Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

is there any evidence?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

is there any evidence?

Unread postby lica » November 21st, 2008, 9:46 am

hi


my computer in now running too slow.
Is there any evidence os malware or virus?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:37:54, on 21-11-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20900)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programas\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Programas\DynDNS Updater\DynUpSvc.exe
C:\Programas\Microsoft SQL Server\MSSQL$PRIEXPRESS\Binn\sqlservr.exe
C:\Programas\Microsoft SQL Server\MSSQL$PRIMAVERA\Binn\sqlservr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programas\TeamViewer3\TeamViewer_Host.exe
C:\Programas\TeamViewer3\TeamViewer.exe
C:\Programas\Companion Suite Pro LL\MFPrintServer.exe
C:\Programas\Windows Defender\MSASCui.exe
C:\Programas\Analog Devices\Core\smax4pnp.exe
C:\Programas\Analog Devices\SoundMAX\Smax4.exe
C:\Programas\DVBViewerTE\SkystarIR.exe
C:\Programas\ScanSoft\PaperPort\pptd40nt.exe
C:\Programas\Companion Suite Pro LL\MFServices.exe
C:\Programas\ASUS\AASP\1.00.01\aaCenter.exe
C:\Programas\ASUS\Ai Suite\AiNap\AiNap.exe
C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Programas\Unlocker\UnlockerAssistant.exe
C:\Programas\Java\jre1.6.0_05\bin\jusched.exe
C:\Programas\VoipStunt.com\VoipStunt\VoipStunt.exe
C:\Programas\Microsoft ActiveSync\Wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Programas\ASUS WiFi-AP Solo\RtWLan.exe
C:\Programas\DynDNS Updater\DynTray.exe
C:\Programas\TechniSat DVB\bin\Server4PC.exe
C:\Programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Programas\IncrediMail\bin\IMApp.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://pt.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [MFPrintServer_Pro_LL] "C:\Programas\Companion Suite Pro LL\MFPrintServer.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Programas\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [IndexSearch] C:\Programas\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programas\Ficheiros comuns\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programas\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programas\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SkystarIR] C:\Programas\DVBViewerTE\SkystarIR.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Programas\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [MFServices_Pro_LL] "C:\Programas\Companion Suite Pro LL\MFServices.exe" -n
O4 - HKLM\..\Run: [AsusServiceProvider] C:\Programas\ASUS\AASP\1.00.01\aaCenter.exe
O4 - HKLM\..\Run: [Ai Nap] "C:\Programas\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TrojanScanner] C:\Programas\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programas\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [VoipStunt] "C:\Programas\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized
O4 - HKCU\..\Run: [IncrediMail] C:\Programas\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programas\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Programas\CCleaner\ccleaner.exe" /AUTO
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Serviço de rede')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHEI~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHEI~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ?
O4 - Global Startup: DynDNS Updater Tray Icon.lnk = C:\Programas\DynDNS Updater\DynTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Server4PC.lnk = C:\Programas\TechniSat DVB\bin\Server4PC.exe
O4 - Global Startup: Service Manager.lnk = C:\Programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Programas\IncrediMail\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Add to Anti-Banner - C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Criar Favorito Móvel... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se5036.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.opentopia.com/support/active ... ontrol.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.codificado.tv/onc/nsvplayx_vp3_mp3.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHEI~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: DynDNS Updater - Dynamic Network Services, Inc. - C:\Programas\DynDNS Updater\DynUpSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Programas\TeamViewer3\TeamViewer_Host.exe

--
End of file - 10903 bytes
lica
Active Member
 
Posts: 4
Joined: November 21st, 2008, 8:35 am
Advertisement
Register to Remove

Re: is there any evidence?

Unread postby Shaba » November 23rd, 2008, 6:03 am

Hi lica

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: is there any evidence?

Unread postby lica » November 23rd, 2008, 8:20 am

hi


thks for your reply

here they are

LOG
Logfile of random's system information tool 1.04 (written by random/random)
Run by admin at 2008-11-23 12:15:49
Microsoft Windows XP Professional Service Pack 3
System drive C: has 217 GB (91%) free of 238 GB
Total RAM: 2047 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:15:50, on 23-11-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20900)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programas\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Programas\DynDNS Updater\DynUpSvc.exe
C:\Programas\Microsoft SQL Server\MSSQL$PRIEXPRESS\Binn\sqlservr.exe
C:\Programas\Microsoft SQL Server\MSSQL$PRIMAVERA\Binn\sqlservr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programas\TeamViewer3\TeamViewer_Host.exe
C:\Programas\TeamViewer3\TeamViewer.exe
C:\Programas\Companion Suite Pro LL\MFPrintServer.exe
C:\Programas\Windows Defender\MSASCui.exe
C:\Programas\Analog Devices\Core\smax4pnp.exe
C:\Programas\Analog Devices\SoundMAX\Smax4.exe
C:\Programas\DVBViewerTE\SkystarIR.exe
C:\Programas\ScanSoft\PaperPort\pptd40nt.exe
C:\Programas\Companion Suite Pro LL\MFServices.exe
C:\Programas\ASUS\AASP\1.00.01\aaCenter.exe
C:\Programas\ASUS\Ai Suite\AiNap\AiNap.exe
C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Programas\Java\jre1.6.0_05\bin\jusched.exe
C:\Programas\VoipStunt.com\VoipStunt\VoipStunt.exe
C:\Programas\Microsoft ActiveSync\Wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\ASUS WiFi-AP Solo\RtWLan.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Programas\DynDNS Updater\DynTray.exe
C:\Programas\TechniSat DVB\bin\Server4PC.exe
C:\Programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programas\Outlook Express\msimn.exe
C:\Programas\Messenger\msmsgs.exe
C:\Documents and Settings\admin\Ambiente de trabalho\RSIT.exe
C:\Programas\Trend Micro\HijackThis\admin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://pt.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [MFPrintServer_Pro_LL] "C:\Programas\Companion Suite Pro LL\MFPrintServer.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Programas\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [IndexSearch] C:\Programas\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programas\Ficheiros comuns\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programas\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programas\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SkystarIR] C:\Programas\DVBViewerTE\SkystarIR.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Programas\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [MFServices_Pro_LL] "C:\Programas\Companion Suite Pro LL\MFServices.exe" -n
O4 - HKLM\..\Run: [AsusServiceProvider] C:\Programas\ASUS\AASP\1.00.01\aaCenter.exe
O4 - HKLM\..\Run: [Ai Nap] "C:\Programas\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TrojanScanner] C:\Programas\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [VoipStunt] "C:\Programas\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programas\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Programas\CCleaner\ccleaner.exe" /AUTO
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Serviço de rede')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHEI~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHEI~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ?
O4 - Global Startup: DynDNS Updater Tray Icon.lnk = C:\Programas\DynDNS Updater\DynTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Server4PC.lnk = C:\Programas\TechniSat DVB\bin\Server4PC.exe
O4 - Global Startup: Service Manager.lnk = C:\Programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Programas\IncrediMail\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Add to Anti-Banner - C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Criar Favorito Móvel... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se5036.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.opentopia.com/support/active ... ontrol.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.codificado.tv/onc/nsvplayx_vp3_mp3.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHEI~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: DynDNS Updater - Dynamic Network Services, Inc. - C:\Programas\DynDNS Updater\DynUpSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Programas\TeamViewer3\TeamViewer_Host.exe

