptFF High

11-04-2012 12:22:17 Deleted virus Email-Worm.Win32.Brontok.jx C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2DD545D3.exe High

11-04-2012 12:22:17 Deleted virus Email-Worm.Win32.Brontok.jx C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2DD545D3.exe//CryptFF High

11-04-2012 12:22:17 Deleted virus Email-Worm.Win32.Brontok.jx C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30C72895.exe High

11-04-2012 12:22:17 Deleted virus Email-Worm.Win32.Brontok.jx C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30C72895.exe//CryptFF High

11-04-2012 12:22:20 Deleted virus Email-Worm.Win32.Brontok.jx C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30EB766D.exe High

11-04-2012 12:22:20 Deleted virus Email-Worm.Win32.Brontok.jx C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30EB766D.exe//CryptFF High

11-04-2012 12:22:24 Deleted virus Email-Worm.Win32.Brontok.jx C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3108704D.exe High

11-04-2012 12:22:23 Deleted virus Email-Worm.Win32.Brontok.jx C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3108704D.exe//CryptFF High

11-04-2012 12:22:25 Deleted virus Email-Worm.Win32.Brontok.jx C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\311C6C37.exe High

11-04-2012 12:22:25 Deleted virus Email-Worm.Win32.Brontok.jx C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\311C6C37.exe//CryptFF High

11-04-2012 15:38:31 Deleted virus Email-Worm.Win32.Brontok.jx C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP720\A0056209.exe High

11-04-2012 15:38:33 Deleted virus Email-Worm.Win32.Brontok.jx C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP720\A0056208.exe High

11-04-2012 15:38:33 Deleted virus Email-Worm.Win32.Brontok.jx C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP720\A0056208.exe//CryptFF High

11-04-2012 15:38:31 Deleted virus Email-Worm.Win32.Brontok.jx C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP720\A0056209.exe//CryptFF High

11-04-2012 15:38:41 Deleted virus Email-Worm.Win32.Brontok.jx C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP720\A0056210.exe High

11-04-2012 15:38:41 Deleted virus Email-Worm.Win32.Brontok.jx C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP720\A0056210.exe//CryptFF High

11-04-2012 15:38:42 Deleted virus Email-Worm.Win32.Brontok.jx C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP720\A0056211.exe High

11-04-2012 15:38:42 Deleted virus Email-Worm.Win32.Brontok.jx C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP720\A0056211.exe//CryptFF High

11-04-2012 15:38:51 Deleted virus Email-Worm.Win32.Brontok.jx C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP720\A0056212.exe High

11-04-2012 15:38:51 Deleted virus Email-Worm.Win32.Brontok.jx C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP720\A0056212.exe//CryptFF High

11-04-2012 15:38:54 Deleted virus Email-Worm.Win32.Brontok.jx C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP720\A0056213.exe High

11-04-2012 15:38:54 Deleted virus Email-Worm.Win32.Brontok.jx C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP720\A0056213.exe//CryptFF High

Status: Disinfected (events: 6)

11-04-2012 12:20:19 Disinfected virus Virus.Win32.Virut.a C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0B3A1582.exe High

11-04-2012 12:19:42 Disinfected virus Virus.Win32.Virut.a C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0B3A1582.exe//CryptFF High

11-04-2012 13:00:31 Disinfected Trojan program Trojan-Downloader.Java.Small.x C:\Documents and Settings\saraparreira\Local Settings\Temp\jar_cache1220789910448936635.tmp High

11-04-2012 13:00:31 Disinfected Trojan program Trojan-Downloader.Java.Small.x C:\Documents and Settings\saraparreira\Local Settings\Temp\jar_cache1220789910448936635.tmp/photoed.class High

11-04-2012 15:45:07 Disinfected virus Virus.Win32.Virut.a C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP720\A0056207.exe High

11-04-2012 15:30:31 Disinfected virus Virus.Win32.Virut.a C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP720\A0056207.exe//CryptFF High

 

Boa tarde wings.

Conforme pedido, aqui está o log do Kaspersky.

Obrigado.

 

Status: Deleted (events: 24)

11-04-2012 12:22:15 Deleted virus Email-Worm.Win32.Brontok.jx C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2DCE71DA.exe High

11-04-2012 12:22:15 Deleted virus Email-Worm.Win32.Brontok.jx C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2DCE71DA.exe//CryptFF High

11-04-2012 12:22:17 Deleted virus Email-Worm.Win32.Brontok.jx C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2DD545D3.exe High

11-04-2012 12:22:17 Deleted virus Email-Worm.Win32.Brontok.jx C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2DD545D3.exe//CryptFF High

11-04-2012 12:22:17 Deleted virus Email-Worm.Win32.Brontok.jx C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30C72895.exe High

11-04-2012 12:22:17 Deleted virus Email-Worm.Win32.Brontok.jx C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30C72895.exe//CryptFF High

11-04-2012 12:22:20 Deleted virus Email-Worm.Win32.Brontok.jx C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30EB766D.exe High

11-04-2012 12:22:20 Deleted virus Email-Worm.Win32.Brontok.jx C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30EB766D.exe//CryptFF High

11-04-2012 12:22:24 Deleted virus Email-Worm.Win32.Brontok.jx C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3108704D.exe High

11-04-2012 12:22:23 Deleted virus Email-Worm.Win32.Brontok.jx C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3108704D.exe//CryptFF High

11-04-2012 12:22:25 Deleted virus Email-Worm.Win32.Brontok.jx C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\311C6C37.exe High

11-04-2012 12:22:25 Deleted virus Email-Worm.Win32.Brontok.jx C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\311C6C37.exe//CryptFF High

11-04-2012 15:38:31 Deleted virus Email-Worm.Win32.Brontok.jx C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP720\A0056209.exe High

11-04-2012 15:38:33 Deleted virus Email-Worm.Win32.Brontok.jx C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP720\A0056208.exe High

11-04-2012 15:38:33 Deleted virus Email-Worm.Win32.Brontok.jx C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP720\A0056208.exe//CryptFF High

11-04-2012 15:38:31 Deleted virus Email-Worm.Win32.Brontok.jx C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP720\A0056209.exe//CryptFF High

11-04-2012 15:38:41 Deleted virus Email-Worm.Win32.Brontok.jx C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP720\A0056210.exe High

11-04-2012 15:38:41 Deleted virus Email-Worm.Win32.Brontok.jx C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP720\A0056210.exe//CryptFF High

11-04-2012 15:38:42 Deleted virus Email-Worm.Win32.Brontok.jx C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP720\A0056211.exe High

