Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Unable to conect except via proxy

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unable to conect except via proxy

Unread postby gdot » July 19th, 2008, 8:09 am

Hi.

Brand new to the forum, I find I can't access it directly; only via a proxy server (right now, anonymouse) the page shows.

Entering "http://www.malwareremoval.com" or "http://forum.malwareremoval.com/" either in FF or IE brings a strange error (not the usual 404): "The network link was interrupted while negotiating a conection. Please try again".

After 3 days trying, I decided to go via proxy.

TIA
Abçs.
g.

-----------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:00:08, on 19/7/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Arquivos de programas\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Arquivos de programas\OO Software\CleverCache\ooccag.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Alwil Software\Avast4\ashDisp.exe
C:\Arquivos de programas\OO Software\CleverCache\OOCCCTRL.EXE
C:\Arquivos de programas\TweakRAM\TweakRAM.exe
C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
C:\Arquivos de programas\SpywareGuard\sgmain.exe
C:\Arquivos de programas\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\ProcessExplorer_11.11\procexp.exe
C:\Arquivos de programas\Qualcomm\Eudora\Eudora.exe
C:\Arquivos de programas\EyeLoveU 3.5\ELU.exe
C:\Arquivos de programas\GridMove\GridMove.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\FlashGet\flashget.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://google.com.br
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.transconsult.com.br
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://google.com.br
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://google.com.br
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.com.br
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.com.br
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.transconsult.com.br
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = http://google.com.br
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://google.com.br
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://google.com.br
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Arquivos de programas\FlashGet\jccatch.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Arquivos de programas\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\ARQUIV~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\ARQUIV~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [avast!] "C:\Arquivos de programas\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [OOCCCTRL.EXE] "C:\Arquivos de programas\OO Software\CleverCache\OOCCCTRL.EXE" /tasktray
O4 - HKCU\..\Run: [TweakRAM] C:\Arquivos de programas\TweakRAM\TweakRAM.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: EyeLoveU.lnk.disabled
O4 - Startup: SpywareGuard.lnk = C:\Arquivos de programas\SpywareGuard\sgmain.exe
O4 - Global Startup: EyeLoveU.lnk.disabled
O4 - Global Startup: SpywareGuard.lnk = C:\Arquivos de programas\SpywareGuard\sgmain.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Arquivos de programas\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Arquivos de programas\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/ ... 0274552997
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 8130972218
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/p ... ginABN.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Arquivos de programas\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe
O23 - Service: Network Time Protocol Daemon (NTP) - Unknown owner - C:\Arquivos de programas\NTP\bin\ntpd.exe
O23 - Service: O&O CleverCache Agent (OOCleverCacheAgent) - O&O Software GmbH - C:\Arquivos de programas\OO Software\CleverCache\ooccag.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 9215 bytes
gdot
Active Member
 
Posts: 9
Joined: July 19th, 2008, 7:50 am
Location: Rio de Janeiro, Brazil
Advertisement
Register to Remove

Re: Unable to conect except via proxy

Unread postby Katana » July 22nd, 2008, 6:21 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.


Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those three things, everything should go smoothly :D

I apologize for the delay in responding, but as you can probably see the forums are quite busy.
Unfortunately there are far more people needing help than there are helpers.

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe


----------------------------------------------------------------------------------------


Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:

Bleeping Computer ComboFix Tutorial

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper




Installed Programs

Please could you give me a list of the programs that are installed.
  • Start HijackThis
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.
You will see a list with the programs installed in your computer.
Click on save list button and specify where you would like to save this file.
When you press Save button a notepad will open with the contents of that file.
Simply copy and paste the contents of that notepad into your next post.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Unable to conect except via proxy

Unread postby gdot » July 22nd, 2008, 9:56 am

Hi Katana. Thank's for your support.

FWIW, the only issue is I can't reach Malwareremoval directly (timeout error), but only via proxy (using Anonymouse for this communication).

SpyBot S&D, MalwareBytes' AntiMalware, SpywareBlaster, SpywareGuard, !avast AV up and running resident. Also, I'm one of the believers that "there's no place like 127.0.0.1" and use mvps.org's hosts list.

SpyBot S&D and MalwareBytes' AntiMalware reports me as clean.

COMBOFIX

Re-installed Windows Security Mode (just to make sure I had the latest version) downloaded and ran ComboFix, following the instructions in <http://www.bleepingcomputer.com/combofix/how-to-use-combofix>.

The scan started normally and went untill the "ComboFix changed clock settings (...) willll be restored later" message. About 10 sec after, all dektop icons, status bar, toolbar, systray etc disappeared leaving only the wallpaper and ComboFix screen. Shortly after, the monitor turned into the mess of blurred blue rectangles (I was unable to update via proxy, but you can see a picture of the monitor at:
<http://www.transconsult.com.br/StallScreen_small.JPG> 59kB
or, in case you need a detailled look, :D
<http://www.transconsult.com.br/StallScreen_big.JPG> 1.5Mb).

StallScreen_small.JPG


The puter apparently stalled -- although the fan at full throttle could lead to suspect intense processor activity going on.

After taking the picture, I took the picture, powered-off brute force (via power button), powered on and the machine booted as usual -- no chkdsk, no "advanced boot options" screen. A smooth, normal, fresh boot.

Re-launched ComboFix, which appeared to resume analysis (skipped the few initial steps -- including the "run at your own risk" warning -- went straight to registry backup) the same stall took place.This time I ignored the stall and nagging screen and left the puter on (again, thew only sign of activity was the full throttle fan) running for about 75min.

Powered off and on and collected a new Hijack this scan report and the "installed programs" log you requested.

TIA & Regards.
g.

--- HJ this installed programs log---
Adobe Acrobat 8.1.2 Professional
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
AIKO 76E
Arquivo do WinRAR
Atualização de Segurança para o Windows Media Player 11 (KB936782)
Atualização de Segurança para Windows Internet Explorer 7 (KB938127)
Atualização de Segurança para Windows Internet Explorer 7 (KB950759)
Atualização de Segurança para Windows XP (KB923789)
Atualização de Segurança para Windows XP (KB941569)
Atualização de Segurança para Windows XP (KB950760)
Atualização de Segurança para Windows XP (KB950762)
Atualização de Segurança para Windows XP (KB951376)
Atualização de Segurança para Windows XP (KB951376-v2)
Atualização de Segurança para Windows XP (KB951698)
Atualização de Segurança para Windows XP (KB951748)
Atualização para Windows XP (KB951978)
Avanquest update
avast! Antivirus
Babylon
Better File Rename 5.1
Cliente do Windows Rights Management com Service Pack 2
Compatibilidade com Versões Anteriores do Cliente do Windows Rights Management SP2
Conexant HD Audio
CoolSMS 2.06 beta
CrossLoop 2.20
CuteFTP 8 Professional
Deja Vu X
Diskeeper 2008 Pro Premier
Eudora
EyeLoveU 3.5.4
FlashGet(JetCar)
Fresh RAM
Google Earth
GridMove V1.19.53
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix para o Windows Media Player 11 (KB939683)
Hotfix para Windows Internet Explorer 7 (KB947864)
HP Image Zone 3.5
HP PSC & OfficeJet 3.5
HP Software Update
HP USB Disk Storage Format Tool
Java(TM) 6 Update 5
jv16 PowerTools 2008
Leitor Digital 2.1.1
LogMeIn
Magic ISO Maker v5.5 (build 0261)
Malwarebytes' Anti-Malware
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Brazilian Portuguese Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Language Pack - PTB
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Brazilian Portuguese Language Pack
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edição 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Motorola Driver Installation
Motorola Phone Tools
Mozilla Firefox (2.0.0.14)
Mozilla Firefox (3.0.1)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
Nero 8
neroxml
Network Time Protocol
O&O CleverCache
Pacote de Idiomas do Português (Brasil) para Microsoft .NET Framework 3.0
Pacote de Provedor de Serviços de Criptografia para o Microsoft Base Smart Card
palmOne
Panda ActiveScan 2.0
PDF Password Remover v3.0
PhotoScape
Power Manager 2.2.1
RealPlayer
ScanSoft OmniPage 16
ScanSoft PDF Create! 4
SDL TRADOS 7 Freelance
SDLX
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Skype™ 3.8
Soft Data Fax Modem with SmartCP
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
SpywareBlaster 4.1
SpywareGuard v2.2
The Bat! Professional v4.0.20
Total Uninstall 4.8.0
Trillian
TweakRAM
VCRedistSetup
VeryPDF PDF2Word v3.0
VIA Gerenciador de dispositivo de plataforma
VIA Rhine-Family Fast-Ethernet Adapter
VIA/S3G Display Driver 6.14.10.0078
Windows Imaging Component
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Presentation Foundation Language Pack (PTB)
Windows Workflow Foundation BR Language Pack
Windows XP Service Pack 3
XML Paper Specification Shared Components Language Pack 1.0
--------------------------------

--- HJThis "usual" log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:37, on 2008-07-22
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Arquivos de programas\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Arquivos de programas\OO Software\CleverCache\ooccag.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashDisp.exe
C:\Arquivos de programas\OO Software\CleverCache\OOCCCTRL.EXE
C:\Arquivos de programas\TweakRAM\TweakRAM.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
C:\Arquivos de programas\SpywareGuard\sgmain.exe
C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamtrayctrl.exe
C:\Arquivos de programas\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\ProcessExplorer_11.11\procexp.exe
C:\Arquivos de programas\Qualcomm\Eudora\Eudora.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\GridMove\GridMove.exe
C:\Arquivos de programas\EyeLoveU 3.5\ELU.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe
C:\Arquivos de programas\GlobalSCAPE\CuteFTP 8 Professional\cuteftppro.exe
C:\Arquivos de programas\GlobalSCAPE\CuteFTP 8 Professional\ftpte.exe

R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://google.com.br
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.transconsult.com.br
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://google.com.br
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://google.com.br
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.com.br
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.com.br
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.transconsult.com.br
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = http://google.com.br
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://google.com.br
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://google.com.br
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Arquivos de programas\FlashGet\jccatch.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Arquivos de programas\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\ARQUIV~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\ARQUIV~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [avast!] "C:\Arquivos de programas\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [OOCCCTRL.EXE] "C:\Arquivos de programas\OO Software\CleverCache\OOCCCTRL.EXE" /tasktray
O4 - HKCU\..\Run: [TweakRAM] C:\Arquivos de programas\TweakRAM\TweakRAM.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: EyeLoveU.lnk.disabled
O4 - Global Startup: SpywareGuard.lnk = C:\Arquivos de programas\SpywareGuard\sgmain.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Arquivos de programas\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Arquivos de programas\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/ ... 0274552997
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 8130972218
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/p ... ginABN.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Arquivos de programas\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe
O23 - Service: Network Time Protocol Daemon (NTP) - Unknown owner - C:\Arquivos de programas\NTP\bin\ntpd.exe
O23 - Service: O&O CleverCache Agent (OOCleverCacheAgent) - O&O Software GmbH - C:\Arquivos de programas\OO Software\CleverCache\ooccag.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 9456 bytes
You do not have the required permissions to view the files attached to this post.
gdot
Active Member
 
Posts: 9
Joined: July 19th, 2008, 7:50 am
Location: Rio de Janeiro, Brazil

Re: Unable to conect except via proxy

Unread postby gdot » July 22nd, 2008, 9:59 am

:?: I now see that, despite the error message, the picture made its way through... :?:
gdot
Active Member
 
Posts: 9
Joined: July 19th, 2008, 7:50 am
Location: Rio de Janeiro, Brazil

Re: Unable to conect except via proxy

Unread postby Katana » July 22nd, 2008, 10:11 am

Disable Teatimer
First step:
  • Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
  • If you have the new version 1.5, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
  • If you have Version 1.4, Click on Exit Spybot S&D Resident
Second step, For Either Version :
  • Open Spybot S&D
  • Click Mode, choose Advanced Mode
  • Go To the bottom of the Vertical Panel on the Left, Click Tools
  • then, also in left panel, click Resident shows a red/white shield.
  • If your firewall raises a question, say OK
  • In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
  • OK any prompts.
  • Use File, Exit to terminate Spybot
  • Reboot your machine for the changes to take effect.