--
End of file - 10815 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\notepad.job
C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
C:\WINDOWS\tasks\Uniblue SpeedUpMyPC.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aplicación auxiliar de vínculos de Adobe PDF Reader - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2007-09-13 1312040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-09-09 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programa Auxiliar de Início de Sessão do Windows Live - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MFPrintServer_Pro_LL"=C:\Programas\Companion Suite Pro LL\MFPrintServer.exe [2006-05-04 65536]
"Windows Defender"=C:\Programas\Windows Defender\MSASCui.exe [2006-11-03 866584]
"IndexSearch"=C:\Programas\ScanSoft\PaperPort\IndexSearch.exe [2005-02-07 40960]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-02-13 7557120]
"SSBkgdUpdate"=C:\Programas\Ficheiros comuns\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-10-14 155648]
"SoundMAXPnP"=C:\Programas\Analog Devices\Core\smax4pnp.exe [2006-05-18 843776]
"SoundMAX"=C:\Programas\Analog Devices\SoundMAX\Smax4.exe [2006-05-18 729088]
"SkystarIR"=C:\Programas\DVBViewerTE\SkystarIR.exe [2007-08-23 187392]
"PaperPort PTD"=C:\Programas\ScanSoft\PaperPort\pptd40nt.exe [2005-02-07 57393]
"MFServices_Pro_LL"=C:\Programas\Companion Suite Pro LL\MFServices.exe [2006-05-04 335872]
"AsusServiceProvider"=C:\Programas\ASUS\AASP\1.00.01\aaCenter.exe [2006-06-30 582144]
"Ai Nap"=C:\Programas\ASUS\Ai Suite\AiNap\AiNap.exe [2006-07-10 1093632]
"Adobe Reader Speed Launcher"=C:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"AVP"=C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe [2007-09-20 222472]
"QuickTime Task"=C:\Programas\QuickTime\qttask.exe [2008-09-06 413696]
"TrojanScanner"=C:\Programas\Trojan Remover\Trjscan.exe [2008-11-19 1234312]
"SunJavaUpdateSched"=C:\Programas\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-02-13 86016]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"VoipStunt"=C:\Programas\VoipStunt.com\VoipStunt\VoipStunt.exe [2007-12-16 8824112]
"H/PC Connection Agent"=C:\Programas\Microsoft ActiveSync\Wcescomm.exe [2006-11-13 1289000]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"ccleaner"=C:\Programas\CCleaner\ccleaner.exe [2006-04-28 569344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HUAWEI E620 Data Card]
[]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Arranque
ASUS WiFi-AP Solo.lnk - C:\Programas\ASUS WiFi-AP Solo\RtWLan.exe
DynDNS Updater Tray Icon.lnk - C:\Programas\DynDNS Updater\DynTray.exe
Microsoft Office.lnk - C:\Programas\Microsoft Office\Office10\OSA.EXE
Server4PC.lnk - C:\Programas\TechniSat DVB\bin\Server4PC.exe
Service Manager.lnk - C:\Programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2007-09-20 218376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Programas\VoipStunt.com\VoipStunt\VoipStunt.exe"="C:\Programas\VoipStunt.com\VoipStunt\VoipStunt.exe:*:Enabled:VoipStunt"
"C:\Programas\DVBViewerTE\SkystarIR.exe"="C:\Programas\DVBViewerTE\SkystarIR.exe:*:Enabled:SkystarIR"
"C:\Programas\ProgDVB\ProgDvbNet.exe"="C:\Programas\ProgDVB\ProgDvbNet.exe:*:Enabled:ProgDvbNet"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"D:\DEKOS\dream\programas\DCC\dcc282\DCC.exe"="D:\DEKOS\dream\programas\DCC\dcc282\DCC.exe:*:Enabled:Dreambox Control Center"
"C:\Programas\AdventNet\ME\OpManager\apache\bin\Apache.exe"="C:\Programas\AdventNet\ME\OpManager\apache\bin\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\Programas\AdventNet\ME\OpManager\jre\bin\java.exe"="C:\Programas\AdventNet\ME\OpManager\jre\bin\java.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\Programas\AdventNet\ME\OpManager\jre\bin\javaw.exe"="C:\Programas\AdventNet\ME\OpManager\jre\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\Programas\Messenger\msmsgs.exe"="C:\Programas\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Programas\Skype\Phone\Skype.exe"="C:\Programas\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\Documents and Settings\admin\Ambiente de trabalho\incredimail_install.exe"="C:\Documents and Settings\admin\Ambiente de trabalho\incredimail_install.exe:*:Enabled:IncrediMail Installer"
"C:\Programas\IncrediMail\bin\ImApp.exe"="C:\Programas\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail"
"C:\Programas\IncrediMail\bin\IncMail.exe"="C:\Programas\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
"C:\Programas\IncrediMail\bin\ImpCnt.exe"="C:\Programas\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\Programas\NetMeeting\conf.exe"="C:\Programas\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®"
"E:\STHIW\stInstall.exe"="E:\STHIW\stInstall.exe:*:Enabled:SpeedTouch Home Install Wizard"
"D:\DEKOS\dream\DREMSET\dreamset.exe"="D:\DEKOS\dream\DREMSET\dreamset.exe:*:Enabled:Settings Editor (Enigma 1&2, Neutrino, Triple Dragon)"
"C:\Documents and Settings\admin\Ambiente de trabalho\Nova pasta\dreamset.exe"="C:\Documents and Settings\admin\Ambiente de trabalho\Nova pasta\dreamset.exe:*:Enabled:Settings Editor (Enigma 1&2, Neutrino, Triple Dragon)"
"D:\DEKOS\dream\DREAMSET\dreamset.exe"="D:\DEKOS\dream\DREAMSET\dreamset.exe:*:Enabled:Settings Editor (Enigma 1&2, Neutrino, Triple Dragon)"
"D:\DEKOS\dream\programas\DREAMSET\dreamset.exe"="D:\DEKOS\dream\programas\DREAMSET\dreamset.exe:*:Enabled:Settings Editor (Enigma 1&2, Neutrino, Triple Dragon)"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Executar uma DLL como uma aplicação"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rtcshare.exe"="C:\WINDOWS\system32\rtcshare.exe:*:Enabled:Partilha de aplicações RTC"
"C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe"="C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe:*:Enabled:Assistência Remota - Windows Messenger e Voz"
"C:\Programas\FlightGear\bin\win32\fgfs.exe"="C:\Programas\FlightGear\bin\win32\fgfs.exe:*:Enabled:fgfs"
"C:\Documents and Settings\admin\Ambiente de trabalho\cccamtool\cccamtool.exe"="C:\Documents and Settings\admin\Ambiente de trabalho\cccamtool\cccamtool.exe:*:Enabled:cccamtool"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programas\Windows Live\Messenger\msnmsgr.exe"="C:\Programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programas\Windows Live\Messenger\livecall.exe"="C:\Programas\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"D:\DEKOS\dream\programas\DreamUP.exe"="D:\DEKOS\dream\programas\DreamUP.exe:*:Enabled:DreamUP"
"D:\DEKOS\dream\programas\neveto\neveto.exe"="D:\DEKOS\dream\programas\neveto\neveto.exe:*:Enabled:neveto"
"C:\Documents and Settings\admin\Definições locais\Temp\ir_ext_temp_0\AutoPlay\Docs\dm500_clone_bomb_checker\dm500_clone_bomb_checker.exe"="C:\Documents and Settings\admin\Definições locais\Temp\ir_ext_temp_0\AutoPlay\Docs\dm500_clone_bomb_checker\dm500_clone_bomb_checker.exe:*:Enabled:dm500_clone_bomb_checker"
"C:\Documents and Settings\admin\Definições locais\Temp\ir_ext_temp_1\AutoPlay\Docs\DCC.exe"="C:\Documents and Settings\admin\Definições locais\Temp\ir_ext_temp_1\AutoPlay\Docs\DCC.exe:*:Enabled:Dreambox Control Center"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Documents and Settings\admin\Ambiente de trabalho\Nova pasta (3)\DCC.exe"="C:\Documents and Settings\admin\Ambiente de trabalho\Nova pasta (3)\DCC.exe:*:Enabled:Dreambox Control Center"
"D:\DEKOS\dream\programas\DCC\DCC 1.93\DCC.exe"="D:\DEKOS\dream\programas\DCC\DCC 1.93\DCC.exe:*:Enabled:Dreambox Control Center"
"C:\Programas\Sapo\SAPO Messenger\sapoim.exe"="C:\Programas\Sapo\SAPO Messenger\sapoim.exe:*:Enabled:Sapo Messenger"
"C:\Programas\NDrive\NDrive Update Agent\NDriveAgent.exe"="C:\Programas\NDrive\NDrive Update Agent\NDriveAgent.exe:*:Enabled:NDrive Update Agent"
"C:\Programas\Microsoft ActiveSync\rapimgr.exe"="C:\Programas\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Programas\Microsoft ActiveSync\wcescomm.exe"="C:\Programas\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Programas\Microsoft ActiveSync\WCESMgr.exe"="C:\Programas\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programas\Windows Live\Messenger\msnmsgr.exe"="C:\Programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programas\Windows Live\Messenger\livecall.exe"="C:\Programas\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Programas\Microsoft ActiveSync\rapimgr.exe"="C:\Programas\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Programas\Microsoft ActiveSync\wcescomm.exe"="C:\Programas\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Programas\Microsoft ActiveSync\WCESMgr.exe"="C:\Programas\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2fe40803-cb28-11dc-909d-0018f33f5330}]
shell\Auto\command - F:\RavMon.exe e
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMon.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b2e7560c-8a03-11dc-918d-0018f33f5330}]
shell\AutoRun\command - F:\setupSNK.exe