11-04-2012 15:38:42 Deleted virus Email-Worm.Win32.Brontok.jx C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP720\A0056211.exe//CryptFF High

11-04-2012 15:38:51 Deleted virus Email-Worm.Win32.Brontok.jx C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP720\A0056212.exe High

11-04-2012 15:38:51 Deleted virus Email-Worm.Win32.Brontok.jx C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP720\A0056212.exe//CryptFF High

11-04-2012 15:38:54 Deleted virus Email-Worm.Win32.Brontok.jx C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP720\A0056213.exe High

11-04-2012 15:38:54 Deleted virus Email-Worm.Win32.Brontok.jx C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP720\A0056213.exe//CryptFF High

Status: Disinfected (events: 6)

11-04-2012 12:20:19 Disinfected virus Virus.Win32.Virut.a C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0B3A1582.exe High

11-04-2012 12:19:42 Disinfected virus Virus.Win32.Virut.a C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0B3A1582.exe//CryptFF High

11-04-2012 13:00:31 Disinfected Trojan program Trojan-Downloader.Java.Small.x C:\Documents and Settings\saraparreira\Local Settings\Temp\jar_cache1220789910448936635.tmp High

11-04-2012 13:00:31 Disinfected Trojan program Trojan-Downloader.Java.Small.x C:\Documents and Settings\saraparreira\Local Settings\Temp\jar_cache1220789910448936635.tmp/photoed.class High

11-04-2012 15:45:07 Disinfected virus Virus.Win32.Virut.a C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP720\A0056207.exe High

11-04-2012 15:30:31 Disinfected virus Virus.Win32.Virut.a C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP720\A0056207.exe//CryptFF High

Compartilhar este post


Link para o post
Compartilhar em outros sites

*Desative temporariamente seu antivírus

 

*Baixe o ComboFix (...de sUBs) e salve-o no desktop

 

*Execute-o e aceite o contrato

 

*Se o Console de Recuperação do Microsoft Windows não estiver instalado, aceite a sua instalação

 

*Após a instalação do Console, clique [sim] e aguarde a conclusão das etapas

 

etapas.jpg

 

1) Não use o mouse nem o teclado durante as etapas!!

2) Para interromper o scan, tecle N

 

*Cole o relatório apresentado

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá wings.

Segue o relatorio do ComboFix.

Obrigado.

 

ComboFix 12-04-11.03 - saraparreira 11-04-2012 18:52:11.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.280 [GMT 1:00]

Running from: c:\documents and settings\saraparreira\Desktop\ComboFix.exe

AV: avast! Internet Security *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\saraparreira\Local Settings\Application Data\23.exe

c:\program files\iexplorer

c:\program files\iexplorer\AxInterop.QTOControlLib.dll

c:\program files\iexplorer\ICSharpCode.SharpZipLib.dll

c:\program files\iexplorer\iExplorer.exe

c:\program files\iexplorer\Interop.QTOControlLib.dll

c:\program files\iexplorer\Interop.QTOLibrary.dll

c:\program files\iexplorer\isxdl.dll

c:\program files\iexplorer\MPCrashReporter.dll

c:\program files\iexplorer\MPUpdater.dll

c:\program files\iexplorer\msvcr71.dll

c:\program files\iexplorer\PodPhone2.dll

c:\program files\iexplorer\unins000.dat

c:\program files\iexplorer\unins000.exe

c:\program files\iexplorer\unins000.msg

c:\windows\PIF\cmd.vbe

c:\windows\PIF\firewall.vbe

c:\windows\PIF\reg.reg

c:\windows\PIF\reg1.reg

D:\Autorun.inf

.

.

((((((((((((((((((((((((( Files Created from 2012-03-11 to 2012-04-11 )))))))))))))))))))))))))))))))

.

.

2012-04-10 14:07 . 2012-04-10 14:07 -------- d-----w- c:\documents and settings\saraparreira\Application Data\Malwarebytes

2012-04-10 14:06 . 2012-04-10 14:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2012-04-10 14:06 . 2012-04-10 14:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-04-10 14:06 . 2012-04-04 14:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-05 11:58 . 2012-04-05 12:55 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-04-02 16:58 . 2012-04-02 16:58 -------- d-----w- c:\documents and settings\saraparreira\Local Settings\Application Data\Macroplant

2012-03-22 22:43 . 2012-03-22 22:43 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll

2012-03-22 22:43 . 2012-03-22 22:43 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll

2012-03-20 07:09 . 2012-03-20 07:09 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Microsoft Help

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-05 12:55 . 2011-05-15 13:34 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-03-07 00:34 . 2012-03-07 00:34 1180099 ----a-w- c:\windows\unins000.exe

2012-03-07 00:15 . 2012-03-05 01:40 41184 ----a-w- c:\windows\avastSS.scr

2012-03-07 00:15 . 2012-03-05 01:40 201352 ----a-w- c:\windows\system32\aswBoot.exe

2012-03-07 00:04 . 2012-03-05 01:43 112984 ----a-w- c:\windows\system32\drivers\aswFW.sys

2012-03-07 00:03 . 2012-03-05 01:42 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-03-07 00:03 . 2012-03-05 01:43 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-03-07 00:03 . 2012-03-05 01:42 196440 ----a-w- c:\windows\system32\drivers\aswNdis2.sys

2012-03-07 00:02 . 2012-03-05 01:42 24408 ----a-w- c:\windows\system32\drivers\aswKbd.sys

2012-03-07 00:02 . 2012-03-05 01:42 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2012-03-07 00:01 . 2012-03-05 01:42 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-03-07 00:01 . 2012-03-05 01:42 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2012-03-07 00:01 . 2012-03-05 01:42 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys

2012-03-07 00:01 . 2012-03-05 01:43 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-03-06 23:58 . 2012-03-05 01:42 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2012-02-23 15:54 . 2012-03-05 01:40 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys

2012-02-18 19:53 . 2012-02-18 19:54 73728 ----a-w- c:\windows\system32\javacpl.cpl

2012-02-18 19:53 . 2010-05-08 13:06 472808 ----a-w- c:\windows\system32\deployJava1.dll

2012-02-03 09:22 . 2004-08-04 21:00 1860096 ----a-w- c:\windows\system32\win32k.sys

2004-05-06 11:11 . 2010-05-24 22:37 4289024 ----a-w- c:\program files\trial_setup.msi

2004-05-06 11:11 . 2010-05-24 22:37 40448 ----a-w- c:\program files\trial_setup.exe

2012-03-22 22:43 . 2011-05-03 21:29 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys

[-] 2008-04-13 18:40 . !HASH: COULD NOT OPEN FILE !!!!! . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys

[7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys

[7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-03-07 00:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-15 3905920]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 458752]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]

"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 61952]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 794713]

"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-06-23 102400]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]

"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]

"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-02 135168]

"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 40960]

"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]

"Reminder"="c:\windows\CREATOR\Remind_XP.exe" [2006-02-09 643072]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]

"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\Default User\Start Menu\Programs\Startup\

Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [2006-5-9 73728]

.

c:\documents and settings\Administrator.YOUR-0548C161E1.000\Start Menu\Programs\Startup\

Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [2006-5-9 73728]

.

c:\documents and settings\Guest\Start Menu\Programs\Startup\

Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [2006-5-9 73728]

.

c:\documents and settings\saraparreira\Start Menu\Programs\Startup\

_uninst_62786264.lnk - c:\documents and settings\saraparreira\Local Settings\Temp\_uninst_62786264.bat [N/A]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=

"c:\\Program Files\\SopCast\\SopCast.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\BTNext Legacy\\BTNext.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"13000:TCP"= 13000:TCP:BTNext

"13000:UDP"= 13000:UDP:BTNext

"5445:TCP"= 5445:TCP:@xpsp2res.dll,-22003

.

R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [24-05-2010 23:38 160640]

R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [24-05-2010 23:38 5248]

R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [05-03-2012 2:40 12112]

R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [05-03-2012 2:42 196440]

R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [05-03-2012 2:43 112984]

R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [05-03-2012 2:42 24408]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [05-03-2012 2:42 612184]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [05-03-2012 2:43 337880]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22-07-2011 17:27 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12-07-2011 22:55 67664]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [05-03-2012 2:43 20696]

S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [20-07-2010 15:48 18432]

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - 62786264

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-11 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 12:55]

.

2012-04-09 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:57]

.

2012-04-11 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 20620e1d-b9ef-4e80-81de-fb245cf298ac.job

- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]

.

2012-03-26 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 26e1d4ec-ee39-4377-926a-e71ffe79cd03.job

- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.hp.com/

uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

TCP: Interfaces\{5A479333-2E5C-425A-8E7D-4369BB0EF93B}: NameServer = 192.168.1.1

FF - ProfilePath - c:\documents and settings\saraparreira\Application Data\Mozilla\Firefox\Profiles\a3v2ih04.default\

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

HKLM-Run-NWEReboot - (no file)

SafeBoot-Wdf01000.sys

AddRemove-{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1 - c:\program files\iExplorer\unins000.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-04-11 19:20

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????L?@? ????S??????`?@?????L?@

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600

.

CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.

device: opened successfully

user: error reading MBR

kernel: MBR read successfully

user != kernel MBR !!!

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1280)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

.

Completion time: 2012-04-11 19:27:02

ComboFix-quarantined-files.txt 2012-04-11 18:26

.

Pre-Run: 27.134.734.336 bytes free

Post-Run: 28.140.797.952 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

.

- - End Of File - - 737AB8D71667CF7EB2C91E07FA694A34

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá wings.

Definitivamente, o pc está bem melhor. A velocidade de navegaçao na net está bem mais rápida, e o tempo de abertura dos programas tambem está bem melhor.

A unica coisa que noto é que, quando ligo o pc, demora um bocado até conseguir abrir um programa ou uma pagina da net.

Mas de resto, está francamente melhor.

Segue o log do HijackThis.

Obrigado.

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 22:30:57, on 11-04-2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\AVAST Software\Avast\afwServ.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Vongo\VongoService.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\AVAST Software\Avast\avastUI.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Documents and Settings\saraparreira\Desktop\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe

O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - S-1-5-18 Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')

O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')

O4 - Startup: _uninst_62786264.lnk = C:\Documents and Settings\saraparreira\Local Settings\Temp\_uninst_62786264.bat

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1276289115890

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/m3/photouploadcontrol/MSNPUpld.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{5A479333-2E5C-425A-8E7D-4369BB0EF93B}: NameServer = 192.168.1.1

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)

O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe

O23 - Service: Serviço de Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\PIF\smss.exe (file missing)

O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe

 

--

End of file - 11159 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

1.

*Baixe o OTL (...de Old_Timer) e salve-o no desktop

 

*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

2losnn.jpg

 

*Selecione:

Verificar All Users

Ignorar Arquivos Microsoft

Usar WhiteList para Nomes de Companhias

Verificar Lop

Verificar Purity

 

*Clique [Verificar] e cole os relatórios OTL.txt e Extras.txt criados no desktop

 

*Caso os relatórios sejam grandes, acesse este link

 

*Clique [selecionar arquivo...]

 

*Localize o relatório OTL.txt no desktop e clique [Abrir]

 

*Clique [upload!]

 

*Cole o link gerado abaixo de Your download link is:

 

*Repita o procedimento para o relatório Extras.txt

 

2.

*Baixe o aswMBR (...de Przemyslaw Gmerek) e salve-o no desktop

 

*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

*Clique [Não]

 

*Clique [scan]

 

23uo4tj.jpg

 

*Ao término, clique [save log] e salve no desktop

 

*Cole o relatório (aswmbr.txt)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa tarde wings.

Conforme pedido, seguem os relatorios.

Obrigado.

 

Relatório OTL.txt

 

OTL logfile created on: 12-04-2012 15:43:35 - Run 1

OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\saraparreira\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000816 | Country: Portugal | Language: PTG | Date Format: dd-MM-yyyy

 

502,05 Mb Total Physical Memory | 211,18 Mb Available Physical Memory | 42,06% Memory free

1,26 Gb Paging File | 0,57 Gb Available in Paging File | 45,03% Paging File free

Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 66,37 Gb Total Space | 26,60 Gb Free Space | 40,08% Space Free | Partition Type: NTFS

Drive D: | 8,13 Gb Total Space | 1,21 Gb Free Space | 14,92% Space Free | Partition Type: FAT32

 

Computer Name: SARA | User Name: saraparreira | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2012-04-12 15:28:43 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\saraparreira\Desktop\OTL.exe

PRC - [2012-03-22 23:43:48 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2012-03-15 21:03:57 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

PRC - [2012-03-07 01:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe

PRC - [2012-03-07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe

PRC - [2012-03-07 01:15:13 | 000,134,920 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe

PRC - [2011-08-12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe

PRC - [2010-04-05 20:55:01 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe

PRC - [2010-04-02 10:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE

PRC - [2009-09-23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

PRC - [2009-07-01 17:37:06 | 000,037,888 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe

PRC - [2008-04-14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007-06-27 19:04:00 | 001,213,736 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

PRC - [2007-06-27 19:03:40 | 000,152,872 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

PRC - [2006-05-09 23:11:10 | 000,176,128 | ---- | M] (Starz Entertainment Group LLC) -- C:\Program Files\Vongo\VongoService.exe

PRC - [2005-12-24 05:44:26 | 000,491,606 | ---- | M] () -- C:\Program Files\HPQ\Shared\HpqToaster.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2012-04-12 12:58:22 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll

MOD - [2012-04-12 12:58:21 | 000,065,024 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

MOD - [2012-04-12 09:26:32 | 001,755,136 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12041200\algo.dll

MOD - [2012-04-05 12:58:15 | 008,797,344 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll

MOD - [2012-03-22 23:43:44 | 001,969,080 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll

MOD - [2012-02-22 01:15:04 | 000,256,512 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\USERENV.dll

MOD - [2012-02-06 14:40:59 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

MOD - [2012-02-06 14:40:59 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

MOD - [2011-06-24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011-06-24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2010-04-05 20:55:01 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe

MOD - [2010-03-15 11:28:24 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll

MOD - [2009-07-01 17:37:06 | 000,037,888 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe

MOD - [2006-06-23 22:42:46 | 000,172,032 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\CLDataSync.dll

MOD - [2006-05-09 23:09:14 | 000,159,744 | ---- | M] () -- C:\Program Files\Vongo\CaPolMgr.dll

MOD - [2006-03-12 17:07:44 | 000,184,320 | ---- | M] () -- C:\Program Files\Vongo\sqldrivers\qsqlite.dll

MOD - [2006-03-12 17:07:42 | 003,940,352 | ---- | M] () -- C:\Program Files\Vongo\qt-mt335.dll

MOD - [2005-12-24 05:44:26 | 000,491,606 | ---- | M] () -- C:\Program Files\HPQ\Shared\HpqToaster.exe

 

 

========== Win32 Services (SafeList) ==========

 

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\PIF\smss.exe /service -- (r_server)

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)

SRV - [2012-04-05 13:55:22 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012-03-07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV - [2012-03-07 01:15:13 | 000,134,920 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)

SRV - [2011-08-12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)

SRV - [2010-04-05 20:55:01 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)

SRV - [2009-09-23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)

SRV - [2006-05-09 23:11:10 | 000,176,128 | ---- | M] (Starz Entertainment Group LLC) [Auto | Running] -- C:\Program Files\Vongo\VongoService.exe -- (Vongo Service)

SRV - [2006-05-08 18:49:02 | 000,098,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr)

SRV - [2004-08-04 22:00:00 | 000,003,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\System32\regedt32.exe -- (NOD32FiXTemDono)

 

 

========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20050901.036\symidsco.sys -- (SYMIDSCO)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\SARAPA~1\LOCALS~1\Temp\catchme.sys -- (catchme)

DRV - [2012-03-07 01:04:25 | 000,112,984 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswFW.sys -- (aswFW)

DRV - [2012-03-07 01:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2012-03-07 01:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2012-03-07 01:03:23 | 000,196,440 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswNdis2.sys -- (aswNdis2)

DRV - [2012-03-07 01:02:43 | 000,024,408 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswKbd.sys -- (aswKbd)

DRV - [2012-03-07 01:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)

DRV - [2012-03-07 01:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2012-03-07 01:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)

DRV - [2012-03-07 01:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2012-03-07 00:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)

DRV - [2012-02-23 16:54:51 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\aswNdis.sys -- (aswNdis)

DRV - [2011-07-22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2011-07-12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2010-04-19 20:29:20 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netaapl.sys -- (Netaapl)

DRV - [2008-04-13 19:40:30 | 000,096,512 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\atapi.sys -- (atapi)

DRV - [2006-06-02 16:02:36 | 000,572,928 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)

DRV - [2006-02-27 06:46:20 | 000,081,408 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)

DRV - [2006-01-19 10:18:52 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)

DRV - [2005-09-19 22:24:20 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)

DRV - [2005-09-19 22:24:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)

DRV - [2005-09-19 22:23:52 | 000,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)

DRV - [2005-08-22 01:07:00 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)

DRV - [2005-08-22 01:06:16 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)

DRV - [2005-08-22 01:06:10 | 000,718,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)

DRV - [2004-08-04 07:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)

DRV - [2004-04-30 09:37:02 | 000,160,640 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\a347bus.sys -- (a347bus)

DRV - [2004-04-30 09:33:00 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\a347scsi.sys -- (a347scsi)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-2229384179-3844802628-2754680465-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com/

IE - HKU\S-1-5-21-2229384179-3844802628-2754680465-1006\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-2229384179-3844802628-2754680465-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-2229384179-3844802628-2754680465-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2229384179-3844802628-2754680465-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

========== FireFox ==========

 

FF - prefs.js..extensions.enabledItems: {4176DFF4-4698-11DE-BEEB-45DA55D89593}:0.8.12

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)

FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)

FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-03-07 18:59:24 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-03-22 23:43:51 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-04-08 13:59:11 | 000,000,000 | ---D | M]

 

[2010-04-08 19:03:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\saraparreira\Application Data\Mozilla\Extensions

[2012-03-07 23:25:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\saraparreira\Application Data\Mozilla\Firefox\Profiles\a3v2ih04.default\extensions

[2010-10-24 01:58:05 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Documents and Settings\saraparreira\Application Data\Mozilla\Firefox\Profiles\a3v2ih04.default\extensions\vshare@toolbar

[2012-02-18 20:57:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

() (No name found) -- C:\DOCUMENTS AND SETTINGS\SARAPARREIRA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\A3V2IH04.DEFAULT\EXTENSIONS\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.XPI

[2012-02-18 20:53:59 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2012-03-22 23:43:49 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012-02-18 20:53:58 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2012-01-04 23:42:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012-01-04 23:42:56 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

 

O1 HOSTS File: ([2012-04-11 19:20:25 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKU\S-1-5-21-2229384179-3844802628-2754680465-1006\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.

O3 - HKU\S-1-5-21-2229384179-3844802628-2754680465-1006\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)

O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)

O4 - HKLM..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\Cpqset.exe ()

O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows ® Server 2003 DDK provider)

O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)

O4 - HKLM..\Run: [RecGuard] C:\WINDOWS\SMINST\Recguard.exe ()

O4 - HKLM..\Run: [Reminder] C:\WINDOWS\CREATOR\Remind_XP.exe (SoftThinks)

O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()

O4 - HKU\S-1-5-21-2229384179-3844802628-2754680465-1006..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)

O4 - HKU\S-1-5-21-2229384179-3844802628-2754680465-1006..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)

O4 - Startup: C:\Documents and Settings\Administrator.YOUR-0548C161E1.000\Start Menu\Programs\Startup\Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (Starz)

O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (Starz)

O4 - Startup: C:\Documents and Settings\Guest\Start Menu\Programs\Startup\Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (Starz)

O4 - Startup: C:\Documents and Settings\saraparreira\Start Menu\Programs\Startup\_uninst_62786264.lnk = File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\__avast! sandbox\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-2229384179-3844802628-2754680465-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-2229384179-3844802628-2754680465-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-2229384179-3844802628-2754680465-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-2229384179-3844802628-2754680465-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1276289115890 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/m3/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5A479333-2E5C-425A-8E7D-4369BB0EF93B}: NameServer = 192.168.1.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

O24 - Desktop WallPaper: C:\WINDOWS\Digicode.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Digicode.bmp

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2001-07-27 22:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

========== Files/Folders - Created Within 30 Days ==========

 

[2012-04-12 15:36:07 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\saraparreira\Desktop\aswMBR.exe

[2012-04-12 15:28:35 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\saraparreira\Desktop\OTL.exe

[2012-04-12 15:28:09 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2012-04-11 18:13:28 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2012-04-11 18:10:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2012-04-11 18:10:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2012-04-11 18:10:21 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2012-04-11 18:10:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2012-04-11 18:10:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2012-04-11 18:06:52 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012-04-11 18:04:33 | 004,458,963 | R--- | C] (Swearware) -- C:\Documents and Settings\saraparreira\Desktop\ComboFix.exe

[2012-04-10 15:07:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\saraparreira\Application Data\Malwarebytes

[2012-04-10 15:06:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012-04-10 15:06:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2012-04-10 15:06:39 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012-04-10 15:06:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012-04-10 14:59:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\saraparreira\Desktop\iMasters

[2012-04-10 11:20:24 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\saraparreira\Desktop\HijackThis.exe

[2012-04-08 21:35:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\saraparreira\Desktop\New Folder

[2012-04-08 00:32:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\saraparreira\Desktop\videos

[2012-04-02 17:58:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\saraparreira\Local Settings\Application Data\Macroplant

[2012-04-02 17:56:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iExplorer

[2012-03-15 07:28:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\saraparreira\Start Menu\Programs\Administrative Tools

 

========== Files - Modified Within 30 Days ==========

 

[2012-04-12 15:53:05 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2012-04-12 15:36:39 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\saraparreira\Desktop\aswMBR.exe

[2012-04-12 15:28:43 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\saraparreira\Desktop\OTL.exe

[2012-04-12 13:40:04 | 000,000,524 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 20620e1d-b9ef-4e80-81de-fb245cf298ac.job

[2012-04-12 12:50:45 | 000,000,313 | ---- | M] () -- C:\hpqp.ini

[2012-04-12 12:50:40 | 000,000,040 | ---- | M] () -- C:\XP_TV.ini

[2012-04-12 12:49:11 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2012-04-12 12:49:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012-04-12 12:49:05 | 526,503,936 | -HS- | M] () -- C:\hiberfil.sys

[2012-04-12 00:30:15 | 012,582,912 | -H-- | M] () -- C:\Documents and Settings\saraparreira\NTUSER.DAT

[2012-04-12 00:29:45 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\saraparreira\ntuser.ini

[2012-04-11 20:27:55 | 000,533,164 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2012-04-11 20:27:55 | 000,451,836 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012-04-11 20:27:55 | 000,073,684 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012-04-11 20:14:19 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2012-04-11 19:20:38 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2012-04-11 19:20:25 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2012-04-11 18:13:36 | 000,000,327 | RHS- | M] () -- C:\boot.ini

[2012-04-11 18:05:09 | 004,458,963 | R--- | M] (Swearware) -- C:\Documents and Settings\saraparreira\Desktop\ComboFix.exe

[2012-04-11 12:22:23 | 000,001,332 | -HS- | M] () -- C:\WINDOWS\1057195drv.spi

[2012-04-11 11:52:54 | 000,000,835 | ---- | M] () -- C:\Documents and Settings\saraparreira\Start Menu\Programs\Startup\_uninst_62786264.lnk

[2012-04-11 11:46:47 | 129,918,552 | ---- | M] () -- C:\Documents and Settings\saraparreira\Desktop\setup_11.0.0.1245.x01_2012_04_11_13_28.exe

[2012-04-10 15:06:50 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012-04-10 11:20:28 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\saraparreira\Desktop\HijackThis.exe

[2012-04-09 19:00:20 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2012-04-06 22:56:33 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2012-04-06 16:25:57 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2012-04-05 18:50:43 | 000,001,630 | ---- | M] () -- C:\Documents and Settings\saraparreira\Desktop\iva 2012 1

[2012-04-04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012-04-03 15:17:37 | 000,094,144 | ---- | M] () -- C:\Documents and Settings\saraparreira\Desktop\Recibo Electronico 4-2012.pdf

[2012-04-02 18:26:41 | 192,843,890 | ---- | M] () -- C:\Documents and Settings\saraparreira\Desktop\Picture.MOV

[2012-04-02 17:57:01 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iExplorer.lnk

[2012-04-02 17:02:59 | 000,065,189 | ---- | M] () -- C:\Documents and Settings\saraparreira\Desktop\TratamentosReembolso.pdf

[2012-03-31 16:24:19 | 001,857,488 | ---- | M] () -- C:\Documents and Settings\saraparreira\Desktop\install_easyshare.exe

[2012-03-28 19:32:49 | 000,043,008 | ---- | M] () -- C:\Documents and Settings\saraparreira\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012-03-26 02:00:03 | 000,000,524 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 26e1d4ec-ee39-4377-926a-e71ffe79cd03.job

[2012-03-20 08:09:15 | 000,000,728 | ---- | M] () -- C:\WINDOWS\win.ini

[2012-03-14 21:54:58 | 000,352,176 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

 

========== Files Created - No Company Name ==========

 

[2012-04-11 18:13:36 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2012-04-11 18:13:32 | 000,260,272 | RHS- | C] () -- C:\cmldr

[2012-04-11 18:10:21 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2012-04-11 18:10:21 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2012-04-11 18:10:21 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2012-04-11 18:10:21 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2012-04-11 18:10:21 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2012-04-11 12:22:13 | 000,001,332 | -HS- | C] () -- C:\WINDOWS\1057195drv.spi

[2012-04-11 11:52:54 | 000,000,835 | ---- | C] () -- C:\Documents and Settings\saraparreira\Start Menu\Programs\Startup\_uninst_62786264.lnk

[2012-04-11 11:39:18 | 129,918,552 | ---- | C] () -- C:\Documents and Settings\saraparreira\Desktop\setup_11.0.0.1245.x01_2012_04_11_13_28.exe

[2012-04-10 15:06:50 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012-04-05 18:33:16 | 000,001,630 | ---- | C] () -- C:\Documents and Settings\saraparreira\Desktop\iva 2012 1

[2012-04-05 12:58:18 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2012-04-03 15:17:37 | 000,094,144 | ---- | C] () -- C:\Documents and Settings\saraparreira\Desktop\Recibo Electronico 4-2012.pdf

[2012-04-02 17:57:01 | 000,000,694 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iExplorer.lnk

[2012-04-02 17:02:47 | 000,065,189 | ---- | C] () -- C:\Documents and Settings\saraparreira\Desktop\TratamentosReembolso.pdf

[2012-04-02 16:38:44 | 192,843,890 | ---- | C] () -- C:\Documents and Settings\saraparreira\Desktop\Picture.MOV

[2012-03-31 16:24:19 | 001,857,488 | ---- | C] () -- C:\Documents and Settings\saraparreira\Desktop\install_easyshare.exe

[2012-03-07 01:34:54 | 001,180,099 | ---- | C] () -- C:\WINDOWS\unins000.exe

[2012-03-05 02:14:26 | 000,004,115 | ---- | C] () -- C:\WINDOWS\unins000.dat

[2012-02-15 14:36:42 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2011-05-23 12:18:32 | 000,002,368 | ---- | C] () -- C:\Documents and Settings\saraparreira\Local Settings\Application Data\c2.exe

[2011-04-15 20:01:55 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2010-10-11 16:00:16 | 000,020,992 | ---- | C] () -- C:\WINDOWS\bw-uninstall.exe

[2010-05-24 23:38:26 | 000,160,640 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347bus.sys

[2010-05-24 23:38:26 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347scsi.sys

[2010-05-24 23:37:33 | 004,289,024 | ---- | C] () -- C:\Program Files\trial_setup.msi

[2010-05-24 23:37:33 | 000,040,448 | ---- | C] () -- C:\Program Files\trial_setup.exe

[2010-05-24 23:37:33 | 000,000,777 | ---- | C] () -- C:\Program Files\trial_setup.ini

[2010-05-11 12:20:25 | 000,001,370 | ---- | C] () -- C:\Documents and Settings\saraparreira\Application Data\wklnhst.dat

[2010-05-02 23:03:50 | 000,076,020 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

 

========== LOP Check ==========

 

[2012-03-05 02:39:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software

[2011-08-31 19:09:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canon IJ Network Tool

[2011-08-31 18:51:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ

[2011-08-31 19:15:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonEPP

[2011-08-31 19:42:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJ

[2011-08-31 19:21:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV

[2011-08-31 19:16:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX

[2011-08-31 19:15:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX2

[2011-08-31 19:01:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMSetup

[2011-08-31 19:15:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter

[2012-04-07 19:42:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM

[2011-08-31 19:35:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan

[2011-08-31 19:15:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSolutionMenuEX

[2011-08-31 18:57:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJWSpt

[2010-01-01 21:34:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite

[2009-05-20 23:29:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse

[2008-03-30 20:05:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoBit Games

[2007-01-03 05:05:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies

[2010-03-16 00:49:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9

[2009-11-07 20:49:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung

[2009-02-05 14:29:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems

[2010-03-13 03:47:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirtualFarm

[2008-11-14 13:40:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vodafone

[2010-04-08 20:02:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent

[2009-05-20 23:29:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom

[2010-05-02 22:34:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2008-11-14 13:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Vodafone

[2011-12-01 23:14:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\saraparreira\Application Data\Canon

[2011-08-31 19:01:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\saraparreira\Application Data\Canon Easy-WebPrint EX

[2011-09-10 14:39:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\saraparreira\Application Data\ESET

[2010-04-08 21:04:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\saraparreira\Application Data\iWin

[2010-05-10 11:37:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\saraparreira\Application Data\Leadertech

[2010-05-11 12:20:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\saraparreira\Application Data\Template

[2010-05-24 22:50:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\saraparreira\Application Data\URSoft

[2012-04-10 11:24:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\saraparreira\Application Data\uTorrent

[2012-04-12 13:40:04 | 000,000,524 | ---- | M] () -- C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 20620e1d-b9ef-4e80-81de-fb245cf298ac.job

[2012-03-26 02:00:03 | 000,000,524 | ---- | M] () -- C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 26e1d4ec-ee39-4377-926a-e71ffe79cd03.job

 

========== Purity Check ==========

 

 

 

< End of report >

 

 

Relatório Extras.txt

 

OTL Extras logfile created on: 12-04-2012 15:43:35 - Run 1

OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\saraparreira\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000816 | Country: Portugal | Language: PTG | Date Format: dd-MM-yyyy

 

502,05 Mb Total Physical Memory | 211,18 Mb Available Physical Memory | 42,06% Memory free

1,26 Gb Paging File | 0,57 Gb Available in Paging File | 45,03% Paging File free

Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 66,37 Gb Total Space | 26,60 Gb Free Space | 40,08% Space Free | Partition Type: NTFS

Drive D: | 8,13 Gb Total Space | 1,21 Gb Free Space | 14,92% Space Free | Partition Type: FAT32

 

Computer Name: SARA | User Name: saraparreira | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"UpdatesDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"" =

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

"13000:TCP" = 13000:TCP:*:Enabled:BTNext

"13000:UDP" = 13000:UDP:*:Enabled:BTNext

"5445:TCP" = 5445:TCP:*:Enabled:@xpsp2res.dll,-22003

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"" =

"C:\Program Files\Vongo\VongoService.exe" = C:\Program Files\Vongo\VongoService.exe:*:enabled:VongoService -- (Starz Entertainment Group LLC)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)

"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)

"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)

"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)

"C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe" = C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home -- (Nero AG)

"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)

"C:\Program Files\BTNext Legacy\BTNext.exe" = C:\Program Files\BTNext Legacy\BTNext.exe:*:Enabled:BT Next -- ()

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module

"{09D8492A-C8E2-421E-927D-46800FB327A3}" = Wireless Home Network Setup

"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series" = Canon MP495 series MP Drivers

"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live

"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus

"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement

"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2

"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations

"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31

"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006

"{28DA1AA2-07F2-4451-A28B-A6A01A9CE8E9}" = Assistente de Início de Sessão do Windows Live

"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes

"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager

"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6

"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.10 A1

"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting

"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap

"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm

"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works

"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 G2

"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 2.3

"{4723f199-fa64-4233-8e6e-9fccc95a18ee}" = Python 2.6.5

"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant

"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4DA4012B-39AF-48c2-B23B-A4D570D233A6}" = cp_LightScribeConfig

"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1

"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3

"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder

"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig

"{552E6DA4-A0F9-41AC-8473-E825D60674EA}" = HP User Guides 0037

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour

"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}" = cp_UpdateProjectsConfig

"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up

"{838A1BC9-95CA-4880-9BE3-2A7D23600A2B}" = Macromedia Shockwave Player

"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour

"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver

"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour

"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support

"{A01FC76F-CC09-4658-9E37-5C2F635EE708}" = TourSetup

"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support

"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress

"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module

"{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.5

"{AEF7A12C-CD9B-4773-8AD1-6916138CA7EA}" = SmartAudio

"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config

"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module

"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles

"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center

"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3

"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit

"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update

"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig

"{BC96BBA7-C634-460E-AD18-A0A994213F80}" = HP User Guides--System Recovery

"{C36C3F84-E04B-44E3-9D7B-ABBCC6BE94F5}" = PC Camer@

"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax

"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{CF097717-F174-4144-954A-FBC4BF301033}" = Nero 7 Ultra Edition

"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp

"{DB7E00C9-6DEF-489A-8112-D8F81614F45A}" = Vongo

"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit

"{E9F81423-211E-46B6-9AE0-38568BC5CF6F}" =

"{FB09F05F-85C6-4205-B28D-5BF071D276C3}" = muvee autoProducer 5.0

"{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Alice Greenfingers" = Alice Greenfingers

"avast" = avast! Internet Security

"Avast_2050_ZeNiX [Final]_is1" = Avast License by ZeNiX [Final]

"BTNext Legacy" = BTNext Legacy

"Canon MP495 series User Registration" = Canon MP495 series User Registration

"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool

"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program

"CanonMyPrinter" = Canon My Printer

"CanonSolutionMenuEX" = Canon Solution Menu EX

"CNXT_HDAUDIO" = Conexant HD Audio

"CNXT_MODEM_HDAUDIO_CPL30A5m" = HDAUDIO Soft Data Fax Modem with SmartCP

"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX

"Easy-WebPrint EX" = Canon Easy-WebPrint EX

"Eset NOD32 v3.0.642 FiX1.2 by TemDono_is1" = NOD32 v3.0.642 FiX1.2 by TemDono (31 days remaining forever up

"HP Imaging Device Functions" = HP Imaging Device Functions 6.0

"HP Photo & Imaging" = HP Photosmart Premier Software 6.0

"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement

"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up

"InstallShield_{C36C3F84-E04B-44E3-9D7B-ABBCC6BE94F5}" = PC Camer@

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versão 1.61.0.1400

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Money2006b" = Microsoft Money 2006

"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)

"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0

"SopCast" = SopCast 3.2.4

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"uTorrent" = µTorrent

"Veetle TV" = Veetle TV 0.9.18

"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

"WildTangent CDA" = WildTangent Web Driver

"WildTangent hplaptop Master Uninstall" = My HP Games

"Windows Media Format Runtime" = Windows Media Format Runtime

"Windows Media Player" = Windows Media Player 10

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinRAR archiver" = Arquivo do WinRAR

"YU2010_is1" = Your Uninstaller! 2010

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 03-04-2012 17:28:24 | Computer Name = SARA | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 41640

 

Error - 03-04-2012 17:28:24 | Computer Name = SARA | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 41640

 

Error - 03-04-2012 17:28:27 | Computer Name = SARA | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 03-04-2012 17:28:27 | Computer Name = SARA | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 44703

 

Error - 03-04-2012 17:28:27 | Computer Name = SARA | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 44703

 

Error - 03-04-2012 17:28:34 | Computer Name = SARA | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 03-04-2012 17:28:34 | Computer Name = SARA | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 51625

 

Error - 03-04-2012 17:28:34 | Computer Name = SARA | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 51625

 

Error - 05-04-2012 17:22:08 | Computer Name = SARA | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting

module aswwebrepie.dll, version 7.0.1426.0, fault address 0x000146ac.

 

Error - 09-04-2012 13:31:37 | Computer Name = SARA | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting

module aswwebrepie.dll, version 7.0.1426.0, fault address 0x000146ac.

 

[ System Events ]

Error - 11-04-2012 11:57:50 | Computer Name = SARA | Source = Service Control Manager | ID = 7000

Description = The Remote Administrator Service service failed to start due to the

following error: %%2

 

Error - 11-04-2012 11:57:57 | Computer Name = SARA | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

AliIde PCIIde Pcmcia ViaIde

 

Error - 11-04-2012 11:58:03 | Computer Name = SARA | Source = sr | ID = 1

Description = The System Restore filter encountered the unexpected error '0xC0000001'

while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring

the volume.

 

Error - 11-04-2012 15:05:28 | Computer Name = SARA | Source = Service Control Manager | ID = 7011

Description = Timeout (30000 milliseconds) waiting for a transaction response from

the stisvc service.

 

Error - 11-04-2012 15:58:21 | Computer Name = SARA | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the Eset Nod32 Boot service

to connect.

 

Error - 11-04-2012 15:58:21 | Computer Name = SARA | Source = Service Control Manager | ID = 7000

Description = The Eset Nod32 Boot service failed to start due to the following error:

%%1053

 

Error - 11-04-2012 15:58:21 | Computer Name = SARA | Source = Service Control Manager | ID = 7000

Description = The Remote Administrator Service service failed to start due to the

following error: %%2

 

Error - 12-04-2012 7:49:15 | Computer Name = SARA | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the Eset Nod32 Boot service

to connect.

 

Error - 12-04-2012 7:49:15 | Computer Name = SARA | Source = Service Control Manager | ID = 7000

Description = The Eset Nod32 Boot service failed to start due to the following error:

%%1053

 

Error - 12-04-2012 7:49:15 | Computer Name = SARA | Source = Service Control Manager | ID = 7000

Description = The Remote Administrator Service service failed to start due to the

following error: %%2

 

 

< End of report >

 

 

Relatorio aswMBR

 

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-04-12 15:57:15

-----------------------------

15:57:15.328 OS Version: Windows 5.1.2600 Service Pack 3

15:57:15.328 Number of processors: 1 586 0xE08

15:57:15.343 ComputerName: SARA UserName:

15:57:26.421 Initialize success

15:57:31.703 AVAST engine defs: 12041200

15:58:33.875 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0

15:58:33.890 Disk 0 Vendor: Size: 0MB BusType: 0

15:58:33.921 Disk 0 MBR read successfully

15:58:33.921 Disk 0 MBR scan

15:58:34.296 Disk 0 unknown MBR code

15:58:34.312 Disk 0 MBR hidden

15:58:34.328 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 67962 MB offset 63

15:58:34.578 Disk 0 Partition 2 00 0C FAT32 LBA RECOVERY 8346 MB offset 139203225

15:58:35.000 Disk 0 scanning C:\WINDOWS\system32\drivers

15:59:07.453 Service scanning

15:59:11.953 Service atapi C:\WINDOWS\system32\DRIVERS\atapi.sys **LOCKED** 32

15:59:36.281 Modules scanning

16:00:09.375 Disk 0 trace - called modules:

16:00:09.843 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys

16:00:09.859 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82d58030]

16:00:09.890 3 CLASSPNP.SYS[f85d5fd7] -> nt!IofCallDriver -> \Device\00000088[0x82d94768]

16:00:09.906 5 ACPI.sys[f8424620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x82d3d030]

16:00:10.812 AVAST engine scan C:\WINDOWS

16:00:39.234 AVAST engine scan C:\WINDOWS\system32

16:05:30.078 AVAST engine scan C:\WINDOWS\system32\drivers

16:05:58.968 AVAST engine scan C:\Documents and Settings\saraparreira

16:58:47.171 AVAST engine scan C:\Documents and Settings\All Users

17:11:15.015 Scan finished successfully

17:12:02.890 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\saraparreira\Desktop\MBR.dat"

17:12:02.906 The log file has been saved successfully to "C:\Documents and Settings\saraparreira\Desktop\aswMBR.txt"

Compartilhar este post


Link para o post
Compartilhar em outros sites

1.

*Renomei o Combofix para Uninstall

 

*Execute-o e aguarde a mensagem "ComboFix está desinstalado"

 

 

2.

*Delete o Kaspersky Virus Removal Tool e seu relatório

 

 

3.

*Delete o aswMBR, MBR.dat e aswMBR.txt localizados no desktop

 

 

4.

*Baixe o createsrp (...de Ramesh Srinivasan) e salve-o no desktop

 

*Execute-o e clique [OK]

 

 

5.

*Execute o OTL

*Cole as linhas em marrom no espaço abaixo de Exames Personalizados/Correções:

:OTL

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\PIF\smss.exe /service -- (r_server)

[2012-04-11 11:52:54 | 000,000,835 | ---- | M] () -- C:\Documents and Settings\saraparreira\Start Menu\Programs\Startup\_uninst_62786264.lnk

 

:Commands

[PURITY]

[EMPTYTEMP]

*Clique [Consertar] e o PC será reiniciado

 

*Cole o relatório apresentado

 

 

Informe como está o PC

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ola wings.

Fiz tudo como disse. Só uma coisa:

Quando corri o createsrp, recebi uma mensagem com o titulo "Windows script host", que dizia " - Error 1058: unable to create restore point".

Depois executei o OTL e tudo normal.

Segue o relatorio.

Obrigado.

 

All processes killed

========== OTL ==========

Service r_server stopped successfully!

Service r_server deleted successfully!

File C:\WINDOWS\PIF\smss.exe /service not found.

C:\Documents and Settings\saraparreira\Start Menu\Programs\Startup\_uninst_62786264.lnk moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrator

->Temporary Internet Files folder emptied: 0 bytes

 

User: Administrator.YOUR-0548C161E1

->Temporary Internet Files folder emptied: 0 bytes

 

User: Administrator.YOUR-0548C161E1.000

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

 

User: Guest

->Temp folder emptied: 357934 bytes

->Temporary Internet Files folder emptied: 67 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Owner

 

User: saraparreira

->Temp folder emptied: 2912 bytes

->Temporary Internet Files folder emptied: 11052781 bytes

->Java cache emptied: 40371801 bytes

->FireFox cache emptied: 53112096 bytes

->Apple Safari cache emptied: 2391040 bytes

->Flash cache emptied: 2008933 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 2285422 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 7497622 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 114,00 mb

 

 

OTL by OldTimer - Version 3.2.39.2 log created on 04122012_201358

 

Files\Folders moved on Reboot...

File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

 

Registry entries deleted on Reboot...

Compartilhar este post


Link para o post
Compartilhar em outros sites

wings, sinceramente acho que o pc está muito melhor.

Está mais rapido no seu desempenho geral. De vez em quando é que lá vai aparecendo a mensagem de baixa memoria virtual, mas com muito menos frequencia. Tirando isso, tudo bem melhor.

Agradeço imenso a atençao que teve para comigo.

Acha que devo fazer mais alguma coisa?

Um abraço,

Calquito

Compartilhar este post


Link para o post
Compartilhar em outros sites

wings, sinceramente acho que o pc está muito melhor.

Está mais rapido no seu desempenho geral. De vez em quando é que lá vai aparecendo a mensagem de baixa memoria virtual, mas com muito menos frequencia. Tirando isso, tudo bem melhor.

Agradeço imenso a atençao que teve para comigo.

Acha que devo fazer mais alguma coisa?

Um abraço,

Calquito

Nada mais a fazer...:)

 

Tudo de suspeito foi removido.

 

Vamos remover o OTL.

 

*Execute o OTL e clique [Limpeza] > [OK]

*O PC será reiniciado

 

Um abraço.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia wings.

Quero-lhe agradecer toda a atençao que teve para comigo.

Muito obrigado pela sua ajuda na resoluçao do meu problema.

Continuaçao de bom trabalho para voce e para a restante equipa do iMasters.

Um abraço,

Calquito

Compartilhar este post


Link para o post
Compartilhar em outros sites

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.