Run ComboFix using these instructions:

Click the Windows 'Start' button > Select 'Run' - then copy/paste the following bolded text into the run box & click OK.

"%userprofile%\desktop\combofix.exe" /killall

When finished, it shall produce a log for you. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Unable to conect except via proxy

Unread postby gdot » July 22nd, 2008, 11:48 am

Hi, Katana.

Again, thanks for the prompt attention.

I had followed the instructions on the "how to use ComboFix" webpage and had already killed all unnecessary running processes -- including AV and antispy, hence, SPyBot & TTimer -- before running ComboFix the first time.

Still stuck at the blue screen (managed to get a log: "INVALID_KERNEL_HANDLE" and a STOP note with a bunch of 0X000??? that vary each time ComboFix stalls.

As the stall happens just after CFix changes the clock, I disabled automatic clock adjustment -- also useless.

Also, running it with /killall didn't seem to change the bevaior -- the "use at your own risk" warning etc., are skipped and it the program goes straight to registry backup.

TIA.
Abçs.
g.
gdot
Active Member
 
Posts: 9
Joined: July 19th, 2008, 7:50 am
Location: Rio de Janeiro, Brazil

Re: Unable to conect except via proxy

Unread postby Katana » July 22nd, 2008, 12:08 pm

Very curious ???



Download and Run SD Fix

Please download SDFix( by andymanchesta ) and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F5 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log


Deckard's System Scanner (DSS)

Please download Deckard's System Scanner (DSS) to your Desktop.
Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Unable to conect except via proxy

Unread postby gdot » July 22nd, 2008, 1:15 pm

Problem solved. Although SDFix did not find any trojans, I'm now able to connect to malwareremoval directly.

Regards.
g.

----------------------------
SDFix: Version 1.207
Run by Guilherme on 2008-07-22 at 13:48

Microsoft Windows XP [versÆo 5.1.2600]
Running From: C:\DOCUME~1\GUILHE~1\Desktop\SDFix\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-22 13:56:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\GbpSv]
"Type"=dword:00000010
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=str(2):"C:\ARQUIV~1\GbPlugin\GbpSv.exe"
"DisplayName"="Gbp Service"
"Group"="GbPlugin Group"
"ObjectName"="LocalSystem"
"Description"="Service for G-Buster Browser Defense"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\GbpSv\Security]
"Security"=hex:01,00,14,80,88,00,00,00,94,00,00,00,14,00,00,00,30,00,00,00,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Arquivos de programas\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:c2,b7,54,6b,0a,8c,c3,48,64,87,dc,8a,51,ab,e6,80,7f,02,e1,bc,31,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Arquivos de programas\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:9c,78,8c,8b,c9,ff,74,ea,81,cb,f6,41,6b,a0,99,7a,3b,67,96,01,ec,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\GbpSv]
"Type"=dword:00000010
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=str(2):"C:\ARQUIV~1\GbPlugin\GbpSv.exe"
"DisplayName"="Gbp Service"
"Group"="GbPlugin Group"
"ObjectName"="LocalSystem"
"Description"="Service for G-Buster Browser Defense"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\GbpSv\Security]
"Security"=hex:01,00,14,80,88,00,00,00,94,00,00,00,14,00,00,00,30,00,00,00,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Arquivos de programas\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:c2,b7,54,6b,0a,8c,c3,48,64,87,dc,8a,51,ab,e6,80,7f,02,e1,bc,31,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
"OOCC06.00.00.01WSSV"="38AB515B94D53CF012CA07B325D23D81D3AE4BCA04DB88EAB1618EBC150F5854B6B761987737673119DE69F6389A9162D8652C2463D4C5E2BC64284FE03FC30292AD3E571F6C32BA4190E41E9235F489322BB8F17D506A6002CE4D80907BE0A408705ADF553AED39282B3222EB1F8E23F8D50D7F95A310B3B61F9D0D9493DCC98BC8FBFC550B829D1D625CFC6B7B9620F99F1B99614A68ED45BA11B0507BFD4541E43E00D0E8E61BA34B4333B18E5D383528A6128DE4B4E549E670309DCB9BAD06D210BA6C062AAAF25E99C65042C4E0DE71C7BD38B34D3495D059D1C63F21DEE7093506C2B86B08767969404DA542DA5FE2EC76F39F1D38B085BC60FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B555A6171C11EC38DE3DA6171C11EC38DE3D7E920D0390F81B319CABB43014662D3C568F0565496DB2B9A9DBBD09132FEEE53F8E936E15559D716EDD22082D3681B71E252CA43006D80573D8A93E05170770C71A2CD687352E3CFBCA8BE8BAFB76500F3969644ED2C442105C013FF46CABE8579DC41209D5B28191B1D347FA1E76E9A08536D91F87086546B66F223BC6AD749E2160B86CDA64376D74715E5FE8BC6A3F649D8050360366CD5C38456025B5BBC35214A83C494FD9449BF12D8E8ADDBC4A554098C5D8ED4055E62FC7A668C0EC61058B02B40D54E23BD0727360983E4F16FD53A594C9D272FB92BD0D01D41D36852E04AAC4F329576FE2A63A648798156B251EEC084A110157C1E1BD9515704EB1E64F4C92B0553B6CC5D6C95AB3F9858537FDFA9EFEDA74F0F6ACC741B6306C5DEDD5D276D7B597B890DD30385D439914C3E01E0AF0B6D6C55CC3D7132A2A4E70A4106F7CE5FBFBCAFC2A4027A8AC51BAFE4D6AB28B003946BEDEE5CFC5FBB44A918C99E539AB798CE93F90069ABD2E93BFDA37312065AED78F4CA76D429BE23C5FED86A5139FA4DC5B367AE4A055B72984369ED461E9CED3E26D1997BC4FA10D59EAB7659A82180FF6379C0A8824F7FAE91F00A069E3B40772B77BADB7B3BEF5734CEA025AD5F06B0984D86F87327EFEB569FECAB3FD80321BB453C497B80BA6C272A68BC0EE512B00EF55C034D65C9BCFFD82BCA138D60BDB0067A226A1D93E82CDB3471FF55E7E6D60FB6209412AAD4359B4177663DDB95C4CC3C3128505558E65A0AB2C6742870AD17B67E5F20204C18B86AADBA7C25BE3DF3BD76A5269F56A533C6704942B5E30D3469A0FC102E31C392A7EDCFE338160115F41A5C5E59BBBC59DDA2323C90D5E0991F8AB57CC05CD9917CCEAB96431614F08991EF360BA4B009C98EC8AD214B7A958B446B00914707A880559780DE29C1C53A910C5413888D6D76BA69603E403FED7B24FA0E1AFC4BAFC"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000052
"TracesSuccessful"=dword:00000006
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710
source file error: C:\Documents and Settings\Guilherme\ntuser.dat

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Arquivos de programas\\Trillian\\trillian.exe"="C:\\Arquivos de programas\\Trillian\\trillian.exe:*:Enabled:Trillian"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Arquivos de programas\\GlobalSCAPE\\CuteFTP 8 Professional\\ftpte.exe"="C:\\Arquivos de programas\\GlobalSCAPE\\CuteFTP 8 Professional\\ftpte.exe:*:Enabled:FTP Transfer Engine"
"C:\\Arquivos de programas\\CrossLoop\\CrossLoopConnect.exe"="C:\\Arquivos de programas\\CrossLoop\\CrossLoopConnect.exe:*:Enabled:CrossLoop - Simple Secure Screen Sharing"
"C:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"="C:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"="C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\WINDOWS\\system32\\HTTPCaller.exe"="C:\\WINDOWS\\system32\\HTTPCaller.exe:*:Enabled:Unopar - Componente de chamada HTTP"

Remaining Files :



Files with Hidden Attributes :