======List of files/folders created in the last 1 months======

2008-11-23 12:12:10 ----D---- C:\rsit
2008-11-23 11:03:36 ----D---- C:\WINDOWS\LastGood
2008-11-21 19:25:06 ----D---- C:\Documents and Settings\All Users\Application Data\MSN6
2008-11-21 19:25:05 ----D---- C:\Documents and Settings\admin\Application Data\MSN6
2008-11-21 19:24:45 ----A---- C:\WINDOWS\msnavpklog.txt
2008-11-21 19:24:37 ----A---- C:\WINDOWS\msnsetuplog.txt
2008-11-21 19:01:16 ----D---- C:\Documents and Settings\admin\Application Data\DivX
2008-11-21 18:59:20 ----D---- C:\Documents and Settings\admin\Application Data\Yahoo!
2008-11-21 18:57:53 ----N---- C:\WINDOWS\system32\pxcpyi64.exe
2008-11-21 18:57:52 ----N---- C:\WINDOWS\system32\pxinsi64.exe
2008-11-21 18:57:52 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2008-11-21 18:57:51 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2008-11-21 18:57:50 ----N---- C:\WINDOWS\system32\pxsfs.dll
2008-11-21 18:57:50 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2008-11-21 18:57:50 ----N---- C:\WINDOWS\system32\pxdrv.dll
2008-11-21 18:57:50 ----N---- C:\WINDOWS\system32\pxafs.dll
2008-11-21 18:57:48 ----N---- C:\WINDOWS\system32\vxblock.dll
2008-11-21 18:57:47 ----N---- C:\WINDOWS\system32\pxwave.dll
2008-11-21 18:57:47 ----N---- C:\WINDOWS\system32\pxmas.dll
2008-11-21 18:57:46 ----N---- C:\WINDOWS\system32\px.dll
2008-11-21 18:55:08 ----D---- C:\Programas\DivX
2008-11-21 13:11:49 ----D---- C:\Documents and Settings\admin\Application Data\Uniblue
2008-11-21 12:13:56 ----D---- C:\Programas\Trend Micro
2008-11-20 16:00:32 ----D---- C:\Programas\CCleaner
2008-11-18 11:47:24 ----D---- C:\MyS2GApp
2008-11-13 12:38:15 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-13 12:37:53 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-13 12:37:16 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-13 12:37:00 ----D---- C:\Programas\MSXML 4.0
2008-10-31 10:29:35 ----D---- C:\Programas\Microsoft ActiveSync
2008-10-28 22:36:00 ----A---- C:\WINDOWS\system32\divx_xx0c.dll
2008-10-28 22:36:00 ----A---- C:\WINDOWS\system32\divx_xx07.dll
2008-10-28 22:35:58 ----A---- C:\WINDOWS\system32\divx_xx11.dll
2008-10-28 22:35:58 ----A---- C:\WINDOWS\system32\divx_xx0a.dll
2008-10-28 22:35:56 ----A---- C:\WINDOWS\system32\DivX.dll
2008-10-24 12:00:32 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$

======List of files/folders modified in the last 1 months======

2008-11-23 12:12:16 ----D---- C:\WINDOWS\Prefetch
2008-11-23 12:11:37 ----D---- C:\WINDOWS\Temp
2008-11-23 11:04:31 ----D---- C:\WINDOWS\system32
2008-11-23 11:04:30 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-23 11:03:37 ----D---- C:\WINDOWS\system32\inetsrv
2008-11-23 11:03:36 ----D---- C:\WINDOWS
2008-11-23 11:02:15 ----SD---- C:\WINDOWS\Tasks
2008-11-23 10:59:37 ----A---- C:\WINDOWS\RTacDbg.txt
2008-11-23 10:59:35 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-23 10:59:24 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-11-22 22:30:45 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-21 19:54:43 ----RD---- C:\Programas
2008-11-21 19:24:46 ----HD---- C:\WINDOWS\inf
2008-11-21 18:57:55 ----D---- C:\WINDOWS\system32\drivers
2008-11-21 16:50:11 ----D---- C:\WINDOWS\system32\config
2008-11-21 16:10:47 ----SHD---- C:\WINDOWS\Installer
2008-11-21 16:10:47 ----D---- C:\Config.Msi
2008-11-21 16:10:33 ----D---- C:\WINDOWS\WinSxS
2008-11-21 12:15:32 ----SH---- C:\boot.ini
2008-11-21 12:15:32 ----A---- C:\WINDOWS\win.ini
2008-11-21 12:15:32 ----A---- C:\WINDOWS\system.ini
2008-11-21 12:03:56 ----D---- C:\Programas\Security Task Manager
2008-11-21 11:24:20 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-21 10:28:39 ----D---- C:\WINDOWS\Help
2008-11-20 19:35:28 ----D---- C:\Temp
2008-11-20 19:19:02 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-11-20 16:08:27 ----D---- C:\WINDOWS\Debug
2008-11-20 16:08:23 ----D---- C:\WINDOWS\Minidump
2008-11-20 12:36:01 ----D---- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-11-19 21:15:04 ----D---- C:\Programas\Trojan Remover
2008-11-18 11:33:10 ----D---- C:\Programas\CataLOG_v0.1
2008-11-18 09:49:49 ----D---- C:\Programas\TeamViewer3
2008-11-13 14:40:50 ----SD---- C:\Documents and Settings\admin\Application Data\Microsoft
2008-11-13 12:38:14 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-10 22:50:09 ----D---- C:\WINDOWS\network diagnostic
2008-11-10 17:51:03 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-24 15:42:15 ----D---- C:\WINDOWS\system32\wbem
2008-10-24 15:31:37 ----D---- C:\Programas\Ficheiros comuns\Microsoft Shared

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2005-12-22 5685]
R1 asuskbnt;Enhanced Display Driver Helper Service; C:\WINDOWS\system32\drivers\atkkbnt.sys [2005-10-18 11008]
R1 intelppm;Controlador de processador Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40320]
R1 klif;Klif; \??\C:\WINDOWS\system32\drivers\klif.sys []
R1 lfxnt;lfxnt; \??\C:\WINDOWS\system32\drivers\lfxnt.sys []
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-11-02 21035]
R2 DLPortIO;DriverLINX Port I/O Driver; \??\C:\WINDOWS\system32\DRIVERS\DLPortIO.SYS []
R2 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
R3 ADIDTSFiltService;ADI DTS Filter Service; C:\WINDOWS\system32\drivers\adidts.sys [2006-06-15 142464]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-05-02 229376]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-04-26 93824]
R3 Arp1394;Protocolo de cliente ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 HDAudBus;Controlador de Barramento UAA da Microsoft para High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Controlador de classe HID da Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 INFUSB;INFUSB; C:\WINDOWS\system32\drivers\infusb.sys [2003-07-07 11520]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 24344]
R3 LFXACT;Companion Suite Pro LL F@X activities; C:\WINDOWS\System32\Drivers\LFXACT.sys [2006-05-04 20488]
R3 mouhid;Controlador HID de rato; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-11-20 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-02-13 3642784]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-09-21 5888]
R3 Ser2pl;ATEN USB to Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2003-07-16 43264]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 - controlador Miniport de anfitrião melhorado; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrador activado por USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Classe de impressoras USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbuhci;Controlador miniport do controlador Microsoft USB universal; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 XMLDIUSB;XML USB Device Interface; C:\WINDOWS\System32\Drivers\XMLDIUSB.sys [2006-05-04 31879]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2006-05-23 245248]
S3 Bridge;MAC Bridge; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BthEnum;Serviço enumerador Bluetooth; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 cglptnt;cglptnt; \??\C:\totalcmd\cglptnt.sys []
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2007-04-20 100992]
S3 NPF;Netgroup Packet Filter; C:\WINDOWS\system32\drivers\npf.sys [2007-06-29 42512]
S3 RFCOMM;Dispositivo Bluetooth (TDI protocolo RFCOMM); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter; C:\WINDOWS\system32\DRIVERS\RTL8187.sys [2006-06-16 176128]
S3 SKYNET;TechniSat DVB-PC TV Star PCI; C:\WINDOWS\system32\DRIVERS\SkyNET.SYS [2007-10-01 419344]
S3 usbscan;Controlador de scanner USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Controlador de armazenamento de massa USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys []
S3 ZTEusbnmea;ZTE NMEA Port; C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys []
S3 ZTEusbser6k;ZTE Diagnostic Port; C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ATKKeyboardService;ATK Keyboard Service; C:\WINDOWS\ATKKBService.exe [2005-10-18 241152]
R2 AVP;Kaspersky Internet Security 7.0; C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe [2007-09-20 222472]
R2 DynDNS Updater;DynDNS Updater; C:\Programas\DynDNS Updater\DynUpSvc.exe [2008-06-23 65536]
R2 MSSQL$PRIEXPRESS;MSSQL$PRIEXPRESS; C:\Programas\Microsoft SQL Server\MSSQL$PRIEXPRESS\Binn\sqlservr.exe [2008-05-25 9154560]
R2 MSSQL$PRIMAVERA;MSSQL$PRIMAVERA; C:\Programas\Microsoft SQL Server\MSSQL$PRIMAVERA\Binn\sqlservr.exe [2002-12-17 7520337]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-02-13 143426]
R2 TeamViewer;TeamViewer 3; C:\Programas\TeamViewer3\TeamViewer_Host.exe [2008-05-15 181544]
R2 WinDefend;Windows Defender; C:\Programas\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Programas\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2005-05-03 73728]
S3 ose;Office Source Engine; C:\Programas\Ficheiros comuns\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SQLAgent$PRIEXPRESS;SQLAgent$PRIEXPRESS; C:\Programas\Microsoft SQL Server\MSSQL$PRIEXPRESS\Binn\sqlagent.EXE [2005-05-03 323584]
S3 SQLAgent$PRIMAVERA;SQLAgent$PRIMAVERA; C:\Programas\Microsoft SQL Server\MSSQL$PRIMAVERA\Binn\sqlagent.EXE [2002-12-17 311872]
S3 usnjsvc;Pastas Partilhadas do Messenger - USN Journal Reader Service; C:\Programas\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Programas\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Serviço de Compartilhamento de Rede do Windows Media Player; C:\Programas\Windows Media Player\WMPNetwk.exe [2006-11-02 914944]

-----------------EOF-----------------


INFO


Logfile of random's system information tool 1.04 (written by random/random)
Run by admin at 2008-11-23 12:15:49
Microsoft Windows XP Professional Service Pack 3
System drive C: has 217 GB (91%) free of 238 GB
Total RAM: 2047 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:15:50, on 23-11-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20900)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programas\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Programas\DynDNS Updater\DynUpSvc.exe
C:\Programas\Microsoft SQL Server\MSSQL$PRIEXPRESS\Binn\sqlservr.exe
C:\Programas\Microsoft SQL Server\MSSQL$PRIMAVERA\Binn\sqlservr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programas\TeamViewer3\TeamViewer_Host.exe
C:\Programas\TeamViewer3\TeamViewer.exe
C:\Programas\Companion Suite Pro LL\MFPrintServer.exe
C:\Programas\Windows Defender\MSASCui.exe
C:\Programas\Analog Devices\Core\smax4pnp.exe
C:\Programas\Analog Devices\SoundMAX\Smax4.exe
C:\Programas\DVBViewerTE\SkystarIR.exe
C:\Programas\ScanSoft\PaperPort\pptd40nt.exe
C:\Programas\Companion Suite Pro LL\MFServices.exe
C:\Programas\ASUS\AASP\1.00.01\aaCenter.exe
C:\Programas\ASUS\Ai Suite\AiNap\AiNap.exe
C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Programas\Java\jre1.6.0_05\bin\jusched.exe
C:\Programas\VoipStunt.com\VoipStunt\VoipStunt.exe
C:\Programas\Microsoft ActiveSync\Wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\ASUS WiFi-AP Solo\RtWLan.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Programas\DynDNS Updater\DynTray.exe
C:\Programas\TechniSat DVB\bin\Server4PC.exe
C:\Programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programas\Outlook Express\msimn.exe
C:\Programas\Messenger\msmsgs.exe
C:\Documents and Settings\admin\Ambiente de trabalho\RSIT.exe
C:\Programas\Trend Micro\HijackThis\admin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://pt.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [MFPrintServer_Pro_LL] "C:\Programas\Companion Suite Pro LL\MFPrintServer.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Programas\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [IndexSearch] C:\Programas\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programas\Ficheiros comuns\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programas\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programas\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SkystarIR] C:\Programas\DVBViewerTE\SkystarIR.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Programas\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [MFServices_Pro_LL] "C:\Programas\Companion Suite Pro LL\MFServices.exe" -n
O4 - HKLM\..\Run: [AsusServiceProvider] C:\Programas\ASUS\AASP\1.00.01\aaCenter.exe
O4 - HKLM\..\Run: [Ai Nap] "C:\Programas\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TrojanScanner] C:\Programas\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [VoipStunt] "C:\Programas\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programas\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Programas\CCleaner\ccleaner.exe" /AUTO
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Serviço de rede')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHEI~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHEI~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ?
O4 - Global Startup: DynDNS Updater Tray Icon.lnk = C:\Programas\DynDNS Updater\DynTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Server4PC.lnk = C:\Programas\TechniSat DVB\bin\Server4PC.exe
O4 - Global Startup: Service Manager.lnk = C:\Programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Programas\IncrediMail\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Add to Anti-Banner - C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Criar Favorito Móvel... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se5036.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.opentopia.com/support/active ... ontrol.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.codificado.tv/onc/nsvplayx_vp3_mp3.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHEI~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: DynDNS Updater - Dynamic Network Services, Inc. - C:\Programas\DynDNS Updater\DynUpSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Programas\TeamViewer3\TeamViewer_Host.exe

--
End of file - 10815 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\notepad.job
C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
C:\WINDOWS\tasks\Uniblue SpeedUpMyPC.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aplicación auxiliar de vínculos de Adobe PDF Reader - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2007-09-13 1312040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-09-09 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programa Auxiliar de Início de Sessão do Windows Live - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MFPrintServer_Pro_LL"=C:\Programas\Companion Suite Pro LL\MFPrintServer.exe [2006-05-04 65536]
"Windows Defender"=C:\Programas\Windows Defender\MSASCui.exe [2006-11-03 866584]
"IndexSearch"=C:\Programas\ScanSoft\PaperPort\IndexSearch.exe [2005-02-07 40960]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-02-13 7557120]
"SSBkgdUpdate"=C:\Programas\Ficheiros comuns\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-10-14 155648]
"SoundMAXPnP"=C:\Programas\Analog Devices\Core\smax4pnp.exe [2006-05-18 843776]
"SoundMAX"=C:\Programas\Analog Devices\SoundMAX\Smax4.exe [2006-05-18 729088]
"SkystarIR"=C:\Programas\DVBViewerTE\SkystarIR.exe [2007-08-23 187392]
"PaperPort PTD"=C:\Programas\ScanSoft\PaperPort\pptd40nt.exe [2005-02-07 57393]
"MFServices_Pro_LL"=C:\Programas\Companion Suite Pro LL\MFServices.exe [2006-05-04 335872]
"AsusServiceProvider"=C:\Programas\ASUS\AASP\1.00.01\aaCenter.exe [2006-06-30 582144]
"Ai Nap"=C:\Programas\ASUS\Ai Suite\AiNap\AiNap.exe [2006-07-10 1093632]
"Adobe Reader Speed Launcher"=C:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"AVP"=C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe [2007-09-20 222472]
"QuickTime Task"=C:\Programas\QuickTime\qttask.exe [2008-09-06 413696]
"TrojanScanner"=C:\Programas\Trojan Remover\Trjscan.exe [2008-11-19 1234312]
"SunJavaUpdateSched"=C:\Programas\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-02-13 86016]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"VoipStunt"=C:\Programas\VoipStunt.com\VoipStunt\VoipStunt.exe [2007-12-16 8824112]
"H/PC Connection Agent"=C:\Programas\Microsoft ActiveSync\Wcescomm.exe [2006-11-13 1289000]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"ccleaner"=C:\Programas\CCleaner\ccleaner.exe [2006-04-28 569344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HUAWEI E620 Data Card]
[]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Arranque
ASUS WiFi-AP Solo.lnk - C:\Programas\ASUS WiFi-AP Solo\RtWLan.exe
DynDNS Updater Tray Icon.lnk - C:\Programas\DynDNS Updater\DynTray.exe
Microsoft Office.lnk - C:\Programas\Microsoft Office\Office10\OSA.EXE
Server4PC.lnk - C:\Programas\TechniSat DVB\bin\Server4PC.exe
Service Manager.lnk - C:\Programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2007-09-20 218376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Programas\VoipStunt.com\VoipStunt\VoipStunt.exe"="C:\Programas\VoipStunt.com\VoipStunt\VoipStunt.exe:*:Enabled:VoipStunt"
"C:\Programas\DVBViewerTE\SkystarIR.exe"="C:\Programas\DVBViewerTE\SkystarIR.exe:*:Enabled:SkystarIR"
"C:\Programas\ProgDVB\ProgDvbNet.exe"="C:\Programas\ProgDVB\ProgDvbNet.exe:*:Enabled:ProgDvbNet"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"D:\DEKOS\dream\programas\DCC\dcc282\DCC.exe"="D:\DEKOS\dream\programas\DCC\dcc282\DCC.exe:*:Enabled:Dreambox Control Center"
"C:\Programas\AdventNet\ME\OpManager\apache\bin\Apache.exe"="C:\Programas\AdventNet\ME\OpManager\apache\bin\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\Programas\AdventNet\ME\OpManager\jre\bin\java.exe"="C:\Programas\AdventNet\ME\OpManager\jre\bin\java.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\Programas\AdventNet\ME\OpManager\jre\bin\javaw.exe"="C:\Programas\AdventNet\ME\OpManager\jre\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\Programas\Messenger\msmsgs.exe"="C:\Programas\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Programas\Skype\Phone\Skype.exe"="C:\Programas\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\Documents and Settings\admin\Ambiente de trabalho\incredimail_install.exe"="C:\Documents and Settings\admin\Ambiente de trabalho\incredimail_install.exe:*:Enabled:IncrediMail Installer"
"C:\Programas\IncrediMail\bin\ImApp.exe"="C:\Programas\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail"
"C:\Programas\IncrediMail\bin\IncMail.exe"="C:\Programas\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
"C:\Programas\IncrediMail\bin\ImpCnt.exe"="C:\Programas\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\Programas\NetMeeting\conf.exe"="C:\Programas\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®"
"E:\STHIW\stInstall.exe"="E:\STHIW\stInstall.exe:*:Enabled:SpeedTouch Home Install Wizard"
"D:\DEKOS\dream\DREMSET\dreamset.exe"="D:\DEKOS\dream\DREMSET\dreamset.exe:*:Enabled:Settings Editor (Enigma 1&2, Neutrino, Triple Dragon)"
"C:\Documents and Settings\admin\Ambiente de trabalho\Nova pasta\dreamset.exe"="C:\Documents and Settings\admin\Ambiente de trabalho\Nova pasta\dreamset.exe:*:Enabled:Settings Editor (Enigma 1&2, Neutrino, Triple Dragon)"
"D:\DEKOS\dream\DREAMSET\dreamset.exe"="D:\DEKOS\dream\DREAMSET\dreamset.exe:*:Enabled:Settings Editor (Enigma 1&2, Neutrino, Triple Dragon)"
"D:\DEKOS\dream\programas\DREAMSET\dreamset.exe"="D:\DEKOS\dream\programas\DREAMSET\dreamset.exe:*:Enabled:Settings Editor (Enigma 1&2, Neutrino, Triple Dragon)"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Executar uma DLL como uma aplicação"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rtcshare.exe"="C:\WINDOWS\system32\rtcshare.exe:*:Enabled:Partilha de aplicações RTC"
"C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe"="C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe:*:Enabled:Assistência Remota - Windows Messenger e Voz"
"C:\Programas\FlightGear\bin\win32\fgfs.exe"="C:\Programas\FlightGear\bin\win32\fgfs.exe:*:Enabled:fgfs"
"C:\Documents and Settings\admin\Ambiente de trabalho\cccamtool\cccamtool.exe"="C:\Documents and Settings\admin\Ambiente de trabalho\cccamtool\cccamtool.exe:*:Enabled:cccamtool"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programas\Windows Live\Messenger\msnmsgr.exe"="C:\Programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programas\Windows Live\Messenger\livecall.exe"="C:\Programas\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"D:\DEKOS\dream\programas\DreamUP.exe"="D:\DEKOS\dream\programas\DreamUP.exe:*:Enabled:DreamUP"
"D:\DEKOS\dream\programas\neveto\neveto.exe"="D:\DEKOS\dream\programas\neveto\neveto.exe:*:Enabled:neveto"
"C:\Documents and Settings\admin\Definições locais\Temp\ir_ext_temp_0\AutoPlay\Docs\dm500_clone_bomb_checker\dm500_clone_bomb_checker.exe"="C:\Documents and Settings\admin\Definições locais\Temp\ir_ext_temp_0\AutoPlay\Docs\dm500_clone_bomb_checker\dm500_clone_bomb_checker.exe:*:Enabled:dm500_clone_bomb_checker"
"C:\Documents and Settings\admin\Definições locais\Temp\ir_ext_temp_1\AutoPlay\Docs\DCC.exe"="C:\Documents and Settings\admin\Definições locais\Temp\ir_ext_temp_1\AutoPlay\Docs\DCC.exe:*:Enabled:Dreambox Control Center"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Documents and Settings\admin\Ambiente de trabalho\Nova pasta (3)\DCC.exe"="C:\Documents and Settings\admin\Ambiente de trabalho\Nova pasta (3)\DCC.exe:*:Enabled:Dreambox Control Center"
"D:\DEKOS\dream\programas\DCC\DCC 1.93\DCC.exe"="D:\DEKOS\dream\programas\DCC\DCC 1.93\DCC.exe:*:Enabled:Dreambox Control Center"
"C:\Programas\Sapo\SAPO Messenger\sapoim.exe"="C:\Programas\Sapo\SAPO Messenger\sapoim.exe:*:Enabled:Sapo Messenger"
"C:\Programas\NDrive\NDrive Update Agent\NDriveAgent.exe"="C:\Programas\NDrive\NDrive Update Agent\NDriveAgent.exe:*:Enabled:NDrive Update Agent"
"C:\Programas\Microsoft ActiveSync\rapimgr.exe"="C:\Programas\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Programas\Microsoft ActiveSync\wcescomm.exe"="C:\Programas\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Programas\Microsoft ActiveSync\WCESMgr.exe"="C:\Programas\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programas\Windows Live\Messenger\msnmsgr.exe"="C:\Programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programas\Windows Live\Messenger\livecall.exe"="C:\Programas\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Programas\Microsoft ActiveSync\rapimgr.exe"="C:\Programas\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Programas\Microsoft ActiveSync\wcescomm.exe"="C:\Programas\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Programas\Microsoft ActiveSync\WCESMgr.exe"="C:\Programas\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2fe40803-cb28-11dc-909d-0018f33f5330}]
shell\Auto\command - F:\RavMon.exe e
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMon.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b2e7560c-8a03-11dc-918d-0018f33f5330}]
shell\AutoRun\command - F:\setupSNK.exe


======List of files/folders created in the last 1 months======

2008-11-23 12:12:10 ----D---- C:\rsit
2008-11-23 11:03:36 ----D---- C:\WINDOWS\LastGood
2008-11-21 19:25:06 ----D---- C:\Documents and Settings\All Users\Application Data\MSN6
2008-11-21 19:25:05 ----D---- C:\Documents and Settings\admin\Application Data\MSN6
2008-11-21 19:24:45 ----A---- C:\WINDOWS\msnavpklog.txt
2008-11-21 19:24:37 ----A---- C:\WINDOWS\msnsetuplog.txt
2008-11-21 19:01:16 ----D---- C:\Documents and Settings\admin\Application Data\DivX
2008-11-21 18:59:20 ----D---- C:\Documents and Settings\admin\Application Data\Yahoo!
2008-11-21 18:57:53 ----N---- C:\WINDOWS\system32\pxcpyi64.exe
2008-11-21 18:57:52 ----N---- C:\WINDOWS\system32\pxinsi64.exe
2008-11-21 18:57:52 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2008-11-21 18:57:51 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2008-11-21 18:57:50 ----N---- C:\WINDOWS\system32\pxsfs.dll
2008-11-21 18:57:50 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2008-11-21 18:57:50 ----N---- C:\WINDOWS\system32\pxdrv.dll
2008-11-21 18:57:50 ----N---- C:\WINDOWS\system32\pxafs.dll
2008-11-21 18:57:48 ----N---- C:\WINDOWS\system32\vxblock.dll
2008-11-21 18:57:47 ----N---- C:\WINDOWS\system32\pxwave.dll
2008-11-21 18:57:47 ----N---- C:\WINDOWS\system32\pxmas.dll
2008-11-21 18:57:46 ----N---- C:\WINDOWS\system32\px.dll
2008-11-21 18:55:08 ----D---- C:\Programas\DivX
2008-11-21 13:11:49 ----D---- C:\Documents and Settings\admin\Application Data\Uniblue
2008-11-21 12:13:56 ----D---- C:\Programas\Trend Micro
2008-11-20 16:00:32 ----D---- C:\Programas\CCleaner
2008-11-18 11:47:24 ----D---- C:\MyS2GApp
2008-11-13 12:38:15 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-13 12:37:53 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-13 12:37:16 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-13 12:37:00 ----D---- C:\Programas\MSXML 4.0
2008-10-31 10:29:35 ----D---- C:\Programas\Microsoft ActiveSync
2008-10-28 22:36:00 ----A---- C:\WINDOWS\system32\divx_xx0c.dll
2008-10-28 22:36:00 ----A---- C:\WINDOWS\system32\divx_xx07.dll
2008-10-28 22:35:58 ----A---- C:\WINDOWS\system32\divx_xx11.dll
2008-10-28 22:35:58 ----A---- C:\WINDOWS\system32\divx_xx0a.dll
2008-10-28 22:35:56 ----A---- C:\WINDOWS\system32\DivX.dll
2008-10-24 12:00:32 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$

======List of files/folders modified in the last 1 months======

2008-11-23 12:12:16 ----D---- C:\WINDOWS\Prefetch
2008-11-23 12:11:37 ----D---- C:\WINDOWS\Temp
2008-11-23 11:04:31 ----D---- C:\WINDOWS\system32
2008-11-23 11:04:30 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-23 11:03:37 ----D---- C:\WINDOWS\system32\inetsrv
2008-11-23 11:03:36 ----D---- C:\WINDOWS
2008-11-23 11:02:15 ----SD---- C:\WINDOWS\Tasks
2008-11-23 10:59:37 ----A---- C:\WINDOWS\RTacDbg.txt
2008-11-23 10:59:35 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-23 10:59:24 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-11-22 22:30:45 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-21 19:54:43 ----RD---- C:\Programas
2008-11-21 19:24:46 ----HD---- C:\WINDOWS\inf
2008-11-21 18:57:55 ----D---- C:\WINDOWS\system32\drivers
2008-11-21 16:50:11 ----D---- C:\WINDOWS\system32\config
2008-11-21 16:10:47 ----SHD---- C:\WINDOWS\Installer
2008-11-21 16:10:47 ----D---- C:\Config.Msi
2008-11-21 16:10:33 ----D---- C:\WINDOWS\WinSxS
2008-11-21 12:15:32 ----SH---- C:\boot.ini
2008-11-21 12:15:32 ----A---- C:\WINDOWS\win.ini
2008-11-21 12:15:32 ----A---- C:\WINDOWS\system.ini
2008-11-21 12:03:56 ----D---- C:\Programas\Security Task Manager
2008-11-21 11:24:20 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-21 10:28:39 ----D---- C:\WINDOWS\Help
2008-11-20 19:35:28 ----D---- C:\Temp
2008-11-20 19:19:02 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-11-20 16:08:27 ----D---- C:\WINDOWS\Debug
2008-11-20 16:08:23 ----D---- C:\WINDOWS\Minidump
2008-11-20 12:36:01 ----D---- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-11-19 21:15:04 ----D---- C:\Programas\Trojan Remover
2008-11-18 11:33:10 ----D---- C:\Programas\CataLOG_v0.1
2008-11-18 09:49:49 ----D---- C:\Programas\TeamViewer3
2008-11-13 14:40:50 ----SD---- C:\Documents and Settings\admin\Application Data\Microsoft
2008-11-13 12:38:14 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-10 22:50:09 ----D---- C:\WINDOWS\network diagnostic
2008-11-10 17:51:03 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-24 15:42:15 ----D---- C:\WINDOWS\system32\wbem
2008-10-24 15:31:37 ----D---- C:\Programas\Ficheiros comuns\Microsoft Shared

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2005-12-22 5685]
R1 asuskbnt;Enhanced Display Driver Helper Service; C:\WINDOWS\system32\drivers\atkkbnt.sys [2005-10-18 11008]
R1 intelppm;Controlador de processador Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40320]
R1 klif;Klif; \??\C:\WINDOWS\system32\drivers\klif.sys []
R1 lfxnt;lfxnt; \??\C:\WINDOWS\system32\drivers\lfxnt.sys []
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-11-02 21035]
R2 DLPortIO;DriverLINX Port I/O Driver; \??\C:\WINDOWS\system32\DRIVERS\DLPortIO.SYS []
R2 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
R3 ADIDTSFiltService;ADI DTS Filter Service; C:\WINDOWS\system32\drivers\adidts.sys [2006-06-15 142464]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-05-02 229376]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-04-26 93824]
R3 Arp1394;Protocolo de cliente ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 HDAudBus;Controlador de Barramento UAA da Microsoft para High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Controlador de classe HID da Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 INFUSB;INFUSB; C:\WINDOWS\system32\drivers\infusb.sys [2003-07-07 11520]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 24344]
R3 LFXACT;Companion Suite Pro LL F@X activities; C:\WINDOWS\System32\Drivers\LFXACT.sys [2006-05-04 20488]
R3 mouhid;Controlador HID de rato; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-11-20 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-02-13 3642784]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-09-21 5888]
R3 Ser2pl;ATEN USB to Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2003-07-16 43264]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 - controlador Miniport de anfitrião melhorado; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrador activado por USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Classe de impressoras USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbuhci;Controlador miniport do controlador Microsoft USB universal; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 XMLDIUSB;XML USB Device Interface; C:\WINDOWS\System32\Drivers\XMLDIUSB.sys [2006-05-04 31879]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2006-05-23 245248]
S3 Bridge;MAC Bridge; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BthEnum;Serviço enumerador Bluetooth; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 cglptnt;cglptnt; \??\C:\totalcmd\cglptnt.sys []
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2007-04-20 100992]
S3 NPF;Netgroup Packet Filter; C:\WINDOWS\system32\drivers\npf.sys [2007-06-29 42512]
S3 RFCOMM;Dispositivo Bluetooth (TDI protocolo RFCOMM); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter; C:\WINDOWS\system32\DRIVERS\RTL8187.sys [2006-06-16 176128]
S3 SKYNET;TechniSat DVB-PC TV Star PCI; C:\WINDOWS\system32\DRIVERS\SkyNET.SYS [2007-10-01 419344]
S3 usbscan;Controlador de scanner USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Controlador de armazenamento de massa USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys []
S3 ZTEusbnmea;ZTE NMEA Port; C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys []
S3 ZTEusbser6k;ZTE Diagnostic Port; C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ATKKeyboardService;ATK Keyboard Service; C:\WINDOWS\ATKKBService.exe [2005-10-18 241152]
R2 AVP;Kaspersky Internet Security 7.0; C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe [2007-09-20 222472]
R2 DynDNS Updater;DynDNS Updater; C:\Programas\DynDNS Updater\DynUpSvc.exe [2008-06-23 65536]
R2 MSSQL$PRIEXPRESS;MSSQL$PRIEXPRESS; C:\Programas\Microsoft SQL Server\MSSQL$PRIEXPRESS\Binn\sqlservr.exe [2008-05-25 9154560]
R2 MSSQL$PRIMAVERA;MSSQL$PRIMAVERA; C:\Programas\Microsoft SQL Server\MSSQL$PRIMAVERA\Binn\sqlservr.exe [2002-12-17 7520337]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-02-13 143426]
R2 TeamViewer;TeamViewer 3; C:\Programas\TeamViewer3\TeamViewer_Host.exe [2008-05-15 181544]
R2 WinDefend;Windows Defender; C:\Programas\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Programas\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2005-05-03 73728]
S3 ose;Office Source Engine; C:\Programas\Ficheiros comuns\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SQLAgent$PRIEXPRESS;SQLAgent$PRIEXPRESS; C:\Programas\Microsoft SQL Server\MSSQL$PRIEXPRESS\Binn\sqlagent.EXE [2005-05-03 323584]
S3 SQLAgent$PRIMAVERA;SQLAgent$PRIMAVERA; C:\Programas\Microsoft SQL Server\MSSQL$PRIMAVERA\Binn\sqlagent.EXE [2002-12-17 311872]
S3 usnjsvc;Pastas Partilhadas do Messenger - USN Journal Reader Service; C:\Programas\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Programas\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Serviço de Compartilhamento de Rede do Windows Media Player; C:\Programas\Windows Media Player\WMPNetwk.exe [2006-11-02 914944]

-----------------EOF-----------------


REGARDS
lica
Active Member
 
Posts: 4
Joined: November 21st, 2008, 8:35 am

Re: is there any evidence?

Unread postby Shaba » November 23rd, 2008, 8:29 am

You posted now log.txt twice.

Please post info.txt from c:\rsit folder :)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: is there any evidence?

Unread postby lica » November 23rd, 2008, 5:28 pm

hi

I appologise for the mistake


here it is

info.txt logfile of random's system information tool 1.04 2008-11-23 22:03:22

======Uninstall list======

-->C:\Programas\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Programas\Ficheiros comuns\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Actualização de Segurança para o Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Actualização de Segurança para o Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Actualização de segurança para Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Actualização de segurança para Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Actualização de segurança para Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Actualização de segurança para Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Actualização de segurança para Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Actualização de segurança para Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Actualização de segurança para Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Actualização de segurança para Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Actualização de segurança para Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Actualização de Segurança para Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Actualização para Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Actualização para Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Administrador PRIMAVERA v4.0-->C:\WINDOWS\IsUn0816.exe -f"C:\Programas\PRIMAVERA Software\SGP\COMuninst.isu"
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 - Español-->MsiExec.exe /I{AC76BA86-7AD7-1034-7B44-A81200000003}
Ai Suite-->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{310BC5E2-31AF-49BB-904D-E71EB93645DC}\setup.exe" -l0x9
Assistente de Início de Sessão do Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
ASUS Enhanced Display Driver-->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}\setup.exe" -l0x9 -removeonly
ASUS nVIDIA Driver-->C:\PROGRA~1\FICHEI~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{3C3B2C97-0DAB-482F-9C95-6610827210E3} /l1033
ASUS WiFi-AP Solo-->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{8B3F4499-32E6-470D-8586-E6C03420F889}\Setup.exe" -l0x9 REMOVE
CCcamInfoPHP v0.9-->"C:\Programas\CCcamInfoPHP v0.9\uninstall.exe"
CCleaner (remove only)-->"C:\Programas\CCleaner\uninst.exe"
Companion Suite Pro LL-->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{BB919664-CCE8-4217-BEF5-29B82005A4D9}\Setup.exe" -l0x816 -removeonly
Correcção para o Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
CrystalXI.RDC-->MsiExec.exe /I{6238B0CE-78BC-484C-A145-AB83B7B1447A}
DivX Codec-->C:\Programas\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Programas\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Programas\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Programas\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVBViewer Technisat Edition-->"C:\Programas\DVBViewerTE\unins000.exe"
DynDNS Updater-->C:\Programas\DynDNS Updater\Uninstall.exe {1ADAB843-1280-47F9-A4E6-3C5DBCDC4345}
Gestão Comercial PRIMAVERA v4.2-->C:\WINDOWS\IsUn0816.exe -f"C:\Programas\PRIMAVERA Software\SGP\GCPuninst.isu"
getPlus(R)_ocx-->rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
High Definition Audio Driver Package - KB888111-->C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Programas\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix 2050 for SQL Server 2000 ENU (KB948110)-->"C:\WINDOWS\$SQLUninstallSQL2000-KB948110-v8.00.2050-x86-ENU$\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix para Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix para Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Kaspersky Internet Security 7.0-->MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}
Kaspersky Internet Security 7.0-->MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}
Marvell Miniport Driver-->MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1 SP1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft ActiveSync-->MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110816-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft SQL Server Desktop Engine (PRIEXPRESS)-->MsiExec.exe /X{689404D2-1C94-44B3-9203-BEC5594FDA7A}
Microsoft SQL Server Desktop Engine (PRIMAVERA)-->MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft WSE 2.0 SP3 Runtime-->MsiExec.exe /X{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
neveto 1.4b-->D:\DEKOS\dream\programas\neveto\unins000.exe
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
PaperPort-->MsiExec.exe /I{DF4C31CF-0EED-4680-873F-F6AD64E21B46}
PRIMAVERA EXPRESS v6.40-->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{A8006C19-0E0D-42A4-89E2-92205CFFC979}\setup.exe" -l0x816 -removeonly
PRIMAVERA PROFESSIONAL - Declarações Fiscais e Oficiais v7.07-->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{6D9B3285-598B-4F4F-8966-92734D6467C8}\setup.exe" -l0x816 -removeonly
PRIMAVERA PROFESSIONAL - Logística e Tesouraria v7.05-->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{A593A4BA-B22D-4C14-9E22-94CE5D8BFBDD}\setup.exe" -l0x816 -removeonly
PRIMAVERA PROFESSIONAL - Plataforma e Administrador v7.06-->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{D19A954F-F213-45DC-90AB-40CD0C5E8E58}\setup.exe" -l0x816 -removeonly
ProgDVB-->C:\Programas\ProgDVB\uninstall.exe
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RealPlayer-->C:\Programas\Ficheiros comuns\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Security Task Manager 1.6f-->C:\Programas\Security Task Manager\Uninstal.exe "C:\Documents and Settings\All Users\Menu Iniciar\Programas\Security Task Manager"
Skype™ 3.5-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SoundMAX-->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x416 -removeonly
TeamViewer 3-->C:\Programas\TeamViewer3\uninstall.exe
TechniSat DVB-PC TV Star-->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{D032A7F0-8B5C-4603-8B46-235025D5F9C1}\setup.exe" -l0x9 anything -removeonly
Trojan Remover 6.7.4-->"C:\Programas\Trojan Remover\unins000.exe"
Unlocker 1.8.3-->C:\Programas\Unlocker\uninst.exe
VBA 6.3 SDK by Primavera-->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{D85681A0-5301-4D79-B213-1B4B68D65B75}\setup.exe" -l0x816
VoipStunt-->"C:\Programas\VoipStunt.com\VoipStunt\unins000.exe"
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Live installer-->MsiExec.exe /X{0C69F74B-DA6A-4C56-8017-988B7D63993A}
Windows Live Messenger-->MsiExec.exe /X{B98023FD-EC2A-404B-BFC3-49E7ECE4490E}
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Programas\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format 11 runtime-->"C:\Programas\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Programas\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Programas\WinRAR\uninstall.exe

======Security center information======

AV: Kaspersky Internet Security
FW: Kaspersky Internet Security (disabled)

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programas\Microsoft SQL Server\80\Tools\Binn\;C:\Programas\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"CLASSPATH"=.;C:\Programas\Java\jre1.6.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Programas\Java\jre1.6.0_05\lib\ext\QTJava.zip

-----------------EOF-----------------
lica
Active Member
 
Posts: 4
Joined: November 21st, 2008, 8:35 am

Re: is there any evidence?

Unread postby Shaba » November 24th, 2008, 3:24 am

Can you describe in which way computer is running slow?
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: is there any evidence?

Unread postby lica » November 24th, 2008, 10:49 am

hi



thnks for y help


I feel that some web pages take long time to open mainly ths one:

http://www.jornaldenegocios.pt/index.ph ... N_HOMEPAGE

regards ans once again thanks for your help
lica
Active Member
 
Posts: 4
Joined: November 21st, 2008, 8:35 am

Re: is there any evidence?

Unread postby Shaba » November 24th, 2008, 11:00 am

Are you sure that problem isn't in site's end?

Any other sites that work slow?
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: is there any evidence?

Unread postby Shaba » November 29th, 2008, 5:45 am

Due to lack of Response this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 50 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware