Jump to content

jopereira

Honorary Members
  • Posts

    35
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I have gmail accounts, log in to some browser games and log in into school dropbox.. i dont put there bancary info or money regarding stuff so the max thing that the hacker might get is some spam emails lol thanks alot of your time, It's always good to find people like you and btw, I'm finishing 12º about computing, I didn't learn mutch about security, I'm a software programmer anyways, this forum made to want learn this stuff, do you know any website or turtorial where I can learn something about this?
  2. her. system didn't reboot, i still ahve itnernet conenction ComboFix.txt
  3. <p> </p> <div>C:\Qoobox\Quarantine\C\Windows\Installer\{051459fb-50a4-d889-e47e-57281b7548f6}\U\00000004.@.vir<span class="Apple-tab-span" style="white-space:pre"> </span>Win64/Conedex.C trojan</div> <div>C:\Users\Mr Fox\Downloads\Brothersoft_downloader_For_Crashday.exe<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/BSDownloader application</div> <div>C:\Users\Mr Fox\Downloads\DAEMONToolsPro510-0333.exe<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/OpenCandy application</div> <div>C:\Users\Mr Fox\Downloads\SoftonicDownloader_para_bumptop.exe<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/SoftonicDownloader.E application</div> <div>C:\Users\Mr Fox\Downloads\SoftonicDownloader_para_phonelocator-trail.exe<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/SoftonicDownloader.E application</div> <div>D:\Kingston\Cópia de backup_pen\Daemon.Tools.Pro.v4.10.218.0.Advanced.Incl.Patch.rar<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/HackTool.Patcher.A application</div> <div>D:\Kingston\Cópia de backup_pen\1 ano\Exercicio do Livro - Linguagem C\prog102.exe<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/KillFiles.NEQ trojan</div> <div>D:\Kingston\Cópia de backup_pen\1 ano\Exercicio do Livro - Linguagem C\prog103.exe<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/KillFiles.NEQ trojan</div> <div>D:\Kingston\Cópia de backup_pen\1 ano\Exercicio do Livro - Linguagem C\prog118.exe<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/KillFiles.NEQ trojan</div> <div>D:\P R O G R A M A S\Nero.Ultra.Edition.v8.0.3.0.MULTILANGUAGE.rar<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/Toolbar.AskSBar application</div> <div>D:\P R O G R A M A S\Nitro_PDF_Professional_6.2.1.10_x64.rar<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/Keygen.BK application</div> <div>D:\P R O G R A M A S\Nero.Ultra.Edition.v8.0.3.0.MULTILANGUAGE\Setup\Toolbar.exe<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/Toolbar.AskSBar application</div> <div>D:\P R O G R A M A S\Nero.Ultra.Edition.v8.0.3.0.MULTILANGUAGE\Setup\Nero PhotoShow Express\nero_photoshow_express_5_setup.exe<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/Toolbar.AskSBar application</div> <div>D:\Valve\Fighter FX 7.2\FighterFX.dll<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/GameHack.Q application</div> <div>D:\Valve\Fighter FX 7.2\FighterFX.exe<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/DllInject.N application</div>
  4. Malwarebytes Anti-Malware (Período de Avaliação) 1.65.1.1000 www.malwarebytes.org Versão da base de dados: v2012.12.19.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Mr Fox :: MRFOX-PC [administrador] Protecção: Activada 21-12-2012 15:32:00 mbam-log-2012-12-21 (15-32-00).txt Tipo de pesquisa: Rápida Opções de pesquisa activadas: Memoria | Arranque | Registo | Sistema de Ficheiros | Heurísticos/Extra | Heurísticos/Shuriken | PPI | MPI Opções de pesquisa desactivadas: P2P Objectos verificados: 211625 Tempo decorrido: 11 minuto(s), 9 segundo(s) Processos de memória Detectados: 0 (Nenhum item malicioso detectado) Módulos de Memória Detectados: 0 (Nenhum item malicioso detectado) Chaves do Registo Detectadas: 0 (Nenhum item malicioso detectado) Valores do Registo Detectados: 0 (Nenhum item malicioso detectado) Itens de dados do Registo Detectados: 0 (Nenhum item malicioso detectado) Pastas Detectadas: 0 (Nenhum item malicioso detectado) Ficheiros Detectados: 0 (Nenhum item malicioso detectado) (fim)
  5. yeiy! I'm writting this post from my "infected pc" now I jsut would like to know if my pc is safe now or is there somethign elso to know I desisntalled avg anti virus and instaled malwarebyte and kaspesky itnernet security 2012 I need to know if I can surf safely in internet on this pc
  6. here is the otl log OTL logfile created on: 21-12-2012 14:08:58 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mr Fox\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000816 | Country: Portugal | Language: PTG | Date Format: dd-MM-yyyy 3,37 Gb Total Physical Memory | 2,53 Gb Available Physical Memory | 75,01% Memory free 6,75 Gb Paging File | 5,38 Gb Available in Paging File | 79,80% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 84,14 Gb Total Space | 17,72 Gb Free Space | 21,06% Space Free | Partition Type: NTFS Drive D: | 195,32 Gb Total Space | 12,53 Gb Free Space | 6,42% Space Free | Partition Type: NTFS Computer Name: MRFOX-PC | User Name: Mr Fox | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Mr Fox\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\Mr Fox\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\Linkury.exe (Smartbar) PRC - C:\Program Files (x86)\BitTorrent\BitTorrent.exe (BitTorrent, Inc.) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) PRC - C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe (DT Soft Ltd) PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO) ========== Modules (No Company Name) ========== MOD - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\Smartbar.Resources.AutomaticUpdates.dll () MOD - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll () MOD - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll () MOD - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll () MOD - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\Smartbar.GUI.Multimedia.Loader.dll () MOD - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll () MOD - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\Smartbar.Personalization.BusinessLogic.dll () MOD - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.XmlSerializers.dll () MOD - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\Smartbar.Resources.SideBySide.dll () MOD - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll () MOD - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\pt\Smartbar.Resources.LanguageSettings.resources.dll () MOD - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll () MOD - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\Smartbar.Resources.ProcessDownMonitor.dll () MOD - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll () MOD - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\Smartbar.Resources.Utilities.dll () MOD - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll () MOD - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll () MOD - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll () MOD - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\MACTrackBarLib.dll () MOD - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll () MOD - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.EventManager.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\626d0ac2f4ada682d7ca6c4ebf821469\CustomMarshalers.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\761fd1afc17f11bf6d49c3a7d16465ca\System.Web.Services.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll () MOD - C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtWebKit4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtGui4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtSql4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtScript4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtNetwork4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtCore4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtDeclarative4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtWebKit\qmlwebkitplugin.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll () MOD - C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt_b77a5c561934e089\System.resources.dll () ========== Services (SafeList) ========== SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (FLEXnet Licensing Service 64) -- C:\Programas\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (wampapache) -- c:\wamp\bin\apache\apache2.2.22\bin\httpd.exe (Apache Software Foundation) SRV - (wampmysqld) -- c:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe () SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO) SRV - (wlidsvc) -- C:\Programas\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (ADIHdAudAddService) -- C:\Windows\SysNative\drivers\ADIHdAud.sys (Analog Devices, Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO) DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO) DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (RMCAST) -- C:\Windows\SysNative\drivers\rmcast.sys (Microsoft Corporation) DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-PT IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.startup.homepage: "" FF - prefs.js..extensions.enabledAddons: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:2.0.7 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Mr Fox\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Mr Fox\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012-12-19 20:14:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-11-16 15:57:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-11-16 15:57:21 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012-09-13 18:15:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mr Fox\AppData\Roaming\mozilla\Extensions [2012-11-27 23:36:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mr Fox\AppData\Roaming\mozilla\Firefox\Profiles\2vzxlubo.default\extensions [2012-09-13 18:21:30 | 000,341,143 | ---- | M] () (No name found) -- C:\Users\Mr Fox\AppData\Roaming\mozilla\firefox\profiles\2vzxlubo.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2012-11-27 23:36:36 | 000,035,614 | ---- | M] () (No name found) -- C:\Users\Mr Fox\AppData\Roaming\mozilla\firefox\profiles\2vzxlubo.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-12-19 20:15:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012-12-19 20:15:25 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\mozilla firefox\extensions\KavAntiBanner@Kaspersky.ru [2012-12-19 20:15:15 | 000,000,000 | ---D | M] (Conselheiro de URLs da Kaspersky) -- C:\Program Files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru [2012-11-16 15:57:21 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012-09-06 03:23:16 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml [2012-09-06 03:23:16 | 000,001,529 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\priberam.xml [2012-09-06 03:23:16 | 000,002,071 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\sapo.xml [2012-09-06 03:23:16 | 000,000,942 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-ptpt.xml ========== Chrome ========== CHR - homepage: http://www.google.pt/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}, CHR - homepage: http://www.google.pt/ CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Mr Fox\AppData\Local\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Mr Fox\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Mr Fox\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Mr Fox\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Mr Fox\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Mr Fox\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Mr Fox\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll CHR - plugin: Google Update (Enabled) = C:\Users\Mr Fox\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - Extension: wareztuga.tv streamer = C:\Users\Mr Fox\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajnommifabkikkfaponcacapkfaghkcj\3.4_0\ CHR - Extension: James White = C:\Users\Mr Fox\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkeidgmehkdjmpjodpjkepolokanalkm\3_0\ CHR - Extension: YouTube = C:\Users\Mr Fox\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Adblock Plus = C:\Users\Mr Fox\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\ CHR - Extension: Pesquisa do Google = C:\Users\Mr Fox\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Pixlr-o-matic = C:\Users\Mr Fox\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehcibdjmpjlekgjhepbfmenfppliikcj\1.2_0\ CHR - Extension: AdBlock = C:\Users\Mr Fox\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.52_0\ CHR - Extension: Gmail = C:\Users\Mr Fox\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012-12-19 17:04:24 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (Facilitador de Leitor de Link Adobe PDF) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [Win7PDF] C:\Program Files\PDF Printer for Windows 7\PDF.exe File not found O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKCU..\Run: [bitTorrent] C:\Program Files (x86)\BitTorrent\BitTorrent.exe (BitTorrent, Inc.) O4 - HKCU..\Run: [browser Infrastructure Helper] C:\Users\Mr Fox\AppData\Local\Smartbar\Application\Linkury.exe (Smartbar) O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd) O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O4 - Startup: C:\Users\Mr Fox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Mr Fox\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Mr Fox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Adicionar ao Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm () O8 - Extra context menu item: Adicionar ao Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm () O9:64bit: - Extra Button: &Teclado virtual - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: Verificação de U&RLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: &Teclado virtual - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Verificação de U&RLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programas\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programas\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O12 - Plugin for: .spop - C:\Program Files (x86)\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.) O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programas\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012-12-21 13:55:50 | 000,000,000 | ---D | C] -- C:\_OTL [2012-12-20 16:18:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT [2012-12-20 16:18:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT [2012-12-20 13:16:06 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Mr Fox\Desktop\erunt-setup.exe [2012-12-20 10:24:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mr Fox\Desktop\OTL.exe [2012-12-20 01:06:20 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012-12-19 20:15:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2012 [2012-12-19 20:14:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab [2012-12-19 20:14:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2012-12-19 20:13:53 | 000,615,728 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys [2012-12-19 19:10:00 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012-12-19 16:45:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012-12-19 16:45:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012-12-19 16:45:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012-12-19 16:43:30 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{48B7FA61-8D1D-4014-B6FB-0CFF9C8EE542} [2012-12-19 16:34:15 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA% [2012-12-19 16:32:32 | 000,000,000 | ---D | C] -- C:\Qoobox [2012-12-19 16:32:21 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012-12-19 13:48:52 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Mr Fox\Desktop\aswMBR.exe [2012-12-19 12:58:00 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Mr Fox\Desktop\dds.com [2012-12-19 12:57:13 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Roaming\Malwarebytes [2012-12-19 12:57:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012-12-19 12:57:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012-12-19 12:57:04 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012-12-19 12:57:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012-12-18 22:51:59 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\Desktop\Música [2012-12-18 16:10:41 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{EE8FD508-E5B3-4ACF-8DB6-196959C50018} [2012-12-17 18:19:19 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\Desktop\Hardwell [2012-12-17 18:19:10 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\Desktop\Afrojack [2012-12-17 08:07:58 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\Documents\KONAMI [2012-12-17 07:59:57 | 000,000,000 | ---D | C] -- C:\ProgramData\KONAMI [2012-12-17 07:59:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KONAMI [2012-12-17 07:54:51 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{0955C0CA-954D-4C07-BFFC-C35855B47F99} [2012-12-16 09:48:02 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{DBCF6190-4D70-4A38-9476-1ED5595BA9B0} [2012-12-15 21:47:44 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{11080D91-D531-4546-BF73-F737C3332827} [2012-12-15 12:28:17 | 000,000,000 | R--D | C] -- C:\Users\Mr Fox\Desktop\JOÃO [2012-12-15 11:29:48 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\Desktop\IMAGENS [2012-12-15 11:23:44 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet [2012-12-15 11:18:33 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2012-12-15 11:15:23 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM [2012-12-15 11:04:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool [2012-12-15 11:02:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS4 [2012-12-15 11:01:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared [2012-12-15 11:01:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2012-12-15 10:59:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared [2012-12-15 09:59:49 | 000,000,000 | ---D | C] -- C:\temp [2012-12-15 09:56:38 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\Desktop\battleship_v9 [2012-12-14 15:38:10 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{98DE45EC-E72C-451B-8A2B-B69F14160733} [2012-12-13 18:30:33 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{4DBA1B76-71BC-448D-8950-BBCC5ADC79AF} [2012-12-12 22:19:41 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\Desktop\SS12_13 [2012-12-12 18:44:49 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{E88F6FB8-4FC8-4E5C-A3D8-5EC17E79B143} [2012-12-11 07:30:15 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{36CCA143-BB9B-4ED9-889E-F9DCEAEFD561} [2012-12-10 18:30:23 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{017B298B-F55D-4B2F-BD21-888B2799F820} [2012-12-08 18:33:48 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\Cisco Packet Tracer 5.3.3 [2012-12-08 18:32:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Packet Tracer [2012-12-08 18:32:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco Packet Tracer 5.3.3 [2012-12-08 18:16:55 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\Desktop\SvM-fds [2012-12-08 18:00:11 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{DA8164C5-5ABD-4808-9BA3-79096790DF2E} [2012-12-07 14:48:59 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{982E790E-B35E-4020-8EAB-11952F1B2A66} [2012-12-06 18:32:19 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{564EFFF2-A244-4DA2-AE8B-BC17425D39E9} [2012-12-05 18:49:22 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{A3217B5A-DE7A-4EE5-BE87-B0F560C3BBBF} [2012-12-04 15:08:17 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{AB1658E3-66CB-4143-A347-02A1EBF14B65} [2012-12-03 18:51:04 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{5BA70093-A411-4DFE-9D97-9950B89B699F} [2012-12-02 12:57:17 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{EF0887C9-4724-4B28-BF24-E19D10C34E95} [2012-12-01 12:27:54 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{6214E485-8D57-4775-B139-AE2331DB54F9} [2012-11-30 15:07:24 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{44E89FC2-48F4-4BF4-A71A-D52996B719CF} [2012-11-29 19:31:09 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{D38D2B55-479A-49DA-A362-BFCC4740B912} [2012-11-28 19:36:25 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{F8448C5C-5296-46F2-B7C9-07B38287C0BD} [2012-11-27 15:05:08 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{8E586098-BEAF-4DA1-A69B-4D4DAA7CD950} [2012-11-26 19:00:07 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{7E7B9E68-0CAD-4926-BF29-B51450931A7B} [2012-11-25 12:21:42 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{BBCBCE1D-4549-4677-A124-FC6257B49F7E} [2012-11-24 13:00:37 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{487D922E-43D9-4878-822E-F8F1AADF4ADC} [2012-11-23 15:12:11 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{525C1633-4B8D-4B11-948B-EC1AA153A896} [2012-11-22 18:55:03 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{92FFBFB7-9F07-4D13-978B-769ADD7ADA5D} [2012-11-21 21:18:52 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Roaming\DVDVideoSoftIEHelpers [2012-11-21 21:18:51 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Roaming\DVDVideoSoft [2012-11-21 21:18:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft [2012-11-21 21:18:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2012-11-21 21:18:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft [2012-11-21 18:46:10 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{E2C74862-BCEF-463A-9377-27C40CF03109} ========== Files - Modified Within 30 Days ========== [2012-12-21 14:08:53 | 000,013,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012-12-21 14:08:53 | 000,013,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012-12-21 14:08:12 | 000,131,072 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl [2012-12-21 14:08:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012-12-21 13:57:21 | 2717,310,976 | -HS- | M] () -- C:\hiberfil.sys [2012-12-20 16:18:42 | 000,001,104 | ---- | M] () -- C:\Users\Mr Fox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2012-12-20 16:18:23 | 000,000,905 | ---- | M] () -- C:\Users\Mr Fox\Desktop\ERUNT.lnk [2012-12-20 13:16:06 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Mr Fox\Desktop\erunt-setup.exe [2012-12-20 11:13:37 | 001,648,554 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012-12-20 11:13:37 | 000,718,554 | ---- | M] () -- C:\Windows\SysNative\prfh0816.dat [2012-12-20 11:13:37 | 000,651,910 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012-12-20 11:13:37 | 000,151,536 | ---- | M] () -- C:\Windows\SysNative\prfc0816.dat [2012-12-20 11:13:37 | 000,120,842 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012-12-20 10:25:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mr Fox\Desktop\OTL.exe [2012-12-20 09:00:01 | 000,003,280 | ---- | M] () -- C:\bootsqm.dat [2012-12-19 20:47:26 | 000,165,376 | ---- | M] () -- C:\Users\Mr Fox\Desktop\SystemLook_x64.exe [2012-12-19 20:15:30 | 000,151,619 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat [2012-12-19 20:15:29 | 000,107,075 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat [2012-12-19 20:13:53 | 000,615,728 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys [2012-12-19 18:15:01 | 000,001,026 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4020319423-4195463559-611360456-1000UA.job [2012-12-19 17:04:24 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012-12-19 16:44:46 | 000,001,000 | ---- | M] () -- C:\Users\Mr Fox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012-12-19 16:44:44 | 000,001,020 | ---- | M] () -- C:\Users\Mr Fox\Desktop\Dropbox.lnk [2012-12-19 13:54:26 | 000,000,512 | ---- | M] () -- C:\Users\Mr Fox\Desktop\MBR.dat [2012-12-19 13:49:36 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Mr Fox\Desktop\aswMBR.exe [2012-12-19 13:19:30 | 000,142,995 | ---- | M] () -- C:\Users\Mr Fox\Desktop\1.png [2012-12-19 12:58:01 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Mr Fox\Desktop\dds.com [2012-12-19 12:57:06 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012-12-19 12:52:13 | 000,508,159 | ---- | M] () -- C:\Users\Mr Fox\Desktop\Sem Título.png [2012-12-18 21:28:26 | 000,000,974 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4020319423-4195463559-611360456-1000Core.job [2012-12-17 08:11:04 | 000,001,737 | ---- | M] () -- C:\Users\Mr Fox\Desktop\PES - 2012.lnk [2012-12-15 21:48:05 | 003,023,160 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012-12-15 11:23:18 | 000,001,682 | ---- | M] () -- C:\Users\Mr Fox\Desktop\Photoshop.exe - Atalho.lnk [2012-12-15 10:11:31 | 000,001,638 | ---- | M] () -- C:\Users\Mr Fox\Desktop\battleship_v7.sln [2012-12-08 21:05:44 | 000,000,190 | ---- | M] () -- C:\Users\Mr Fox\.packettracer [2012-12-08 18:32:57 | 000,001,243 | ---- | M] () -- C:\Users\Mr Fox\Desktop\Cisco Packet Tracer.lnk [2012-11-27 18:55:29 | 000,001,495 | ---- | M] () -- C:\Users\Mr Fox\Desktop\Visual Studio 2010 - Atalho.lnk [2012-11-22 20:15:12 | 144,600,276 | ---- | M] () -- C:\Users\Mr Fox\Desktop\Rltion.1.09.rar ========== Files Created - No Company Name ========== [2012-12-20 16:18:42 | 000,001,104 | ---- | C] () -- C:\Users\Mr Fox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2012-12-20 16:18:23 | 000,000,905 | ---- | C] () -- C:\Users\Mr Fox\Desktop\ERUNT.lnk [2012-12-20 09:00:01 | 000,003,280 | ---- | C] () -- C:\bootsqm.dat [2012-12-19 20:47:27 | 000,165,376 | ---- | C] () -- C:\Users\Mr Fox\Desktop\SystemLook_x64.exe [2012-12-19 20:15:30 | 000,151,619 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat [2012-12-19 20:15:29 | 000,107,075 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat [2012-12-19 16:45:24 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012-12-19 16:45:24 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012-12-19 16:45:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012-12-19 16:45:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012-12-19 16:45:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012-12-19 13:54:26 | 000,000,512 | ---- | C] () -- C:\Users\Mr Fox\Desktop\MBR.dat [2012-12-19 13:19:30 | 000,142,995 | ---- | C] () -- C:\Users\Mr Fox\Desktop\1.png [2012-12-19 12:57:06 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012-12-19 12:52:13 | 000,508,159 | ---- | C] () -- C:\Users\Mr Fox\Desktop\Sem Título.png [2012-12-17 08:11:04 | 000,001,737 | ---- | C] () -- C:\Users\Mr Fox\Desktop\PES - 2012.lnk [2012-12-15 19:20:06 | 000,001,638 | ---- | C] () -- C:\Users\Mr Fox\Desktop\battleship_v7.sln [2012-12-15 11:23:18 | 000,001,682 | ---- | C] () -- C:\Users\Mr Fox\Desktop\Photoshop.exe - Atalho.lnk [2012-12-08 18:33:48 | 000,000,190 | ---- | C] () -- C:\Users\Mr Fox\.packettracer [2012-12-08 18:32:57 | 000,001,243 | ---- | C] () -- C:\Users\Mr Fox\Desktop\Cisco Packet Tracer.lnk [2012-11-22 19:28:08 | 144,600,276 | ---- | C] () -- C:\Users\Mr Fox\Desktop\Rltion.1.09.rar [2012-09-22 16:12:22 | 001,616,042 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012-08-06 13:31:58 | 000,017,408 | ---- | C] () -- C:\Users\Mr Fox\AppData\Local\WebpageIcons.db [2012-08-06 12:29:14 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011-09-28 16:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat ========== ZeroAccess Check ========== [2012-12-19 16:32:55 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{051459fb-50a4-d889-e47e-57281b7548f6}\L [2012-12-19 16:32:55 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{051459fb-50a4-d889-e47e-57281b7548f6}\U [2009-07-14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012-06-09 05:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report >
  7. still no internet, but here is the log All processes killed ========== SERVICES/DRIVERS ========== ========== OTL ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. HKU\S-1-5-21-4020319423-4195463559-611360456-1000\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully! HKU\S-1-5-21-4020319423-4195463559-611360456-1000\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully! HKEY_USERS\S-1-5-21-4020319423-4195463559-611360456-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Prefs.js: "Web Search" removed from browser.search.selectedEngine Prefs.js: "http://feed.helperbar.com/?publisher=OC&dpid=OC&co=PT&userid=71e3e8cf-fb27-464f-ad5c-9d7df577e835&affid=111583&searchtype=hp&babsrc=lnkry" removed from browser.startup.homepage Prefs.js: "http://feed.helperbar.com/?publisher=OC&dpid=OC&co=PT&userid=71e3e8cf-fb27-464f-ad5c-9d7df577e835&affid=111583&searchtype=ds&babsrc=lnkry&q=" removed from keyword.URL C:\Users\Mr Fox\AppData\Roaming\mozilla\Firefox\Profiles\2vzxlubo.default\extensions\helperbar@helperbar.com\components folder moved successfully. C:\Users\Mr Fox\AppData\Roaming\mozilla\Firefox\Profiles\2vzxlubo.default\extensions\helperbar@helperbar.com\chrome\PublisherImages folder moved successfully. C:\Users\Mr Fox\AppData\Roaming\mozilla\Firefox\Profiles\2vzxlubo.default\extensions\helperbar@helperbar.com\chrome\images folder moved successfully. C:\Users\Mr Fox\AppData\Roaming\mozilla\Firefox\Profiles\2vzxlubo.default\extensions\helperbar@helperbar.com\chrome folder moved successfully. C:\Users\Mr Fox\AppData\Roaming\mozilla\Firefox\Profiles\2vzxlubo.default\extensions\helperbar@helperbar.com folder moved successfully. C:\Users\Mr Fox\AppData\Roaming\mozilla\firefox\profiles\2vzxlubo.default\searchplugins\Web Search.xml moved successfully. C:\Users\Mr Fox\AppData\Roaming\Babylon folder moved successfully. C:\Users\Mr Fox\AppData\Roaming\OpenCandy\OpenCandy_8809B49A3DF64006A591ABA7A6355FF3 folder moved successfully. C:\Users\Mr Fox\AppData\Roaming\OpenCandy\8809B49A3DF64006A591ABA7A6355FF3 folder moved successfully. C:\Users\Mr Fox\AppData\Roaming\OpenCandy folder moved successfully. ========== FILES ========== < copy C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sysC:\Windows\System32\drivers\AFD.SYS /c > C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sysC:\Windows\System32\drivers\AFD.SYS 0 ficheiro(s) copiado(s). C:\Users\Mr Fox\Desktop\cmd.bat deleted successfully. C:\Users\Mr Fox\Desktop\cmd.txt deleted successfully. < ​ipconfig /flushdns /c > C:\Users\Mr Fox\Desktop\cmd.bat deleted successfully. C:\Users\Mr Fox\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Mr Fox ->Temp folder emptied: 1863456 bytes ->Temporary Internet Files folder emptied: 2089478 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 129171871 bytes ->Google Chrome cache emptied: 241713236 bytes ->Flash cache emptied: 506 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 51349 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 46427580 bytes RecycleBin emptied: 212675960 bytes Total Files Cleaned = 605,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 12212012_135550 Files\Folders moved on Reboot... C:\Users\Mr Fox\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot...
  8. no icant copy anything in quote text write it like a normal post, no quotes
  9. can you please re-post the quote u have out of it, lile normal post? i cant copy that white my phone btw, is the virus thing solved or would it be better anyway to format the pc?
  10. OTL logfile created on: 20-12-2012 10:50:14 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mr Fox\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000816 | Country: Portugal | Language: PTG | Date Format: dd-MM-yyyy 3,37 Gb Total Physical Memory | 2,67 Gb Available Physical Memory | 78,99% Memory free 6,75 Gb Paging File | 5,48 Gb Available in Paging File | 81,25% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 84,14 Gb Total Space | 17,32 Gb Free Space | 20,58% Space Free | Partition Type: NTFS Drive D: | 195,32 Gb Total Space | 12,53 Gb Free Space | 6,42% Space Free | Partition Type: NTFS Drive G: | 1,90 Gb Total Space | 0,67 Gb Free Space | 35,30% Space Free | Partition Type: FAT32 Computer Name: MRFOX-PC | User Name: Mr Fox | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Mr Fox\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\Mr Fox\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\Linkury.exe (Smartbar) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) PRC - C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe (DT Soft Ltd) PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO) ========== Modules (No Company Name) ========== MOD - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\Smartbar.Resources.AutomaticUpdates.dll () MOD - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll () MOD - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll () MOD - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll () MOD - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\Smartbar.GUI.Multimedia.Loader.dll () MOD - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll () MOD - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\Smartbar.Personalization.BusinessLogic.dll () MOD - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.XmlSerializers.dll () MOD - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\Smartbar.Resources.SideBySide.dll () MOD - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll () MOD - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\pt\Smartbar.Resources.LanguageSettings.resources.dll () MOD - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll () MOD - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\Smartbar.Resources.ProcessDownMonitor.dll () MOD - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll () MOD - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\Smartbar.Resources.Utilities.dll () MOD - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll () MOD - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll () MOD - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll () MOD - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\MACTrackBarLib.dll () MOD - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll () MOD - C:\Users\Mr Fox\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.EventManager.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\626d0ac2f4ada682d7ca6c4ebf821469\CustomMarshalers.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\761fd1afc17f11bf6d49c3a7d16465ca\System.Web.Services.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll () MOD - C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtWebKit4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtGui4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtSql4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtScript4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtNetwork4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtCore4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtDeclarative4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtWebKit\qmlwebkitplugin.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll () MOD - C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt_b77a5c561934e089\System.resources.dll () ========== Services (SafeList) ========== SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe (ATI Technologies Inc.) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (FLEXnet Licensing Service 64) -- C:\Programas\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (wampapache) -- c:\wamp\bin\apache\apache2.2.22\bin\httpd.exe (Apache Software Foundation) SRV - (wampmysqld) -- c:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe () SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO) SRV - (wlidsvc) -- C:\Programas\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (ADIHdAudAddService) -- C:\Windows\SysNative\drivers\ADIHdAud.sys (Analog Devices, Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO) DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO) DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (RMCAST) -- C:\Windows\SysNative\drivers\rmcast.sys (Microsoft Corporation) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.helperbar.com/?publisher=OC&dpid=OC&co=PT&userid=71e3e8cf-fb27-464f-ad5c-9d7df577e835&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4020319423-4195463559-611360456-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-PT IE - HKU\S-1-5-21-4020319423-4195463559-611360456-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.helperbar.com/?publisher=OC&dpid=OC&co=PT&userid=71e3e8cf-fb27-464f-ad5c-9d7df577e835&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKU\S-1-5-21-4020319423-4195463559-611360456-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.helperbar.com/?publisher=OC&dpid=OC&co=PT&userid=71e3e8cf-fb27-464f-ad5c-9d7df577e835&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKU\S-1-5-21-4020319423-4195463559-611360456-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-4020319423-4195463559-611360456-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Web Search" FF - prefs.js..browser.startup.homepage: "http://feed.helperbar.com/?publisher=OC&dpid=OC&co=PT&userid=71e3e8cf-fb27-464f-ad5c-9d7df577e835&affid=111583&searchtype=hp&babsrc=lnkry" FF - prefs.js..extensions.enabledAddons: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:2.0.7 FF - prefs.js..keyword.URL: "http://feed.helperbar.com/?publisher=OC&dpid=OC&co=PT&userid=71e3e8cf-fb27-464f-ad5c-9d7df577e835&affid=111583&searchtype=ds&babsrc=lnkry&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Mr Fox\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Mr Fox\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012-12-19 20:14:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-11-16 15:57:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-11-16 15:57:21 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012-09-13 18:15:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mr Fox\AppData\Roaming\mozilla\Extensions [2012-11-27 23:36:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mr Fox\AppData\Roaming\mozilla\Firefox\Profiles\2vzxlubo.default\extensions [2012-11-27 23:30:28 | 000,000,000 | ---D | M] ("Linkury Smartbar") -- C:\Users\Mr Fox\AppData\Roaming\mozilla\Firefox\Profiles\2vzxlubo.default\extensions\helperbar@helperbar.com [2012-09-13 18:21:30 | 000,341,143 | ---- | M] () (No name found) -- C:\Users\Mr Fox\AppData\Roaming\mozilla\firefox\profiles\2vzxlubo.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2012-11-27 23:36:36 | 000,035,614 | ---- | M] () (No name found) -- C:\Users\Mr Fox\AppData\Roaming\mozilla\firefox\profiles\2vzxlubo.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-12-16 21:18:11 | 000,002,455 | ---- | M] () -- C:\Users\Mr Fox\AppData\Roaming\mozilla\firefox\profiles\2vzxlubo.default\searchplugins\Web Search.xml [2012-12-19 20:15:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012-12-19 20:15:25 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\mozilla firefox\extensions\KavAntiBanner@Kaspersky.ru [2012-12-19 20:15:15 | 000,000,000 | ---D | M] (Conselheiro de URLs da Kaspersky) -- C:\Program Files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru [2012-11-16 15:57:21 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012-09-06 03:23:16 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml [2012-09-06 03:23:16 | 000,001,529 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\priberam.xml [2012-09-06 03:23:16 | 000,002,071 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\sapo.xml [2012-09-06 03:23:16 | 000,000,942 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-ptpt.xml ========== Chrome ========== CHR - homepage: http://www.google.pt/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}, CHR - homepage: http://www.google.pt/ CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Mr Fox\AppData\Local\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Mr Fox\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Mr Fox\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Mr Fox\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Mr Fox\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Mr Fox\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Mr Fox\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll CHR - plugin: Google Update (Enabled) = C:\Users\Mr Fox\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - Extension: wareztuga.tv streamer = C:\Users\Mr Fox\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajnommifabkikkfaponcacapkfaghkcj\3.4_0\ CHR - Extension: James White = C:\Users\Mr Fox\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkeidgmehkdjmpjodpjkepolokanalkm\3_0\ CHR - Extension: YouTube = C:\Users\Mr Fox\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Adblock Plus = C:\Users\Mr Fox\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\ CHR - Extension: Pesquisa do Google = C:\Users\Mr Fox\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Pixlr-o-matic = C:\Users\Mr Fox\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehcibdjmpjlekgjhepbfmenfppliikcj\1.2_0\ CHR - Extension: AdBlock = C:\Users\Mr Fox\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.52_0\ CHR - Extension: Gmail = C:\Users\Mr Fox\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012-12-19 17:04:24 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (Facilitador de Leitor de Link Adobe PDF) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [Win7PDF] C:\Program Files\PDF Printer for Windows 7\PDF.exe File not found O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKU\S-1-5-21-4020319423-4195463559-611360456-1000..\Run: [bitTorrent] C:\Program Files (x86)\BitTorrent\BitTorrent.exe (BitTorrent, Inc.) O4 - HKU\S-1-5-21-4020319423-4195463559-611360456-1000..\Run: [browser Infrastructure Helper] C:\Users\Mr Fox\AppData\Local\Smartbar\Application\Linkury.exe (Smartbar) O4 - HKU\S-1-5-21-4020319423-4195463559-611360456-1000..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-4020319423-4195463559-611360456-1000..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O4 - Startup: C:\Users\Mr Fox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Mr Fox\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-4020319423-4195463559-611360456-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-4020319423-4195463559-611360456-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Adicionar ao Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm () O8 - Extra context menu item: Adicionar ao Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm () O9:64bit: - Extra Button: &Teclado virtual - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: Verificação de U&RLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: &Teclado virtual - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Verificação de U&RLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programas\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programas\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O12 - Plugin for: .spop - C:\Program Files (x86)\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.) O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programas\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011-11-22 16:53:20 | 000,000,000 | RHSD | M] - G:\autorun.inf -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012-12-20 10:24:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mr Fox\Desktop\OTL.exe [2012-12-20 01:18:11 | 001,461,035 | ---- | C] (Farbar) -- C:\Users\Mr Fox\Desktop\FRST64.exe [2012-12-20 01:06:20 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012-12-19 20:15:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2012 [2012-12-19 20:14:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab [2012-12-19 20:14:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2012-12-19 20:13:53 | 000,615,728 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys [2012-12-19 20:01:03 | 000,697,869 | ---- | C] (Farbar) -- C:\Users\Mr Fox\Desktop\FSS.exe [2012-12-19 19:10:00 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012-12-19 18:11:15 | 145,618,136 | ---- | C] (Kaspersky Lab) -- C:\Users\Mr Fox\Desktop\kis12.0.0.374pt_pt.exe [2012-12-19 18:03:46 | 058,676,470 | ---- | C] (Kaspersky Lab) -- C:\Users\Mr Fox\Desktop\Não confirmado 91230.crdownload [2012-12-19 16:45:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012-12-19 16:45:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012-12-19 16:45:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012-12-19 16:43:30 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{48B7FA61-8D1D-4014-B6FB-0CFF9C8EE542} [2012-12-19 16:34:15 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA% [2012-12-19 16:32:32 | 000,000,000 | ---D | C] -- C:\Qoobox [2012-12-19 16:32:21 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012-12-19 16:29:41 | 005,012,372 | R--- | C] (Swearware) -- C:\Users\Mr Fox\Desktop\ComboFix.exe [2012-12-19 13:48:52 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Mr Fox\Desktop\aswMBR.exe [2012-12-19 12:58:00 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Mr Fox\Desktop\dds.com [2012-12-19 12:57:13 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Roaming\Malwarebytes [2012-12-19 12:57:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012-12-19 12:57:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012-12-19 12:57:04 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012-12-19 12:57:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012-12-18 22:51:59 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\Desktop\Música [2012-12-18 16:10:41 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{EE8FD508-E5B3-4ACF-8DB6-196959C50018} [2012-12-17 18:19:19 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\Desktop\Hardwell [2012-12-17 18:19:10 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\Desktop\Afrojack [2012-12-17 08:07:58 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\Documents\KONAMI [2012-12-17 07:59:57 | 000,000,000 | ---D | C] -- C:\ProgramData\KONAMI [2012-12-17 07:59:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KONAMI [2012-12-17 07:54:51 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{0955C0CA-954D-4C07-BFFC-C35855B47F99} [2012-12-16 09:48:02 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{DBCF6190-4D70-4A38-9476-1ED5595BA9B0} [2012-12-15 21:47:44 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{11080D91-D531-4546-BF73-F737C3332827} [2012-12-15 12:28:17 | 000,000,000 | R--D | C] -- C:\Users\Mr Fox\Desktop\JOÃO [2012-12-15 11:29:48 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\Desktop\IMAGENS [2012-12-15 11:23:44 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet [2012-12-15 11:18:33 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2012-12-15 11:15:23 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM [2012-12-15 11:04:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool [2012-12-15 11:02:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS4 [2012-12-15 11:01:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared [2012-12-15 11:01:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2012-12-15 10:59:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared [2012-12-15 09:59:49 | 000,000,000 | ---D | C] -- C:\temp [2012-12-15 09:56:38 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\Desktop\battleship_v9 [2012-12-14 15:38:10 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{98DE45EC-E72C-451B-8A2B-B69F14160733} [2012-12-13 18:30:33 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{4DBA1B76-71BC-448D-8950-BBCC5ADC79AF} [2012-12-12 22:19:41 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\Desktop\SS12_13 [2012-12-12 18:44:49 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{E88F6FB8-4FC8-4E5C-A3D8-5EC17E79B143} [2012-12-11 07:30:15 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{36CCA143-BB9B-4ED9-889E-F9DCEAEFD561} [2012-12-10 18:30:23 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{017B298B-F55D-4B2F-BD21-888B2799F820} [2012-12-08 18:33:48 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\Cisco Packet Tracer 5.3.3 [2012-12-08 18:32:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Packet Tracer [2012-12-08 18:32:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco Packet Tracer 5.3.3 [2012-12-08 18:16:55 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\Desktop\SvM-fds [2012-12-08 18:00:11 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{DA8164C5-5ABD-4808-9BA3-79096790DF2E} [2012-12-07 14:48:59 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{982E790E-B35E-4020-8EAB-11952F1B2A66} [2012-12-06 18:32:19 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{564EFFF2-A244-4DA2-AE8B-BC17425D39E9} [2012-12-05 18:49:22 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{A3217B5A-DE7A-4EE5-BE87-B0F560C3BBBF} [2012-12-04 15:08:17 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{AB1658E3-66CB-4143-A347-02A1EBF14B65} [2012-12-03 18:51:04 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{5BA70093-A411-4DFE-9D97-9950B89B699F} [2012-12-02 12:57:17 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{EF0887C9-4724-4B28-BF24-E19D10C34E95} [2012-12-01 12:27:54 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{6214E485-8D57-4775-B139-AE2331DB54F9} [2012-11-30 15:07:24 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{44E89FC2-48F4-4BF4-A71A-D52996B719CF} [2012-11-29 19:31:09 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{D38D2B55-479A-49DA-A362-BFCC4740B912} [2012-11-28 19:36:25 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{F8448C5C-5296-46F2-B7C9-07B38287C0BD} [2012-11-27 15:05:08 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{8E586098-BEAF-4DA1-A69B-4D4DAA7CD950} [2012-11-26 19:00:07 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{7E7B9E68-0CAD-4926-BF29-B51450931A7B} [2012-11-25 12:21:42 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{BBCBCE1D-4549-4677-A124-FC6257B49F7E} [2012-11-24 13:00:37 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{487D922E-43D9-4878-822E-F8F1AADF4ADC} [2012-11-23 15:12:11 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{525C1633-4B8D-4B11-948B-EC1AA153A896} [2012-11-22 18:55:03 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{92FFBFB7-9F07-4D13-978B-769ADD7ADA5D} [2012-11-21 21:18:52 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Roaming\DVDVideoSoftIEHelpers [2012-11-21 21:18:51 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Roaming\DVDVideoSoft [2012-11-21 21:18:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft [2012-11-21 21:18:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2012-11-21 21:18:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft [2012-11-21 18:46:10 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{E2C74862-BCEF-463A-9377-27C40CF03109} [2012-11-20 15:08:15 | 000,000,000 | ---D | C] -- C:\Users\Mr Fox\AppData\Local\{C4F4928F-B755-4CE0-917C-B264A42D004E} ========== Files - Modified Within 30 Days ========== [2012-12-20 10:51:57 | 001,648,554 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012-12-20 10:51:57 | 000,718,554 | ---- | M] () -- C:\Windows\SysNative\prfh0816.dat [2012-12-20 10:51:57 | 000,651,910 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012-12-20 10:51:57 | 000,151,536 | ---- | M] () -- C:\Windows\SysNative\prfc0816.dat [2012-12-20 10:51:57 | 000,120,842 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012-12-20 10:46:59 | 000,196,608 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl [2012-12-20 10:46:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012-12-20 10:25:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mr Fox\Desktop\OTL.exe [2012-12-20 09:07:59 | 000,013,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012-12-20 09:07:59 | 000,013,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012-12-20 09:00:37 | 2717,310,976 | -HS- | M] () -- C:\hiberfil.sys [2012-12-20 09:00:01 | 000,003,280 | ---- | M] () -- C:\bootsqm.dat [2012-12-20 01:18:10 | 001,461,035 | ---- | M] (Farbar) -- C:\Users\Mr Fox\Desktop\FRST64.exe [2012-12-19 20:47:26 | 000,165,376 | ---- | M] () -- C:\Users\Mr Fox\Desktop\SystemLook_x64.exe [2012-12-19 20:15:30 | 000,151,619 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat [2012-12-19 20:15:29 | 000,107,075 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat [2012-12-19 20:13:53 | 000,615,728 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys [2012-12-19 20:01:02 | 000,697,869 | ---- | M] (Farbar) -- C:\Users\Mr Fox\Desktop\FSS.exe [2012-12-19 18:19:01 | 145,618,136 | ---- | M] (Kaspersky Lab) -- C:\Users\Mr Fox\Desktop\kis12.0.0.374pt_pt.exe [2012-12-19 18:15:01 | 000,001,026 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4020319423-4195463559-611360456-1000UA.job [2012-12-19 18:07:49 | 058,676,470 | ---- | M] (Kaspersky Lab) -- C:\Users\Mr Fox\Desktop\Não confirmado 91230.crdownload [2012-12-19 17:04:24 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012-12-19 16:44:46 | 000,001,000 | ---- | M] () -- C:\Users\Mr Fox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012-12-19 16:44:44 | 000,001,020 | ---- | M] () -- C:\Users\Mr Fox\Desktop\Dropbox.lnk [2012-12-19 16:30:05 | 005,012,372 | R--- | M] (Swearware) -- C:\Users\Mr Fox\Desktop\ComboFix.exe [2012-12-19 13:54:26 | 000,000,512 | ---- | M] () -- C:\Users\Mr Fox\Desktop\MBR.dat [2012-12-19 13:49:36 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Mr Fox\Desktop\aswMBR.exe [2012-12-19 13:19:30 | 000,142,995 | ---- | M] () -- C:\Users\Mr Fox\Desktop\1.png [2012-12-19 12:58:01 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Mr Fox\Desktop\dds.com [2012-12-19 12:57:06 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012-12-19 12:52:13 | 000,508,159 | ---- | M] () -- C:\Users\Mr Fox\Desktop\Sem Título.png [2012-12-18 21:28:26 | 000,000,974 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4020319423-4195463559-611360456-1000Core.job [2012-12-17 08:11:04 | 000,001,737 | ---- | M] () -- C:\Users\Mr Fox\Desktop\PES - 2012.lnk [2012-12-15 21:48:05 | 003,023,160 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012-12-15 11:23:18 | 000,001,682 | ---- | M] () -- C:\Users\Mr Fox\Desktop\Photoshop.exe - Atalho.lnk [2012-12-15 10:11:31 | 000,001,638 | ---- | M] () -- C:\Users\Mr Fox\Desktop\battleship_v7.sln [2012-12-08 21:05:44 | 000,000,190 | ---- | M] () -- C:\Users\Mr Fox\.packettracer [2012-12-08 18:32:57 | 000,001,243 | ---- | M] () -- C:\Users\Mr Fox\Desktop\Cisco Packet Tracer.lnk [2012-11-27 18:55:29 | 000,001,495 | ---- | M] () -- C:\Users\Mr Fox\Desktop\Visual Studio 2010 - Atalho.lnk [2012-11-22 20:15:12 | 144,600,276 | ---- | M] () -- C:\Users\Mr Fox\Desktop\Rltion.1.09.rar ========== Files Created - No Company Name ========== [2012-12-20 09:00:01 | 000,003,280 | ---- | C] () -- C:\bootsqm.dat [2012-12-19 20:47:27 | 000,165,376 | ---- | C] () -- C:\Users\Mr Fox\Desktop\SystemLook_x64.exe [2012-12-19 20:15:30 | 000,151,619 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat [2012-12-19 20:15:29 | 000,107,075 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat [2012-12-19 16:45:24 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012-12-19 16:45:24 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012-12-19 16:45:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012-12-19 16:45:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012-12-19 16:45:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012-12-19 13:54:26 | 000,000,512 | ---- | C] () -- C:\Users\Mr Fox\Desktop\MBR.dat [2012-12-19 13:19:30 | 000,142,995 | ---- | C] () -- C:\Users\Mr Fox\Desktop\1.png [2012-12-19 12:57:06 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012-12-19 12:52:13 | 000,508,159 | ---- | C] () -- C:\Users\Mr Fox\Desktop\Sem Título.png [2012-12-17 08:11:04 | 000,001,737 | ---- | C] () -- C:\Users\Mr Fox\Desktop\PES - 2012.lnk [2012-12-15 19:20:06 | 000,001,638 | ---- | C] () -- C:\Users\Mr Fox\Desktop\battleship_v7.sln [2012-12-15 11:23:18 | 000,001,682 | ---- | C] () -- C:\Users\Mr Fox\Desktop\Photoshop.exe - Atalho.lnk [2012-12-08 18:33:48 | 000,000,190 | ---- | C] () -- C:\Users\Mr Fox\.packettracer [2012-12-08 18:32:57 | 000,001,243 | ---- | C] () -- C:\Users\Mr Fox\Desktop\Cisco Packet Tracer.lnk [2012-11-22 19:28:08 | 144,600,276 | ---- | C] () -- C:\Users\Mr Fox\Desktop\Rltion.1.09.rar [2012-09-22 16:12:22 | 001,616,042 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012-08-06 13:31:58 | 000,017,408 | ---- | C] () -- C:\Users\Mr Fox\AppData\Local\WebpageIcons.db [2012-08-06 12:29:14 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011-09-28 16:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat ========== ZeroAccess Check ========== [2012-12-19 16:32:55 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{051459fb-50a4-d889-e47e-57281b7548f6}\L [2012-12-19 16:32:55 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{051459fb-50a4-d889-e47e-57281b7548f6}\U [2009-07-14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012-06-09 05:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012-09-21 14:19:12 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software [2012-09-21 14:19:12 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software [2012-10-25 22:01:17 | 000,000,000 | ---D | M] -- C:\Users\Mr Fox\AppData\Roaming\AC3Filter [2012-08-06 18:09:38 | 000,000,000 | ---D | M] -- C:\Users\Mr Fox\AppData\Roaming\Babylon [2012-12-20 09:30:41 | 000,000,000 | ---D | M] -- C:\Users\Mr Fox\AppData\Roaming\BitTorrent [2012-08-12 18:59:45 | 000,000,000 | ---D | M] -- C:\Users\Mr Fox\AppData\Roaming\BSplayer [2012-08-06 17:48:52 | 000,000,000 | ---D | M] -- C:\Users\Mr Fox\AppData\Roaming\BSplayer Pro [2012-08-21 21:46:11 | 000,000,000 | ---D | M] -- C:\Users\Mr Fox\AppData\Roaming\Bump Technologies, Inc [2012-09-22 16:01:25 | 000,000,000 | ---D | M] -- C:\Users\Mr Fox\AppData\Roaming\DAEMON Tools Pro [2012-12-20 10:48:18 | 000,000,000 | ---D | M] -- C:\Users\Mr Fox\AppData\Roaming\Dropbox [2012-11-21 21:19:02 | 000,000,000 | ---D | M] -- C:\Users\Mr Fox\AppData\Roaming\DVDVideoSoft [2012-11-21 21:18:52 | 000,000,000 | ---D | M] -- C:\Users\Mr Fox\AppData\Roaming\DVDVideoSoftIEHelpers [2012-10-24 23:22:43 | 000,000,000 | ---D | M] -- C:\Users\Mr Fox\AppData\Roaming\Firefly Studios [2012-08-06 15:00:36 | 000,000,000 | ---D | M] -- C:\Users\Mr Fox\AppData\Roaming\InterTrust [2012-10-19 14:58:11 | 000,000,000 | ---D | M] -- C:\Users\Mr Fox\AppData\Roaming\Notepad++ [2012-09-22 16:00:02 | 000,000,000 | ---D | M] -- C:\Users\Mr Fox\AppData\Roaming\OpenCandy [2012-09-06 09:08:06 | 000,000,000 | ---D | M] -- C:\Users\Mr Fox\AppData\Roaming\TuneUp Software [2012-08-21 22:26:31 | 000,000,000 | ---D | M] -- C:\Users\Mr Fox\AppData\Roaming\Windows Live Writer ========== Purity Check ========== < End of report >
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.