Thu 8 May 2008 293 A.SHR --- "C:\BOOT.BAK"
Sun 13 Apr 2008 1,695,232 ..SH. --- "C:\Arquivos de programas\Messenger\msmsgs.exe"
Sun 13 Apr 2008 60,416 A.SH. --- "C:\Arquivos de programas\Outlook Express\msimn.exe"
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Arquivos de programas\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Arquivos de programas\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe"
Sun 13 Apr 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Mon 16 Jun 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD0011.tmp"
Mon 16 Jun 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD0065.tmp"
Mon 16 Jun 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD0078.tmp"
Mon 12 May 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD0083.tmp"
Mon 16 Jun 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD0098.tmp"
Mon 16 Jun 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD0188.tmp"
Mon 16 Jun 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD0287.tmp"
Mon 12 May 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD0348.tmp"
Mon 12 May 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD0349.tmp"
Mon 16 Jun 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD0358.tmp"
Mon 16 Jun 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD0438.tmp"
Mon 16 Jun 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD0492.tmp"
Mon 16 Jun 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD0554.tmp"
Mon 16 Jun 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD0645.tmp"
Mon 16 Jun 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD0756.tmp"
Mon 16 Jun 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD0858.tmp"
Mon 16 Jun 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD0907.tmp"
Mon 16 Jun 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD0953.tmp"
Mon 16 Jun 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD1011.tmp"
Mon 16 Jun 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD1149.tmp"
Mon 16 Jun 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD1193.tmp"
Mon 16 Jun 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD1209.tmp"
Mon 16 Jun 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD1262.tmp"
Mon 16 Jun 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD1398.tmp"
Mon 16 Jun 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD1406.tmp"
Mon 16 Jun 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD1451.tmp"
Mon 16 Jun 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD1488.tmp"
Mon 16 Jun 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD1519.tmp"
Mon 16 Jun 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD1535.tmp"
Mon 16 Jun 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD1571.tmp"
Mon 16 Jun 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD1596.tmp"
Mon 16 Jun 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD1712.tmp"
Mon 16 Jun 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD1840.tmp"
Mon 16 Jun 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD1851.tmp"
Mon 12 May 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD1872.tmp"
Mon 16 Jun 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD1966.tmp"
Mon 16 Jun 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD2037.tmp"
Mon 16 Jun 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD2131.tmp"
Mon 16 Jun 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD2133.tmp"
Mon 12 May 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD2170.tmp"
Mon 12 May 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD2278.tmp"
Mon 16 Jun 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD2292.tmp"
Mon 16 Jun 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD2300.tmp"
Mon 12 May 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD2338.tmp"
Mon 12 May 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD2416.tmp"
Mon 16 Jun 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD2447.tmp"
Mon 12 May 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD2459.tmp"
Mon 16 Jun 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD2471.tmp"
Mon 16 Jun 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD2487.tmp"
Mon 12 May 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD2637.tmp"
Mon 16 Jun 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD2649.tmp"
Mon 16 Jun 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD2720.tmp"
Mon 16 Jun 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD2755.tmp"
Mon 12 May 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD2816.tmp"
Mon 16 Jun 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD2865.tmp"
Mon 16 Jun 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD2875.tmp"
Mon 12 May 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD2888.tmp"
Mon 16 Jun 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD2896.tmp"
Mon 16 Jun 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD2926.tmp"
Mon 16 Jun 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD2928.tmp"
Mon 16 Jun 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD2973.tmp"
Mon 16 Jun 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD3210.tmp"
Mon 16 Jun 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD3246.tmp"
Mon 16 Jun 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD3261.tmp"
Mon 16 Jun 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD3283.tmp"
Mon 12 May 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD3376.tmp"
Mon 16 Jun 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD3388.tmp"
Mon 16 Jun 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD3410.tmp"
Mon 12 May 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD3413.tmp"
Mon 12 May 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD3470.tmp"
Mon 16 Jun 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD3471.tmp"
Mon 12 May 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD3543.tmp"
Mon 12 May 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD3555.tmp"
Mon 12 May 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD3674.tmp"
Mon 16 Jun 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD3675.tmp"
Mon 16 Jun 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD3685.tmp"
Mon 16 Jun 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD3703.tmp"
Mon 12 May 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD3753.tmp"
Mon 16 Jun 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD3782.tmp"
Mon 16 Jun 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD3784.tmp"
Mon 12 May 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD3845.tmp"
Mon 12 May 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD3848.tmp"
Mon 16 Jun 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD3856.tmp"
Mon 16 Jun 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD3881.tmp"
Mon 12 May 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD3905.tmp"
Mon 16 Jun 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD3970.tmp"
Sun 6 Jul 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD3993.tmp"
Mon 16 Jun 2008 162 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~$RD4024.tmp"
Mon 16 Jun 2008 4,738,048 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~WRD0011.tmp"
Mon 16 Jun 2008 5,056,000 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~WRD0065.tmp"
Mon 16 Jun 2008 5,270,528 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~WRD0078.tmp"
Mon 12 May 2008 27,068,928 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~WRD0083.tmp"
Mon 16 Jun 2008 5,021,184 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~WRD0098.tmp"
Mon 16 Jun 2008 5,277,696 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~WRD0188.tmp"
Mon 16 Jun 2008 5,090,304 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~WRD0287.tmp"
Mon 12 May 2008 13,715,968 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~WRD0348.tmp"
Mon 12 May 2008 26,066,944 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~WRD0349.tmp"
Mon 16 Jun 2008 4,965,376 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~WRD0438.tmp"
Mon 16 Jun 2008 5,288,448 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~WRD0492.tmp"
Mon 16 Jun 2008 5,050,880 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~WRD0554.tmp"
Mon 16 Jun 2008 5,276,160 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~WRD0645.tmp"
Mon 16 Jun 2008 5,109,248 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~WRD0756.tmp"
Mon 16 Jun 2008 5,302,784 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~WRD0858.tmp"
Mon 16 Jun 2008 5,015,552 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~WRD0907.tmp"
Mon 16 Jun 2008 5,307,392 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~WRD0953.tmp"
Mon 16 Jun 2008 5,043,712 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~WRD1011.tmp"
Mon 16 Jun 2008 5,126,656 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~WRD1193.tmp"
Mon 16 Jun 2008 4,986,368 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~WRD1209.tmp"
Mon 16 Jun 2008 4,702,208 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~WRD1262.tmp"
Mon 16 Jun 2008 5,193,216 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~WRD1488.tmp"
Mon 16 Jun 2008 5,039,104 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~WRD1519.tmp"
Mon 16 Jun 2008 4,692,480 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~WRD1535.tmp"
Mon 16 Jun 2008 5,010,432 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~WRD1571.tmp"
Mon 16 Jun 2008 5,150,720 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~WRD1596.tmp"
Mon 16 Jun 2008 4,678,144 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~WRD1712.tmp"
Mon 16 Jun 2008 4,953,088 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~WRD1840.tmp"
Mon 16 Jun 2008 5,351,936 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~WRD1851.tmp"
Mon 12 May 2008 15,281,664 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~WRD1872.tmp"
Mon 16 Jun 2008 5,363,200 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~WRD1966.tmp"
Mon 16 Jun 2008 4,980,736 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~WRD2131.tmp"
Mon 16 Jun 2008 5,005,824 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~WRD2133.tmp"
Mon 12 May 2008 13,675,520 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~WRD2170.tmp"
Mon 12 May 2008 24,510,464 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~WRD2278.tmp"
Mon 16 Jun 2008 5,364,736 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~WRD2300.tmp"
Mon 16 Jun 2008 5,355,008 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~WRD2447.tmp"
Mon 12 May 2008 27,057,664 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~WRD2459.tmp"
Mon 16 Jun 2008 5,186,048 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~WRD2471.tmp"
Mon 16 Jun 2008 4,686,336 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~WRD2487.tmp"
Mon 16 Jun 2008 4,947,968 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~WRD2649.tmp"
Mon 16 Jun 2008 5,272,576 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~WRD2720.tmp"
Mon 16 Jun 2008 4,854,272 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~WRD2755.tmp"
Mon 16 Jun 2008 5,210,112 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~WRD2865.tmp"
Mon 16 Jun 2008 5,350,912 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~WRD2896.tmp"
Mon 16 Jun 2008 4,975,616 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~WRD2928.tmp"
Mon 16 Jun 2008 5,020,672 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~WRD2973.tmp"
Mon 16 Jun 2008 5,027,840 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~WRD3210.tmp"
Mon 16 Jun 2008 4,942,848 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~WRD3246.tmp"
Mon 16 Jun 2008 5,227,520 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~WRD3283.tmp"
Mon 12 May 2008 21,900,800 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~WRD3376.tmp"
Mon 16 Jun 2008 5,340,672 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~WRD3388.tmp"
Mon 16 Jun 2008 5,048,320 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~WRD3410.tmp"
Mon 12 May 2008 21,894,656 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~WRD3413.tmp"
Mon 12 May 2008 21,894,144 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~WRD3470.tmp"
Mon 12 May 2008 19,661,312 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~WRD3543.tmp"
Mon 12 May 2008 21,894,144 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~WRD3674.tmp"
Mon 16 Jun 2008 5,064,704 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~WRD3685.tmp"
Mon 16 Jun 2008 4,950,016 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~WRD3703.tmp"
Mon 12 May 2008 24,145,408 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~WRD3753.tmp"
Mon 16 Jun 2008 4,996,608 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~WRD3782.tmp"
Mon 16 Jun 2008 5,278,720 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~WRD3784.tmp"
Mon 12 May 2008 19,473,408 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~WRD3848.tmp"
Mon 16 Jun 2008 5,065,216 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~WRD3856.tmp"
Mon 16 Jun 2008 4,970,496 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~WRD3881.tmp"
Mon 12 May 2008 19,661,312 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~WRD3905.tmp"
Mon 16 Jun 2008 4,937,728 A..H. --- "C:\Documents and Settings\Guilherme\Configura‡äes locais\Temporary Internet Files\Content.Word\~WRD4024.tmp"

Finished!
gdot
Active Member
 
Posts: 9
Joined: July 19th, 2008, 7:50 am
Location: Rio de Janeiro, Brazil

Re: Unable to conect except via proxy

Unread postby Katana » July 22nd, 2008, 1:39 pm

Please try ComboFix again, if it still doesn't work then try the DSS tool
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Unable to conect except via proxy

Unread postby gdot » July 23rd, 2008, 9:27 pm

Hi, Katana.

Thank you for the support and patience.

Back to proxy... Today I was, again, unable to reach MalwareRemoval.com directly. Thoroughly checked the hosts file, but didn't find MalwareRemoval over there.

Combo Fix stalled again. At least a nice, creative dotted blue screen instead of the hideous NT blue screen...

Here goes DSS and HJThis reports.

Deckard's System Scanner v20071014.68
Run by Guilherme on 2008-07-23 22:15:12
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Guilherme.exe) -------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:15, on 2008-07-23
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Alwil Software\Avast4\ashDisp.exe
C:\Arquivos de programas\OO Software\CleverCache\OOCCCTRL.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Arquivos de programas\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Arquivos de programas\TweakRAM\TweakRAM.exe
C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
C:\Arquivos de programas\SpywareGuard\sgmain.exe
C:\Arquivos de programas\SpamPal\spampal.exe
C:\Arquivos de programas\OO Software\CleverCache\ooccag.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\SpywareGuard\sgbhp.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamtrayctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\ProcessExplorer_11.11\procexp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Guilherme\Desktop\Dackard'sSystemScanner_dss.exe
C:\ARQUIV~1\Trend Micro\HijackThis\Guilherme.exe

R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://google.com.br
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.transconsult.com.br
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://google.com.br
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://google.com.br
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.com.br
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.com.br
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.transconsult.com.br
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = http://google.com.br
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://google.com.br
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://google.com.br
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Arquivos de programas\FlashGet\jccatch.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Arquivos de programas\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\ARQUIV~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\ARQUIV~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [avast!] "C:\Arquivos de programas\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [OOCCCTRL.EXE] "C:\Arquivos de programas\OO Software\CleverCache\OOCCCTRL.EXE" /tasktray
O4 - HKCU\..\Run: [TweakRAM] C:\Arquivos de programas\TweakRAM\TweakRAM.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: SpamPal.lnk = C:\Arquivos de programas\SpamPal\spampal.exe
O4 - Global Startup: EyeLoveU.lnk.disabled
O4 - Global Startup: SpywareGuard.lnk = C:\Arquivos de programas\SpywareGuard\sgmain.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Arquivos de programas\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Arquivos de programas\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/ ... 0274552997
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 8130972218
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/p ... ginABN.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Arquivos de programas\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe
O23 - Service: Network Time Protocol Daemon (NTP) - Unknown owner - C:\Arquivos de programas\NTP\bin\ntpd.exe
O23 - Service: O&O CleverCache Agent (OOCleverCacheAgent) - O&O Software GmbH - C:\Arquivos de programas\OO Software\CleverCache\ooccag.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 9235 bytes

-- Files created between 2008-06-23 and 2008-07-23 -----------------------------

2008-07-22 23:23:30 0 d-------- C:\Arquivos de programas\SpamPal
2008-07-22 13:43:37 0 d-------- C:\WINDOWS\ERUNT
2008-07-22 09:06:37 0 d-------- C:\Documents and Settings\Guilherme\Start Menu
2008-07-22 09:03:32 68096 --a------ C:\WINDOWS\zip.exe
2008-07-22 09:03:32 49152 --a------ C:\WINDOWS\VFind.exe
2008-07-22 09:03:32 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-22 09:03:32 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-22 09:03:32 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-22 09:03:32 98816 --a------ C:\WINDOWS\sed.exe
2008-07-22 09:03:32 80412 --a------ C:\WINDOWS\grep.exe
2008-07-22 09:03:32 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-22 08:57:33 0 dr-hs---- C:\cmdcons
2008-07-22 08:56:55 0 d-------- C:\WINDOWS\setupupd
2008-07-20 09:56:25 0 d-------- C:\Arquivos de programas\Malwarebytes' Anti-Malware
2008-07-20 09:44:55 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-07-19 08:59:42 0 d-------- C:\Arquivos de programas\Trend Micro
2008-07-18 16:43:40 0 d-------- C:\Arquivos de programas\Panda Security
2008-07-14 15:12:55 0 d-------- C:\Documents and Settings\Guilherme\Application Data\ZTEEVDO
2008-07-11 16:19:26 22528 --a------ C:\WINDOWS\system32\RHMMPLAY.DLL <Not Verified; Blue Sky Software Corp.; WinHelp Video Player 32Bit>
2008-07-11 16:19:06 430080 --a------ C:\WINDOWS\system32\MSREPL35.DLL <Not Verified; Microsoft Corporation; Microsoft® Access>
2008-07-11 16:19:06 0 d-------- C:\Arquivos de programas\SDL International
2008-07-11 16:19:05 40960 --a------ C:\WINDOWS\system32\SSubTmr6.dll <Not Verified; vbAccelerator; SSubTmr6>
2008-07-11 16:19:05 24848 --a------ C:\WINDOWS\system32\MSJTER35.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-07-11 16:19:05 123664 --a------ C:\WINDOWS\system32\MSJINT35.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-07-11 16:19:04 252176 --a------ C:\WINDOWS\system32\MSRD2X35.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-07-11 16:19:04 1233680 --a------ C:\WINDOWS\system32\MSJT4JLT.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-07-11 16:19:03 1046288 --a------ C:\WINDOWS\system32\MSJET35.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-07-11 16:19:02 36352 --a------ C:\WINDOWS\system32\SX32W.DLL
2008-07-11 16:19:02 92672 --a------ C:\WINDOWS\system32\haspvb32.dll <Not Verified; Aladdin Knowledge Systems.; Win32 DLL for Microsoft Visual Basic>
2008-07-11 16:19:02 159744 --a------ C:\WINDOWS\system32\cNewMenu6.dll <Not Verified; vbAccelerator; vbAccelerator PopupMenu Active X DLL>
2008-07-11 16:19:02 110592 --a------ C:\WINDOWS\system32\ccrpbds6.dll <Not Verified; Common Controls Replacement Project (CCRP); CCRPBrowseDlgSvr6.BrowseDialog>
2008-07-06 07:30:53 0 d-------- C:\Documents and Settings\Guilherme\Application Data
2008-07-06 07:30:53 0 d-------- C:\Documents and Settings\Guilherme\Application Data\Microsoft
2008-07-02 10:23:46 0 d-------- C:\WINDOWS\system32\DRM
2008-06-30 09:17:06 0 d-------- C:\Arquivos de programas\Google
2008-06-24 22:40:04 0 d-------- C:\Arquivos de programas\EyeLoveU 3.5


-- Find3M Report ---------------------------------------------------------------

2008-07-23 10:58:45 0 d-------- C:\Documents and Settings\Guilherme\Dados de aplicativos\Skype
2008-07-23 08:42:13 0 d-------- C:\Arquivos de programas\Trillian
2008-07-23 08:12:34 0 d-------- C:\Documents and Settings\Guilherme\Dados de aplicativos\SpamPal
2008-07-23 00:57:08 0 d-------- C:\Arquivos de programas\FlashGet
2008-07-20 09:56:31 0 d-------- C:\Documents and Settings\Guilherme\Dados de aplicativos\Malwarebytes
2008-07-19 14:00:47 0 d-------- C:\Arquivos de programas\Fresh RAM
2008-07-17 14:57:31 0 d-------- C:\Arquivos de programas\CrossLoop
2008-07-11 16:19:02 0 d--h----- C:\Arquivos de programas\InstallShield Installation Information
2008-07-05 18:29:09 0 d-------- C:\Arquivos de programas\SpywareBlaster
2008-07-05 17:30:28 0 d-------- C:\Documents and Settings\Guilherme\Dados de aplicativos\Babylon
2008-07-05 10:21:33 0 d-------- C:\Documents and Settings\Guilherme\Dados de aplicativos\Trados
2008-07-05 08:11:37 0 d-------- C:\Arquivos de programas\Skype
2008-07-05 08:10:46 0 d-------- C:\Documents and Settings\Guilherme\Dados de aplicativos\skypePM
2008-06-30 09:19:03 0 d-------- C:\Documents and Settings\Guilherme\Dados de aplicativos\Google
2008-06-23 20:41:22 105 --a------ C:\WINDOWS\Selu305.dll
2008-06-22 13:07:23 0 d-------- C:\Arquivos de programas\Power Translator 11
2008-06-20 10:33:12 0 d-------- C:\Arquivos de programas\MagicISO
2008-06-18 13:52:09 0 d-------- C:\Arquivos de programas\TweakRAM
2008-06-16 19:14:49 0 d-------- C:\Arquivos de programas\Leitor Digital
2008-06-15 17:53:08 25992 --a------ C:\WINDOWS\system32\pgdfgsvc.exe <Not Verified; Sysinternals - http://www.sysinternals.com; Page File Defragmenter>
2008-06-15 16:00:43 0 d-------- C:\Arquivos de programas\LogMeIn
2008-06-15 13:53:11 0 d-------- C:\Arquivos de programas\SpywareGuard
2008-06-15 12:39:01 23 --ahs---- C:\WINDOWS\system32\abaddadbef7_z.dll
2008-06-15 12:38:53 0 d-------- C:\Arquivos de programas\jv16 PowerTools 2008
2008-06-13 17:49:06 0 d-------- C:\Arquivos de programas\TRADOS
2008-06-11 21:15:59 0 d-------- C:\Arquivos de programas\Arquivos comuns
2008-06-11 21:15:59 0 d-------- C:\Arquivos de programas\Arquivos comuns\Data Dynamics
2008-06-11 21:15:51 0 d-------- C:\Arquivos de programas\Arquivos comuns\ATRIL
2008-06-05 06:28:17 0 d-------- C:\Documents and Settings\Guilherme\Dados de aplicativos\Real
2008-06-05 06:23:32 0 d-------- C:\Arquivos de programas\Arquivos comuns\xing shared
2008-06-05 06:23:26 0 d-------- C:\Arquivos de programas\Arquivos comuns\Real
2008-06-05 06:22:54 0 d-------- C:\Arquivos de programas\Real
2008-06-05 05:54:21 0 d-------- C:\Arquivos de programas\GbPlugin
2008-05-31 20:49:22 0 d-------- C:\Arquivos de programas\palmOne
2008-05-31 20:21:59 0 d-------- C:\Documents and Settings\Guilherme\Dados de aplicativos\Leadertech
2008-05-31 20:16:55 0 d-------- C:\Documents and Settings\Guilherme\Dados de aplicativos\HotSync
2008-05-28 20:46:40 0 d-------- C:\Arquivos de programas\CoolSMS
2008-05-28 09:01:35 0 d-------- C:\Arquivos de programas\GridMove
2008-05-25 09:18:01 0 d-------- C:\Arquivos de programas\Microsoft Silverlight
2008-05-25 08:55:32 0 d-------- C:\Arquivos de programas\Alwil Software
2008-05-08 19:39:58 474552 --a------ C:\WINDOWS\system32\perfh016.dat
2008-05-08 19:39:58 80302 --a------ C:\WINDOWS\system32\perfc016.dat
2008-05-04 20:18:15 4990 --a------ C:\WINDOWS\system32\ukeyvdd.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\Arquivos de programas\Alwil Software\Avast4\ashDisp.exe" [2008-05-15 20:19]
"OOCCCTRL.EXE"="C:\Arquivos de programas\OO Software\CleverCache\OOCCCTRL.exe" [2007-01-28 15:08]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TweakRAM"="C:\Arquivos de programas\TweakRAM\TweakRAM.exe" [2007-09-15 07:52]
"SpybotSD TeaTimer"="C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43]

C:\Documents and Settings\Guilherme\Menu Iniciar\Programas\Inicializar\
SpamPal.lnk - C:\Arquivos de programas\SpamPal\spampal.exe [2005-10-24 20:08:06]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\
EyeLoveU.lnk.disabled [2008-06-27 08:58:24]
SpywareGuard.lnk - C:\Arquivos de programas\SpywareGuard\sgmain.exe [2003-08-29 19:05:35]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= C:\Arquivos de programas\Qualcomm\Eudora\EuShlExt.dll [2006-08-17 14:57 86016]
"{E37CB5F0-51F5-4395-A808-5FA49E399007}"= C:\ARQUIV~1\GbPlugin\gbiehabn.dll [2008-06-04 15:52 369064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginAbn]
C:\ARQUIV~1\GbPlugin\gbiehabn.dll 2008-06-04 15:52 369064 C:\ARQUIV~1\GbPlugin\gbiehabn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2008-05-28 12:32 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ZTE Wireless Terminal"="C:\Arquivos de programas\AIKO 76E\bin\App.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"VTTimer"=VTTimer.exe
"DXDllRegExe"=dxdllreg.exe
"<NO NAME>"=
"HP Component Manager"="C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc

*Newly Created Service* - MBAMDRVSERVICE

-- End of Deckard's System Scanner: finished at 2008-07-23 22:16:10 ------------


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:24, on 2008-07-23
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Alwil Software\Avast4\ashDisp.exe
C:\Arquivos de programas\OO Software\CleverCache\OOCCCTRL.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Arquivos de programas\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Arquivos de programas\TweakRAM\TweakRAM.exe
C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
C:\Arquivos de programas\SpywareGuard\sgmain.exe
C:\Arquivos de programas\SpamPal\spampal.exe
C:\Arquivos de programas\OO Software\CleverCache\ooccag.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\SpywareGuard\sgbhp.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamtrayctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\ProcessExplorer_11.11\procexp.exe
C:\WINDOWS\notepad.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://google.com.br
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.transconsult.com.br
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://google.com.br
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://google.com.br
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.com.br
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.com.br
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.transconsult.com.br
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = http://google.com.br
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://google.com.br
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://google.com.br
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Arquivos de programas\FlashGet\jccatch.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Arquivos de programas\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\ARQUIV~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\ARQUIV~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [avast!] "C:\Arquivos de programas\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [OOCCCTRL.EXE] "C:\Arquivos de programas\OO Software\CleverCache\OOCCCTRL.EXE" /tasktray
O4 - HKCU\..\Run: [TweakRAM] C:\Arquivos de programas\TweakRAM\TweakRAM.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: SpamPal.lnk = C:\Arquivos de programas\SpamPal\spampal.exe
O4 - Global Startup: EyeLoveU.lnk.disabled
O4 - Global Startup: SpywareGuard.lnk = C:\Arquivos de programas\SpywareGuard\sgmain.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Arquivos de programas\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Arquivos de programas\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/ ... 0274552997
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 8130972218
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/p ... ginABN.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Arquivos de programas\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe
O23 - Service: Network Time Protocol Daemon (NTP) - Unknown owner - C:\Arquivos de programas\NTP\bin\ntpd.exe
O23 - Service: O&O CleverCache Agent (OOCleverCacheAgent) - O&O Software GmbH - C:\Arquivos de programas\OO Software\CleverCache\ooccag.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 9252 bytes

Hijack This Uninstall List

Adobe Acrobat 8.1.2 Professional
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
AIKO 76E
Arquivo do WinRAR
Atualização de Segurança para o Windows Media Player 11 (KB936782)
Atualização de Segurança para Windows Internet Explorer 7 (KB938127)
Atualização de Segurança para Windows Internet Explorer 7 (KB950759)
Atualização de Segurança para Windows XP (KB923789)
Atualização de Segurança para Windows XP (KB941569)
Atualização de Segurança para Windows XP (KB950760)
Atualização de Segurança para Windows XP (KB950762)
Atualização de Segurança para Windows XP (KB951376)
Atualização de Segurança para Windows XP (KB951376-v2)
Atualização de Segurança para Windows XP (KB951698)
Atualização de Segurança para Windows XP (KB951748)
Atualização para Windows XP (KB951978)
Avanquest update
avast! Antivirus
Babylon
Better File Rename 5.1
Cliente do Windows Rights Management com Service Pack 2
Compatibilidade com Versões Anteriores do Cliente do Windows Rights Management SP2
Conexant HD Audio
CoolSMS 2.06 beta
CrossLoop 2.20
CuteFTP 8 Professional
Deja Vu X
Diskeeper 2008 Pro Premier
Eudora
EyeLoveU 3.5.4
FlashGet(JetCar)
Fresh RAM
Google Earth
GridMove V1.19.53
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix para o Windows Media Player 11 (KB939683)
Hotfix para Windows Internet Explorer 7 (KB947864)
HP Image Zone 3.5
HP PSC & OfficeJet 3.5
HP Software Update
HP USB Disk Storage Format Tool
Java(TM) 6 Update 5
jv16 PowerTools 2008
Leitor Digital 2.1.1
LogMeIn
Magic ISO Maker v5.5 (build 0261)
Malwarebytes' Anti-Malware
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Brazilian Portuguese Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Language Pack - PTB
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Brazilian Portuguese Language Pack
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edição 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Motorola Driver Installation
Motorola Phone Tools
Mozilla Firefox (2.0.0.14)
Mozilla Firefox (3.0.1)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
Nero 8
neroxml
Network Time Protocol
O&O CleverCache
Pacote de Idiomas do Português (Brasil) para Microsoft .NET Framework 3.0
Pacote de Provedor de Serviços de Criptografia para o Microsoft Base Smart Card
palmOne
Panda ActiveScan 2.0
PDF Password Remover v3.0
PhotoScape
Power Manager 2.2.1
RealPlayer
ScanSoft OmniPage 16
ScanSoft PDF Create! 4
SDL TRADOS 7 Freelance
SDLX
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Skype™ 3.8
Soft Data Fax Modem with SmartCP
SpamPal
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
SpywareBlaster 4.1
SpywareGuard v2.2
The Bat! Professional v4.0.20
Total Uninstall 4.8.0
Trillian
TweakRAM
VCRedistSetup
VeryPDF PDF2Word v3.0
VIA Gerenciador de dispositivo de plataforma
VIA Rhine-Family Fast-Ethernet Adapter
VIA/S3G Display Driver 6.14.10.0078
Windows Imaging Component
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Presentation Foundation Language Pack (PTB)
Windows Workflow Foundation BR Language Pack
Windows XP Service Pack 3
XML Paper Specification Shared Components Language Pack 1.0

--
End of file

StartupList report, 2008-07-23, 22:26:42
StartupList version: 1.52.2
Started from : C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.EXE
Detected: Windows XP SP3 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.6000.16674)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Alwil Software\Avast4\ashDisp.exe
C:\Arquivos de programas\OO Software\CleverCache\OOCCCTRL.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Arquivos de programas\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Arquivos de programas\TweakRAM\TweakRAM.exe
C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
C:\Arquivos de programas\SpywareGuard\sgmain.exe
C:\Arquivos de programas\SpamPal\spampal.exe
C:\Arquivos de programas\OO Software\CleverCache\ooccag.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\SpywareGuard\sgbhp.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamtrayctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\ProcessExplorer_11.11\procexp.exe
C:\WINDOWS\notepad.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Guilherme\Menu Iniciar\Programas\Inicializar]
SpamPal.lnk = C:\Arquivos de programas\SpamPal\spampal.exe

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar]
EyeLoveU.lnk.disabled
SpywareGuard.lnk = C:\Arquivos de programas\SpywareGuard\sgmain.exe

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

avast! = "C:\Arquivos de programas\Alwil Software\Avast4\ashDisp.exe"
OOCCCTRL.EXE = "C:\Arquivos de programas\OO Software\CleverCache\OOCCCTRL.EXE" /tasktray

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

TweakRAM = C:\Arquivos de programas\TweakRAM\TweakRAM.exe
SpybotSD TeaTimer = C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] *
StubPath = C:\WINDOWS\system32\ieudinit.exe

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry key not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry key not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=*Registry key not found*

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1 %*)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Editor do Registro'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Arquivos de programas\FlashGet\jccatch.dll - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7}
SpywareGuard Download Protection - C:\Arquivos de programas\SpywareGuard\dlprotect.dll - {4A368E80-174F-4872-96B5-0B27DDD11DB2}
(no name) - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
G-Buster Browser Defense ABN AMRO - C:\ARQUIV~1\GbPlugin\gbiehabn.dll - {C41A1C0E-EA6C-11D4-B1B8-444553540007}
(no name) - C:\ARQUIV~1\FlashGet\getflash.dll - {F156768E-81EF-470C-9057-481BA8380DBA}

--------------------------------------------------

Enumerating Task Scheduler jobs:

*No jobs found*

--------------------------------------------------

Enumerating Download Program Files:

[MUCatalogWebControl Class]
InProcServer32 = C:\WINDOWS\system32\MicrosoftUpdateCatalogWebControl.dll
CODEBASE = http://catalog.update.microsoft.com/v7/ ... 0274552997

[MUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\muweb.dll
CODEBASE = http://www.update.microsoft.com/microso ... 8130972218

[Java Plug-in 1.6.0_05]
InProcServer32 = C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab

[Java Plug-in 1.6.0_05]
InProcServer32 = C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab

[Java Plug-in 1.6.0_05]
InProcServer32 = C:\Arquivos de programas\Java\jre1.6.0_05\bin\npjpi160_05.dll
CODEBASE = http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx
CODEBASE = http://fpdownload2.macromedia.com/get/s ... wflash.cab

[GbPluginObj Class]
InProcServer32 = C:\ARQUIV~1\GbPlugin\gbiehabn.dll
CODEBASE = https://wwws.realsecureweb.com.br/mpr/p ... ginABN.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll
Protocol #16: C:\WINDOWS\system32\mswsock.dll
Protocol #17: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Microsoft ACPI Driver: system32\DRIVERS\ACPI.sys (system)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD: \SystemRoot\System32\drivers\afd.sys (system)
Alerta: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)
Serviço 'Gateway de camada de aplicativo': %SystemRoot%\System32\alg.exe (manual start)
Gerenciamento de aplicativo: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Atheros Wireless Network Adapter Service: system32\DRIVERS\ar5211.sys (manual start)
Atheros AR5008 Wireless Network Adapter Service: system32\DRIVERS\athw.sys (manual start)
Serviço de estado do ASP.NET: %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (manual start)
aswFsBlk: system32\DRIVERS\aswFsBlk.sys (autostart)
avast! iAVS4 Control Service: "C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe" (autostart)
Driver de mídia assíncrona RAS: system32\DRIVERS\asyncmac.sys (manual start)
Controlador de disco rígido padrão IDE/ESDI: system32\DRIVERS\atapi.sys (system)
Protocolo de cliente ATM ARP: system32\DRIVERS\atmarpc.sys (manual start)
Áudio do Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Driver de fragmento de código de áudio: system32\DRIVERS\audstub.sys (manual start)
avast! Antivirus: "C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe" (autostart)
avast! Mail Scanner: "C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (manual start)
avast! Web Scanner: "C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (manual start)
Serviço de transferência inteligente de plano de fundo: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Localizador de computadores: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
catchme: \??\C:\DOCUME~1\GUILHE~1\CONFIG~1\Temp\catchme.sys (manual start)
Driver de CD-ROM: system32\DRIVERS\cdrom.sys (system)
Serviço de indexação: C:\WINDOWS\system32\cisvc.exe (autostart)
Área de armazenamento: %SystemRoot%\system32\clipsrv.exe (disabled)
.NET Runtime Optimization Service v2.0.50727_X86: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (manual start)
Microsoft ACPI Control Method Battery Driver: system32\DRIVERS\CmBatt.sys (manual start)
Microsoft Composite Battery Driver: system32\DRIVERS\compbatt.sys (system)
Aplicativo de sistema COM+: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Serviços de criptografia: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Inicializador de Processo de Servidor DCOM: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
Cliente DHCP: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Driver de disco: system32\DRIVERS\disk.sys (system)
Diskeeper: "C:\Arquivos de programas\Diskeeper Corporation\Diskeeper\DkService.exe" (autostart)
Serviço administrativo do gerenciador de disco lógico: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
Logical Disk Manager Driver: System32\drivers\dmio.sys (system)
dmload: System32\drivers\dmload.sys (system)
Gerenciador de discos lógicos: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
Cliente DNS: %SystemRoot%\system32\svchost.exe -k NetworkService (manual start)
Configuração Automática com Fio: %SystemRoot%\System32\svchost.exe -k dot3svc (manual start)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
Serviço de EAP (Extensible Authentication Protocol): %SystemRoot%\System32\svchost.exe -k eapsvcs (manual start)
Erro ao informar o serviço: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Log de eventos: %SystemRoot%\system32\services.exe (autostart)
Sistema de eventos COM+: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start)
Compatibilidade com 'Troca rápida de usuário': %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
VIA Rhine-Family Fast-Ethernet Adapter Driver Service: system32\DRIVERS\fetnd5bv.sys (manual start)
VIA Rhine-Family Fast Ethernet Adapter Driver Service: system32\DRIVERS\fetnd5bv.sys (manual start)
VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver: system32\DRIVERS\fetnd5.sys (manual start)
FLEXnet Licensing Service: "C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
Windows Presentation Foundation Font Cache 3.0.0.0: C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (manual start)
Volume Manager Driver: system32\DRIVERS\ftdisk.sys (system)
Classificador genérico de pacotes: system32\DRIVERS\msgpc.sys (manual start)
Microsoft UAA Function Driver for High Definition Audio Service: system32\drivers\CHDAud.sys (manual start)
Driver de Barramento Microsoft UAA para High Definition Audio: system32\DRIVERS\HDAudBus.sys (manual start)
Ajuda e suporte: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
HID Input Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Driver de classe HID da Microsoft: system32\DRIVERS\hidusb.sys (manual start)
Serviço de Gerenciamento de Certificados e Chaves de Integridade: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
IEEE-1284.4 Driver HPZid412: system32\DRIVERS\HPZid412.sys (manual start)
Print Class Driver for IEEE-1284.4 HPZipr12: system32\DRIVERS\HPZipr12.sys (manual start)
USB to IEEE-1284.4 Translation Driver HPZius12: system32\DRIVERS\HPZius12.sys (manual start)
HSFHWAZL: system32\DRIVERS\HSFHWAZL.sys (manual start)
HSF_DPV: system32\DRIVERS\HSF_DPV.sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
Teclado i8042 e driver de porta de mouse PS/2: system32\DRIVERS\i8042prt.sys (system)
InstallDriver Table Manager: "C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe" (manual start)
Windows CardSpace: "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" (manual start)
Driver de filtro de criação de CDs: system32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\system32\imapi.exe (manual start)
Driver de Processador Intel: system32\DRIVERS\intelppm.sys (system)
Driver de IPv6 do Firewall do Windows: system32\drivers\ip6fw.sys (manual start)
Driver de filtro de tráfego IP: system32\DRIVERS\ipfltdrv.sys (manual start)
Driver de encapsulamento IP em IP: system32\DRIVERS\ipinip.sys (manual start)
Conversor de endereços de rede IP: system32\DRIVERS\ipnat.sys (manual start)
Driver IPSEC: system32\DRIVERS\ipsec.sys (system)
Serviço enumerador IR: system32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: system32\DRIVERS\isapnp.sys (system)
Keyboard Class Driver: system32\DRIVERS\kbdclass.sys (system)
Keyboard HID Driver: system32\DRIVERS\kbdhid.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Servidor: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Estação de trabalho: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Auxiliar NetBIOS TCP/IP: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
LogMeIn Kernel Information Provider: \??\C:\Arquivos de programas\LogMeIn\x86\RaInfo.sys (autostart)
LogMeIn Maintenance Service: "C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe" (disabled)
lmimirr: system32\DRIVERS\lmimirr.sys (manual start)
LogMeIn Remote File System Driver: \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (autostart)
LogMeIn: "C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe" (disabled)
MBAMDrvService: \??\C:\WINDOWS\system32\drivers\mbam.sys (autostart)
MBAMService: "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe" (autostart)
Machine Debug Manager: "C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE" (autostart)
mdmxsdk: system32\DRIVERS\mdmxsdk.sys (autostart)
Mensageiro: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
Compartilhamento remoto da área de trabalho do NetMeeting: C:\WINDOWS\system32\mnmsrvc.exe (manual start)
Motorola USB CDC ACM Driver: system32\DRIVERS\motmodem.sys (manual start)
Mouse Class Driver: system32\DRIVERS\mouclass.sys (system)
Mouse HID Driver: system32\DRIVERS\mouhid.sys (manual start)
Redirecionador do cliente WebDav: system32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: system32\DRIVERS\mrxsmb.sys (system)
Coordenador de transações distribuídas: C:\WINDOWS\system32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
Proxy de serviço de fluxo contínuo Microsoft: system32\drivers\MSKSSRV.sys (manual start)
Proxy do relógio de fluxo contínuo Microsoft: system32\drivers\MSPCLOCK.sys (manual start)
Proxy de gerenciador de qualidade de fluxo contínuo Microsoft: system32\drivers\MSPQM.sys (manual start)
Driver de BIOS de Gerenciamento de Sistema Microsoft: system32\DRIVERS\mssmbios.sys (manual start)
Agente de Proteção de Acesso à Rede: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Driver TAPI NDIS de acesso remoto: system32\DRIVERS\ndistapi.sys (manual start)
Protocolo de modo de usuário E/S em dispositivos NDIS: system32\DRIVERS\ndisuio.sys (manual start)
Driver de rede remota NDIS de acesso remoto: system32\DRIVERS\ndiswan.sys (manual start)
Nero BackItUp Scheduler 3: C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe (manual start)
Interface NetBIOS: system32\DRIVERS\netbios.sys (system)
NetBios em Tcpip: system32\DRIVERS\netbt.sys (system)
DDE de rede: %SystemRoot%\system32\netdde.exe (disabled)
DSDM de DDE de rede: %SystemRoot%\system32\netdde.exe (disabled)
Logon de rede: %SystemRoot%\system32\lsass.exe (manual start)
Conexões de rede: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Net.Tcp Port Sharing Service: "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" (disabled)
Reconhecimento de local da rede (NLA): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
NMIndexingService: "C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe" (manual start)
Fornecedor de suporte de segurança NT LM: %SystemRoot%\system32\lsass.exe (manual start)
Armazenamento removível: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Network Time Protocol Daemon: C:\Arquivos de programas\NTP\bin\ntpd.exe -M -g -c "C:\Arquivos de programas\NTP\etc\ntp.conf" (autostart)
Driver de filtro de tráfego IPX: system32\DRIVERS\nwlnkflt.sys (manual start)
Driver encaminhador de tráfego IPX: system32\DRIVERS\nwlnkfwd.sys (manual start)
O&O CleverCache Agent: "C:\Arquivos de programas\OO Software\CleverCache\ooccag.exe" (autostart)
Office Source Engine: "C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE" (manual start)
PalmUSBD: system32\drivers\PalmUSBD.sys (manual start)
pavboot: system32\drivers\pavboot.sys (system)
PCI Bus Driver: system32\DRIVERS\pci.sys (system)
PCIIde: system32\DRIVERS\pciide.sys (system)
PLFlash DeviceIoControl Service: C:\WINDOWS\system32\IoctlSvc.exe (autostart)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
Pml Driver HPZ12: C:\WINDOWS\system32\HPZipm12.exe (manual start)
Serviços IPSEC: %SystemRoot%\system32\lsass.exe (autostart)
Miniporta de rede remota (PPTP): system32\DRIVERS\raspptp.sys (manual start)
Armazenamento protegido: %SystemRoot%\system32\lsass.exe (autostart)
Agendador de pacotes QoS: system32\DRIVERS\psched.sys (manual start)
Driver de link paralelo direto: system32\DRIVERS\ptilink.sys (manual start)
Driver de conexão automática de acesso remoto: system32\DRIVERS\rasacd.sys (system)
Gerenciador de conexão de acesso remoto automático: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Miniporta de rede remota (L2TP): system32\DRIVERS\rasl2tp.sys (manual start)
Gerenciador de conexão de acesso remoto: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Driver PPPOE de acesso remoto: system32\DRIVERS\raspppoe.sys (manual start)
Paralelo direto: system32\DRIVERS\raspti.sys (manual start)
Rdbss: system32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Driver redirecionador de dispositivos doTerminal Server: system32\DRIVERS\rdpdr.sys (manual start)
Gerenciador de sessão de ajuda de área de trabalho remota: C:\WINDOWS\system32\sessmgr.exe (manual start)
Driver de filtro de reprodução de áudio digital de CD: system32\DRIVERS\redbook.sys (system)
Roteamento e acesso remoto: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
Registro remoto: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
Alocador Remote Procedure Call (RPC): %SystemRoot%\system32\locator.exe (manual start)
Chamada de procedimento remoto (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\system32\rsvp.exe (manual start)
S3GIGP: system32\DRIVERS\S3gIGPm.sys (manual start)
Gerenciador de contas de segurança: %SystemRoot%\system32\lsass.exe (autostart)
Cartão inteligente: %SystemRoot%\System32\SCardSvr.exe (manual start)
Agendador de tarefas: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: system32\DRIVERS\secdrv.sys (manual start)
Logon secundário: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Notificação de eventos de sistema: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Firewall do Windows/Compartilhamento de Conexão com a Internet (ICS): %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Detecção do hardware do shell: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Spooler de impressão: %SystemRoot%\system32\spoolsv.exe (autostart)
sptd: System32\Drivers\sptd.sys (system)
Driver de filtro de restauração do sistema: system32\DRIVERS\sr.sys (system)
Serviço de restauração do sistema: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Srv: system32\DRIVERS\srv.sys (manual start)
Serviço de descoberta SSDP: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
StarWind AE Service: C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (autostart)
Assistente de aquisição de imagens do Windows (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (autostart)
Software Bus Driver: system32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{8789480F-1354-48BA-A56B-A40AE7D13594} (manual start)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Logs e alertas de desempenho: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telefonia: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Driver de protocolo TCP/IP: system32\DRIVERS\tcpip.sys (system)
Driver de dispositivo de terminal: system32\DRIVERS\termdd.sys (system)
Serviços de terminal: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Temas: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Telnet: C:\WINDOWS\system32\tlntsvr.exe (disabled)
Cliente de rastreamento de link distribuído: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Filtro Microsoft AGPv3.5: system32\DRIVERS\uagp35.sys (system)
Conexant Setup API: system32\DRIVERS\UIUSYS.SYS (manual start)
Microcode Update Driver: system32\DRIVERS\update.sys (manual start)
Host de dispositivo Plug and Play universal: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
Sistema de alimentação ininterrupta: %SystemRoot%\System32\ups.exe (disabled)
Microsoft USB Generic Parent Driver: system32\DRIVERS\usbccgp.sys (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32\DRIVERS\usbehci.sys (manual start)
Microsoft USB Standard Hub Driver: system32\DRIVERS\usbhub.sys (manual start)
USB Security Key: system32\DRIVERS\usbkey.sys (manual start)
Microsoft USB PRINTER Class: system32\DRIVERS\usbprint.sys (manual start)
USB Scanner Driver: system32\DRIVERS\usbscan.sys (manual start)
USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: system32\DRIVERS\usbuhci.sys (manual start)
Controlador de vídeo VGA.: \SystemRoot\System32\drivers\vga.sys (system)
ViaIde: system32\DRIVERS\viaide.sys (system)
Cópia de volume em memória: %SystemRoot%\System32\vssvc.exe (manual start)
Horário do Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Driver ARP IP de acesso remoto: system32\DRIVERS\wanarp.sys (manual start)
Wdf01000: system32\DRIVERS\Wdf01000.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
Cliente da Web: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
winachsf: system32\DRIVERS\HSF_CNXT.sys (manual start)
WINIO: \??\C:\WINDOWS\system32\WinIo.sys (system)
Testador de instrumentação de gerenciam. do Windows: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Serviço de Número de Série de Mídia Portátil: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Extensões de driver de instrum. gerenc. do Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Adaptador de desempenho WMI: C:\WINDOWS\system32\wbem\wmiapsrv.exe (manual start)
Windows Media Player Network Sharing Service: C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe (manual start)
Central de Segurança: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Atualizações Automáticas: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Windows Driver Foundation - User-mode Driver Framework Platform Driver: system32\DRIVERS\WudfPf.sys (manual start)
Windows Driver Foundation - User-mode Driver Framework Reflector: system32\DRIVERS\wudfrd.sys (manual start)
Windows Driver Foundation - User-mode Driver Framework: %SystemRoot%\system32\svchost.exe -k WudfServiceGroup (manual start)
Configuração zero sem fio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Serviço de Configuração de Rede: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
ZTE USB Device for Legacy Serial Communication: system32\DRIVERS\zteusbser.sys (manual start)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
UPnPMonitor: C:\WINDOWS\system32\upnpui.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

End of report, 38,356 bytes
Report generated in 0.265 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
gdot
Active Member
 
Posts: 9
Joined: July 19th, 2008, 7:50 am
Location: Rio de Janeiro, Brazil

Re: Unable to conect except via proxy

Unread postby Katana » July 24th, 2008, 6:51 am

Let's give this a try


Disable Teatimer
First step:
  • Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
  • If you have the new version 1.5, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
  • If you have Version 1.4, Click on Exit Spybot S&D Resident
Second step, For Either Version :
  • Open Spybot S&D
  • Click Mode, choose Advanced Mode
  • Go To the bottom of the Vertical Panel on the Left, Click Tools
  • then, also in left panel, click Resident shows a red/white shield.
  • If your firewall raises a question, say OK
  • In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
  • OK any prompts.
  • Use File, Exit to terminate Spybot
  • Reboot your machine for the changes to take effect.



OTMoveIt
Please download OTMoveIt2 by OldTimer and save it to your desktop
  • Double-click OTMoveIt2.exe to run it.
  • Copy the lines in the codebox below.
Code: Select all
C:\WINDOWS\system32\abaddadbef7_z.dll
C:\WINDOWS\Selu305.dll
C:\WINDOWS\system32\ukeyvdd.dll

  • Return to OTMoveIt2, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar), and paste it in your next reply.
  • Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


Reboot in safe mode

To reboot in safe mode
You can boot in Safe Mode by restarting your computer, then continually tapping F5 OR F8 until a menu appears.
Use your up arrow key to highlight Safe Mode, then hit enter.

Run ComboFix using these instructions:

Click the Windows 'Start' button > Select 'Run' - then copy/paste the following bolded text into the run box & click OK.

"%userprofile%\desktop\combofix.exe" /killall

When finished, it shall produce a log for you. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Unable to conect except via proxy

Unread postby gdot » July 24th, 2008, 9:27 am

Hi, Katana.

TeaTimer disabled on your first post.

OTMoveIt2 produced the following report:
-------------------
LoadLibrary failed for C:\WINDOWS\system32\abaddadbef7_z.dll
C:\WINDOWS\system32\abaddadbef7_z.dll NOT unregistered.
C:\WINDOWS\system32\abaddadbef7_z.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\Selu305.dll
C:\WINDOWS\Selu305.dll NOT unregistered.
C:\WINDOWS\Selu305.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ukeyvdd.dll
C:\WINDOWS\system32\ukeyvdd.dll NOT unregistered.
C:\WINDOWS\system32\ukeyvdd.dll moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07242008_091839
-------------------


ComboFix now reboots the puter and... stalls, in both normal and safe modes. After a couple of attempts, Windows now refuses to run in safe mode: it goes untill the safe mode warnings appear at the four edges of the screen and stops.

Everything runs smoothly, except for being unable to reach MalwareRemoval directly.

Again, Thanks.
gdot
Active Member
 
Posts: 9
Joined: July 19th, 2008, 7:50 am
Location: Rio de Janeiro, Brazil

Re: Unable to conect except via proxy

Unread postby Katana » July 24th, 2008, 12:25 pm

You said previously that you could get to malware removal directly ?
Has this changed ?

Download and run SafeBootKeyRepair.exe by sUBs.
  • A log will be produced at C:\SafeBoot_Repair.txt
  • Please post that in your next reply.
  • Let me know if you can boot into Safe Mode now.

Please rerun SDFix, and try combofix in safe mode again
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Unable to conect except via proxy

Unread postby gdot » July 24th, 2008, 1:48 pm

You probably skipped my comment -- which was not very clear, indeed: one or two notes after I reported direct access, I wrote "back to proxy" or something like that.

I managed to run ComboFix under safe mode this time.

1. Ran SafeBoot Repair (report at the bottom).

2. Rebooted in safe mode. Extremely long operation: ca 5 minutes to show the 4 "Safe mode" warnings at the edges, another 10 min "initializing", blank screen, login screen, another 5 min to finally stabilize in safe mode. All this at apparently full CPU throttle. (Perhaps my safe mode wasn't broken, but my patience wasn't enough to wait)... One way or the other, it's too long a boot.

3. ComboFix ran quite quickly (3-4 min), rebooted and produced the report in another 3-4 minutes.

Regards.

------------------------------
Reg export of SafeBoot key after repair:
========================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot]
"AlternateShell"="cmd.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\DcomLaunch]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AFD]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Browser]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DcomLaunch]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Dhcp]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DnsCache]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ip6fw.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ipnat.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanServer]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanWorkstation]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LmHosts]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Messenger]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS Wrapper]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Ndisuio]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOS]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOSGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBT]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetDDEGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetMan]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Network]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetworkProvider]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NtLmSsp]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP_TDI]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpcdd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpdd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpwd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdsessmgr]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SharedAccess]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Streams Drivers]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Tcpip]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\TDI]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdpipe.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdtcp.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\termservice]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WZCSVC]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
@="Net"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
@="NetClient"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
@="NetService"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
@="NetTrans"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"

========================

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\PSEXESVC


------------------------------
ComboFix 08-07-21.2 - Guilherme 2008-07-24 14:12:16.2 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.1506 [GMT -3:00]
Executando de: C:\Documents and Settings\Guilherme\desktop\combofix.exe
Command switches used :: /killall
.

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Selu305.dll
C:\WINDOWS\system32\abaddadbef7_z.dll

.
((((((((((((((((((((((( Ficheiros criados de 2008-06-24 to 2008-07-24 ))))))))))))))))))))))))))))))))
.

2008-07-24 10:31 . 2008-05-04 20:18 4,990 --a------ C:\WINDOWS\system32\ukeyvdd.dll
2008-07-24 09:18 . 2008-07-24 09:18 <DIR> d-------- C:\_OTMoveIt
2008-07-23 22:38 . 2008-07-23 22:43 <DIR> d-------- C:\fixwareout
2008-07-22 23:23 . 2008-07-23 08:12 <DIR> d-------- C:\Documents and Settings\Guilherme\Dados de aplicativos\SpamPal
2008-07-22 13:43 . 2008-07-22 13:43 <DIR> d-------- C:\WINDOWS\ERUNT
2008-07-22 13:32 . 2008-07-22 13:32 <DIR> d-------- C:\Deckard
2008-07-20 09:59 . 2008-07-20 20:21 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-20 09:56 . 2008-07-20 09:56 <DIR> d-------- C:\Documents and Settings\Guilherme\Dados de aplicativos\Malwarebytes
2008-07-20 09:56 . 2008-07-20 09:56 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes
2008-07-20 09:56 . 2008-07-21 09:02 <DIR> d-------- C:\Arquivos de programas\Malwarebytes' Anti-Malware
2008-07-20 09:56 . 2008-07-20 20:21 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-20 09:44 . 2008-07-24 13:48 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2008-07-19 08:59 . 2008-07-19 08:59 <DIR> d-------- C:\Arquivos de programas\Trend Micro
2008-07-18 16:47 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-07-18 16:43 . 2008-07-18 16:43 <DIR> d-------- C:\Arquivos de programas\Panda Security
2008-07-14 08:02 . 2006-11-13 14:45 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-07-14 08:02 . 2007-02-27 14:31 21,504 --a------ C:\WINDOWS\system32\drivers\motmodem.sys
2008-07-11 16:19 . 2008-07-11 16:19 <DIR> d-------- C:\Arquivos de programas\SDL International
2008-07-09 08:20 . 2008-05-09 07:55 512,000 -----c--- C:\WINDOWS\system32\dllcache\jscript.dll
2008-07-09 08:20 . 2008-05-09 07:55 430,080 -----c--- C:\WINDOWS\system32\dllcache\vbscript.dll
2008-07-09 08:20 . 2008-05-09 07:55 180,224 -----c--- C:\WINDOWS\system32\dllcache\scrobj.dll
2008-07-09 08:20 . 2008-05-09 07:55 172,032 -----c--- C:\WINDOWS\system32\dllcache\scrrun.dll
2008-07-09 08:20 . 2008-05-08 08:24 155,648 -----c--- C:\WINDOWS\system32\dllcache\wscript.exe
2008-07-09 08:20 . 2008-05-09 05:45 135,168 -----c--- C:\WINDOWS\system32\dllcache\cscript.exe
2008-07-09 08:20 . 2008-05-09 07:55 90,112 -----c--- C:\WINDOWS\system32\dllcache\wshext.dll
2008-07-05 10:18 . 2008-07-05 10:21 <DIR> d-------- C:\Documents and Settings\Guilherme\Dados de aplicativos\Trados
2008-07-02 10:23 . 2008-07-02 10:23 <DIR> d-------- C:\WINDOWS\system32\DRM
2008-06-30 09:17 . 2008-06-30 09:17 <DIR> d-------- C:\Arquivos de programas\Google
2008-06-24 22:40 . 2008-06-24 22:40 <DIR> d-------- C:\Arquivos de programas\EyeLoveU 3.5

.
((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-24 16:50 --------- d-----w C:\Arquivos de programas\Trillian
2008-07-24 16:04 --------- d-----w C:\Documents and Settings\Guilherme\Dados de aplicativos\Skype
2008-07-24 15:49 --------- d-----w C:\Arquivos de programas\CrossLoop
2008-07-24 13:21 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Babylon
2008-07-23 03:57 --------- d-----w C:\Arquivos de programas\FlashGet
2008-07-19 17:00 --------- d-----w C:\Arquivos de programas\Fresh RAM
2008-07-11 19:19 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information
2008-07-05 21:29 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP
2008-07-05 21:29 --------- d-----w C:\Arquivos de programas\SpywareBlaster
2008-07-05 20:30 --------- d-----w C:\Documents and Settings\Guilherme\Dados de aplicativos\Babylon
2008-07-05 11:11 --------- d-----w C:\Arquivos de programas\Skype
2008-07-05 11:10 --------- d-----w C:\Documents and Settings\Guilherme\Dados de aplicativos\skypePM
2008-06-22 16:07 --------- d-----w C:\Arquivos de programas\Power Translator 11
2008-06-20 13:33 --------- d-----w C:\Arquivos de programas\MagicISO
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-18 16:52 --------- d-----w C:\Arquivos de programas\TweakRAM
2008-06-16 22:14 --------- d-----w C:\Arquivos de programas\Leitor Digital
2008-06-15 19:00 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\LogMeIn
2008-06-15 19:00 --------- d-----w C:\Arquivos de programas\LogMeIn
2008-06-15 16:53 --------- d-----w C:\Arquivos de programas\SpywareGuard
2008-06-15 15:38 --------- d-----w C:\Arquivos de programas\jv16 PowerTools 2008
2008-06-14 17:34 272,384 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 20:49 --------- d-----w C:\Arquivos de programas\TRADOS
2008-06-12 00:15 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Data Dynamics
2008-06-12 00:15 --------- d-----w C:\Arquivos de programas\Arquivos comuns\ATRIL
2008-06-05 09:23 --------- d-----w C:\Arquivos de programas\Arquivos comuns\xing shared
2008-06-05 09:23 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Real
2008-06-05 09:22 --------- d-----w C:\Arquivos de programas\Real
2008-06-05 08:54 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin
2008-06-05 08:54 --------- d-----w C:\Arquivos de programas\GbPlugin
2008-06-03 22:43 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\FLEXnet
2008-05-31 23:49 --------- d-----w C:\Arquivos de programas\palmOne
2008-05-31 23:48 16,694 ----a-w C:\WINDOWS\system32\drivers\PalmUSBD.sys
2008-05-31 23:47 53,248 ----a-w C:\WINDOWS\PalmDevC.dll
2008-05-31 23:21 --------- d-----w C:\Documents and Settings\Guilherme\Dados de aplicativos\Leadertech
2008-05-31 23:18 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\HotSync
2008-05-31 23:16 --------- d-----w C:\Documents and Settings\Guilherme\Dados de aplicativos\HotSync
2008-05-29 11:16 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Unopar
2008-05-28 23:46 --------- d-----w C:\Arquivos de programas\CoolSMS
2008-05-28 12:01 --------- d-----w C:\Arquivos de programas\GridMove
2008-05-25 12:18 --------- d-----w C:\Arquivos de programas\Microsoft Silverlight
2008-05-25 11:55 --------- d-----w C:\Arquivos de programas\Alwil Software
2008-04-15 01:11 32 ----a-w C:\Documents and Settings\All Users\Dados de aplicativos\ezsid.dat
.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TweakRAM"="C:\Arquivos de programas\TweakRAM\TweakRAM.exe" [2007-09-15 07:52 1209856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\Arquivos de programas\Alwil Software\Avast4\ashDisp.exe" [2008-05-15 20:19 79224]
"OOCCCTRL.EXE"="C:\Arquivos de programas\OO Software\CleverCache\OOCCCTRL.EXE" [2007-01-28 15:08 1911568]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\
EyeLoveU.lnk.disabled [2008-06-27 08:58:24 2201]
SpywareGuard.lnk - C:\Arquivos de programas\SpywareGuard\sgmain.exe [2003-08-29 19:05:35 360448]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "C:\Arquivos de programas\Qualcomm\Eudora\EuShlExt.dll" [2006-08-17 14:57 86016]
"{E37CB5F0-51F5-4395-A808-5FA49E399007}"= "C:\ARQUIV~1\GbPlugin\gbiehabn.dll" [2008-06-04 15:52 369064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginAbn]
2008-06-04 15:52 369064 C:\ARQUIV~1\GbPlugin\gbiehabn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-05-28 12:32 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ZTE Wireless Terminal"="C:\Arquivos de programas\AIKO 76E\bin\App.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"VTTimer"=VTTimer.exe
"DXDllRegExe"=dxdllreg.exe
"<NO NAME>"=
"HP Component Manager"="C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Arquivos de programas\\Trillian\\trillian.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Arquivos de programas\\GlobalSCAPE\\CuteFTP 8 Professional\\ftpte.exe"=
"C:\\Arquivos de programas\\CrossLoop\\CrossLoopConnect.exe"=
"C:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=
"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-15 20:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-15 20:16]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Arquivos de programas\LogMeIn\x86\RaInfo.sys [2008-02-28 15:31]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 13:39]
R2 MBAMDrvService;MBAMDrvService;C:\WINDOWS\system32\drivers\mbam.sys [2008-07-20 20:21]
R2 MBAMService;MBAMService;C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe [2008-07-20 20:21]
R2 NTP;Network Time Protocol Daemon;C:\Arquivos de programas\NTP\bin\ntpd.exe [2007-12-05 05:56]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2008-02-26 05:54]
R3 S3GIGP;S3GIGP;C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys [2007-07-05 08:41]
S3 USBKey;USB Security Key;C:\WINDOWS\system32\DRIVERS\usbkey.sys [2008-05-04 20:18]
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 11:47]
S3 zteusbser;ZTE USB Device for Legacy Serial Communication;C:\WINDOWS\system32\DRIVERS\zteusbser.sys [2007-04-10 10:34]
.
.
------- Supplementary Scan -------
.
R0 -: HKLM-Main,Default_Page_URL = hxxp://www.transconsult.com.br
R0 -: HKLM-Main,Default_Search_URL = hxxp://google.com.br
R0 -: HKLM-Main,Search Page = hxxp://google.com.br
R0 -: HKLM-Main,Start Page = hxxp://www.transconsult.com.br
R0 -: HKLM-Main,Search Bar = hxxp://google.com.br
R1 -: HKLM-Internet Explorer,SearchURL = hxxp://google.com.br
O8 -: Download All by FlashGet - C:\Arquivos de programas\FlashGet\jc_all.htm
O8 -: Download using FlashGet - C:\Arquivos de programas\FlashGet\jc_link.htm
O8 -: E&xportar para o Microsoft Excel - C:\ARQUIV~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 -: Translate with &Babylon - C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm

O16 -: {E37CB5F0-51F5-4395-A808-5FA49E399007} - hxxps://wwws.realsecureweb.com.br/mpr/p ... ginABN.cab
C:\WINDOWS\Downloaded Program Files\GbPluginABN.inf


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-24 14:24:07
Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializ veis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso
Ficheiros ocultos: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\ARQUIV~1\GbPlugin\gbpsv.exe
C:\Arquivos de programas\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Arquivos de programas\OO Software\CleverCache\ooccag.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamtrayctrl.exe
C:\Arquivos de programas\SpywareGuard\sgbhp.exe
C:\Arquivos de programas\ProcessExplorer_11.11\procexp.exe
.
**************************************************************************
.
Tempo para conclusÆo: 2008-07-24 14:26:39 - machine was rebooted [Guilherme]
ComboFix-quarantined-files.txt 2008-07-24 17:25:57

Pre-Run: 12 pasta(s) 15,605,125,120 bytes disponíveis
Post-Run: 16 pasta(s) 13,708,005,376 bytes dispon¡veis

188 --- E O F --- 2008-07-09 12:38:13
gdot
Active Member
 
Posts: 9
Joined: July 19th, 2008, 7:50 am
Location: Rio de Janeiro, Brazil

Re: Unable to conect except via proxy

Unread postby Katana » July 24th, 2008, 3:18 pm

Let's see if we can sort that proxy problem.

In the windows control panel. If you are using Windows XP's Category View, select the Network and Internet Connections category otherwise double click on Network Connections. Then right click on your default connection, usually local area connection for cable and dsl, and left click on properties. Click the Networking tab. Double-click on the Internet Protocol (TCP/IP) item and select the radio dial that says Obtain DNS servers automatically
Press OK twice to get out of the properties screen and reboot if it asks.
That option might not be avaiable on some systems
Next Go start run type cmd and hit OK
type
ipconfig /flushdns
then hit enter, type exit hit enter
(that space between g and / is needed)


Custom CFScript
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    KillAll::
    File::
    C:\WINDOWS\system32\abaddadbef7_z.dll
    C:\WINDOWS\Selu305.dll
    C:\WINDOWS\system32\ukeyvdd.dll
    

  • Save this as CFScript.txt and place it on your desktop.


    Image


  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 19 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware