Free Malware Removal Forum

by **dvegas** » June 1st, 2008, 7:56 pm

alguem me pode dizer qual o problema q tenho no meu pc.. tenho o coolwebsearch--

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:34:19, on 02-06-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\vbpdtvdp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programas\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programas\Spyware Doctor\pctsAuxs.exe
C:\Programas\Spyware Doctor\pctsSvc.exe
C:\Programas\Spyware Terminator\sp_rsser.exe
C:\Programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Programas\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Programas\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programas\Trend Micro\HijackThis\HijackThis.exe
C:\Programas\Internet Explorer\IEXPLORE.EXE
C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... p=aus&qkw=%s&tbid=60337
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60337
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60337
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programas\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\vbpdtvdp.exe,
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programas\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06E12C36-760F-4D92-8509-5E5DBF12C423} - (no file)
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {902107E5-0FB1-4227-8605-0CF4D8586767} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programas\google\googletoolbar2.dll
O2 - BHO: (no name) - {AC05EE52-030F-4CA5-B583-1C833EB8322F} - (no file)
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: (no name) - {CAF0988F-C51B-48D9-B535-808EEAE295A9} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: (no name) - {FAB2E16A-D9C3-41D3-BF19-F3A02BA6DCEB} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programas\google\googletoolbar2.dll
O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programas\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [ISTray] "C:\Programas\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Programas\Creative\Shared Files\CamTray.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\rwwnw64d.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programas\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programas\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 1828591125
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 1829019109
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/ ... /CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4DD62A15-6A62-477F-BF4D-661AF5D9FBEE}: NameServer = 212.55.154.174
O17 - HKLM\System\CS2\Services\Tcpip\..\{4DD62A15-6A62-477F-BF4D-661AF5D9FBEE}: NameServer = 212.55.154.174
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHEI~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: nnnoOghG - nnnoOghG.dll (file missing)
O20 - Winlogon Notify: opnnlljh - opnnlljh.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: GoogleDesktopManager - Google - C:\Programas\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Programas\iPod\bin\iPodService.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\winself.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programas\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programas\Spyware Doctor\pctsSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programas\Spyware Terminator\sp_rsser.exe

--
End of file - 11450 bytes

by **dan12** » June 2nd, 2008, 4:55 am

welcome to malwareremoval forums

My name is Dan, and I will be helping you to remove any infection(s) that you may have.

Please note! that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

Please observe these rules while we work:

Perform all actions in the order given.
If you don't know, stop and ask! Don't keep going on.
Please reply to this thread. Do not start a new topic.
Stick with it till you're given the all clear.
REMEMBER, ABSENCE OF SYMPTOMS DOES NOT MEAN THE INFECTION IS ALL GONE.

If you can do these things, everything should go smoothly.

Please note you'll need to have Administrator priviledges to perform the fixes. (XP accounts are Administrator by default)
Please let me know if you are using a computer with multiple accounts, as this can affect the instructions given.

Unless informed of in advance, failure to post replies within 5 days will result in this thread being closed.

It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

I'm presently looking over your log and hope not to be too long.
Will be back with you as soon as I can.
Thanks dan

by **dan12** » June 2nd, 2008, 4:56 am

Run HijackThis, select Do a system scan only and place checks against the following entries (if they are still present)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... p=aus&qkw=%s&tbid=60337
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60337
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60337
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: (no name) - {06E12C36-760F-4D92-8509-5E5DBF12C423} - (no file)
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {902107E5-0FB1-4227-8605-0CF4D8586767} - (no file)
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: (no name) - {AC05EE52-030F-4CA5-B583-1C833EB8322F} - (no file)
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: (no name) - {CAF0988F-C51B-48D9-B535-808EEAE295A9} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: (no name) - {FAB2E16A-D9C3-41D3-BF19-F3A02BA6DCEB} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

WITH ALL OTHER WINDOWS CLOSED Click on Fix Checked and exit

Post me a fresh HJT log

by **dvegas** » June 2nd, 2008, 6:57 am

i have remove this items!! know i have this

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:55:36, on 02-06-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\vbpdtvdp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Programas\Alwil Software\Avast4\ashWebSv.exe
C:\Programas\Internet Explorer\IEXPLORE.EXE
C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programas\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\vbpdtvdp.exe,
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programas\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programas\google\googletoolbar2.dll
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programas\google\googletoolbar2.dll
O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programas\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Programas\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programas\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\rwwnw64d.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programas\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programas\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 1828591125
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 1829019109
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/ ... /CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4DD62A15-6A62-477F-BF4D-661AF5D9FBEE}: NameServer = 212.55.154.174
O17 - HKLM\System\CS2\Services\Tcpip\..\{4DD62A15-6A62-477F-BF4D-661AF5D9FBEE}: NameServer = 212.55.154.174
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHEI~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: nnnoOghG - nnnoOghG.dll (file missing)
O20 - Winlogon Notify: opnnlljh - opnnlljh.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: GoogleDesktopManager - Google - C:\Programas\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Programas\iPod\bin\iPodService.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\winself.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programas\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programas\Spyware Doctor\pctsSvc.exe

--
End of file - 8477 bytes

by **dvegas** » June 2nd, 2008, 7:09 am

I still have it (coolwebsearch)

by **dan12** » June 2nd, 2008, 1:41 pm

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

by **dvegas** » June 5th, 2008, 5:38 pm

this is the result of combofix scanning!!

ComboFix 08-06-05.3 - Proprietário 2008-06-05 22:25:54.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.2070.18.653 [GMT 1:00]
Executando de: C:\Documents and Settings\Proprietário\Ambiente de trabalho\ComboFix.exe
* Criado um novo ponto de restauro

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Programas\ActivationManager
C:\Programas\ActivationManager\Uninstall.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\vtmp2
C:\Temp\vtmp2\ktnv33.log
C:\WINDOWS\BMfbda38fa.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\default.htm
C:\WINDOWS\explore.exe
C:\WINDOWS\iexplorer.exe
C:\WINDOWS\lfn.exe
C:\WINDOWS\mainms.vpi
C:\WINDOWS\megavid.cdt
C:\WINDOWS\muotr.so
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\clbinit.dll
C:\WINDOWS\system32\eOUCeMoq.ini
C:\WINDOWS\system32\eOUCeMoq.ini2
C:\WINDOWS\system32\fxqhsypb.ini
C:\WINDOWS\system32\kQBKRqru.ini
C:\WINDOWS\system32\kQBKRqru.ini2
C:\WINDOWS\system32\lempvdxt.ini
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\onWGNXyb.ini
C:\WINDOWS\system32\onWGNXyb.ini2
C:\WINDOWS\system32\tuvCLkkj.ini
C:\WINDOWS\system32\tuvCLkkj.ini2
C:\WINDOWS\system32\wotjvxuf.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CLBDRIVER
-------\Legacy_MSSECURITY1.209.4
-------\Service_clbdriver
-------\Service_MsSecurity1.209.4

((((((((((((((((((((((( Ficheiros criados de 2008-05-05 to 2008-06-05 ))))))))))))))))))))))))))))))))
.

2008-06-02 14:28 . 2008-06-02 14:28 26,624 --a------ C:\WINDOWS\avpcc.dll
2008-06-02 14:28 . 2008-06-02 14:28 24,576 --a------ C:\WINDOWS\sistem.exe
2008-06-02 14:28 . 2008-06-02 14:28 22,528 --a------ C:\WINDOWS\ctrlpan.dll
2008-06-02 14:28 . 2008-06-02 14:28 18,688 --a------ C:\WINDOWS\mtwirl32.dll
2008-06-02 14:28 . 2008-06-02 14:28 14,592 --a------ C:\WINDOWS\notepad32.exe
2008-06-02 00:37 . 2008-06-02 00:37 <DIR> d-------- C:\Programas\CCleaner
2008-06-01 04:23 . 2008-06-01 04:23 30,976 --a------ C:\WINDOWS\svchost32.exe
2008-06-01 04:23 . 2008-06-01 04:23 21,504 --a------ C:\WINDOWS\editpad.exe
2008-06-01 04:23 . 2008-06-02 01:29 21,248 --a------ C:\WINDOWS\rundll16.exe
2008-06-01 04:23 . 2008-06-01 04:23 19,712 --a------ C:\WINDOWS\quicken.exe
2008-06-01 04:23 . 2008-06-01 04:23 13,568 --a------ C:\WINDOWS\internet.exe
2008-06-01 04:23 . 2008-06-01 04:23 11,776 --a------ C:\WINDOWS\msconfd.dll
2008-06-01 04:03 . 2008-06-02 00:45 <DIR> d-------- C:\Programas\Spyware Doctor
2008-06-01 04:03 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-06-01 04:03 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-06-01 04:03 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-06-01 04:03 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-05-31 23:40 . 2008-06-02 14:26 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-31 23:08 . 2008-06-02 00:19 20 --a------ C:\WINDOWS\msxfcg32.dll
2008-05-31 22:56 . 2008-06-02 01:29 15,104 --a------ C:\WINDOWS\qttasks.exe
2008-05-31 22:55 . 2008-05-31 22:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-05-31 21:26 . 2008-05-31 21:27 <DIR> d-------- C:\Programas\Internet Explorer 7
2008-05-31 21:10 . 2006-03-02 13:00 28,288 --a--c--- C:\WINDOWS\system32\dllcache\xjis.nls
2008-05-31 21:08 . 2006-03-02 13:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-05-31 21:07 . 2006-03-02 13:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-05-31 21:07 . 2003-03-24 15:52 188,480 --a--c--- C:\WINDOWS\system32\dllcache\cfgwiz.exe
2008-05-31 21:07 . 2004-05-13 00:39 184,435 --a--c--- C:\WINDOWS\system32\dllcache\fp4amsft.dll
2008-05-31 21:07 . 2003-03-24 15:52 147,513 --a--c--- C:\WINDOWS\system32\dllcache\fp4apws.dll
2008-05-31 21:07 . 2003-03-24 15:52 82,035 --a--c--- C:\WINDOWS\system32\dllcache\fp4anscp.dll
2008-05-31 21:07 . 2003-03-24 15:52 20,540 --a--c--- C:\WINDOWS\system32\dllcache\author.dll
2008-05-31 21:07 . 2003-03-24 15:52 20,540 --a--c--- C:\WINDOWS\system32\dllcache\admin.dll
2008-05-31 21:07 . 2003-03-24 15:52 16,439 --a--c--- C:\WINDOWS\system32\dllcache\author.exe
2008-05-31 21:07 . 2003-03-24 15:52 16,439 --a--c--- C:\WINDOWS\system32\dllcache\admin.exe
2008-05-31 21:06 . 2008-05-31 21:06 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-05-31 21:06 . 2008-05-31 21:06 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-05-31 21:06 . 2008-05-31 21:06 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-05-31 21:06 . 2008-05-31 21:06 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-05-31 21:06 . 2008-05-31 21:06 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-05-31 21:01 . 2008-05-02 22:46 181,895 --a------ C:\WINDOWS\system32\nvdsp.chm
2008-05-31 21:01 . 2008-05-02 22:46 121,529 --a------ C:\WINDOWS\system32\nvcpl.chm
2008-05-31 21:01 . 2008-05-02 22:46 116,384 --a------ C:\WINDOWS\system32\nv3d.chm
2008-05-31 21:01 . 2008-05-02 22:46 54,988 --a------ C:\WINDOWS\system32\nvmob.chm
2008-05-31 19:28 . 2008-05-31 19:28 <DIR> d-------- C:\Programas\Yahoo!
2008-05-31 19:19 . 2008-05-31 19:19 26,624 --a------ C:\WINDOWS\helpcvs.exe
2008-05-31 04:04 . 2008-05-31 04:04 16,384 --a------ C:\WINDOWS\ctfmon32.exe
2008-05-30 23:54 . 2008-05-30 23:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-05-30 02:45 . 2008-05-30 02:45 9,984 --a------ C:\WINDOWS\xplugin.dll
2008-05-30 02:21 . 2008-05-30 02:21 15,616 --a------ C:\WINDOWS\cpan.dll
2008-05-30 02:21 . 2008-05-30 02:21 11,008 --a------ C:\WINDOWS\astctl32.ocx
2008-05-30 00:02 . 2008-05-30 00:11 121 --a------ C:\WINDOWS\bdagent.INI
2008-05-29 23:45 . 2008-05-30 00:12 <DIR> d-------- C:\Programas\BitDefender
2008-05-29 23:42 . 2008-05-29 23:54 <DIR> d-------- C:\WINDOWS\system32\zA
2008-05-29 23:42 . 2008-05-31 00:11 <DIR> d-------- C:\WINDOWS\system32\vntiho06
2008-05-29 23:42 . 2008-05-30 00:01 <DIR> d-------- C:\WINDOWS\system32\bIP
2008-05-29 23:42 . 2008-06-05 22:26 <DIR> d-------- C:\Temp
2008-05-29 23:42 . 2008-05-31 00:43 <DIR> d-------- C:\Programas\uTorrent
2008-05-29 23:42 . 2008-05-29 23:42 298,311 --a------ C:\WINDOWS\system32\gside.exe
2008-05-29 23:42 . 2008-05-29 23:42 88,961 --a------ C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
2008-05-29 23:42 . 2008-05-30 00:47 861 --a------ C:\WINDOWS\system32\winpfz33.sys
2008-05-29 23:41 . 2008-05-29 23:41 <DIR> dr------- C:\Documents and Settings\LocalService\Favoritos
2008-05-29 23:41 . 2008-05-29 23:41 4 --a------ C:\WINDOWS\system32\hljwugsf.bin
2008-05-29 23:34 . 2008-05-29 23:45 <DIR> d-------- C:\Programas\Ficheiros comuns\BitDefender
2008-05-29 22:55 . 2008-05-30 00:55 774 --ahs---- C:\WINDOWS\system32\dnprjbij.ini
2008-05-29 14:30 . 2008-05-29 14:30 <DIR> dr-h----- C:\MSOCache
2008-05-29 00:59 . 2008-05-30 15:02 613 --a------ C:\WINDOWS\wininit.ini
2008-05-28 23:31 . 2008-05-29 00:12 124,688 --a------ C:\WINDOWS\system32\MSWINSCK.OCX
2008-05-28 23:22 . 2008-06-02 01:27 <DIR> d-------- C:\Programas\Spybot - Search & Destroy
2008-05-28 23:22 . 2008-06-02 02:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-28 14:49 . 2008-05-28 14:49 <DIR> d-------- C:\Programas\Ficheiros comuns\Adobe
2008-05-27 19:12 . 2008-05-27 19:12 <DIR> d-------- C:\Programas\Apple Software Update
2008-05-27 19:12 . 2008-05-27 19:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-05-27 18:45 . 2008-05-27 18:45 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-05-27 18:41 . 2008-05-27 18:41 <DIR> d-------- C:\Programas\Ficheiros comuns\Skype
2008-05-27 18:41 . 2008-05-27 18:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-05-27 18:25 . 2008-05-27 18:25 379 --a------ C:\WINDOWS\ODBC.INI
2008-05-27 18:24 . 2008-05-27 18:24 <DIR> d-------- C:\Programas\Microsoft.NET
2008-05-27 18:24 . 2003-06-18 17:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-05-27 18:23 . 2008-05-27 18:24 <DIR> d--h----- C:\WINDOWS\ShellNew
2008-05-27 16:55 . 2003-06-12 23:25 7,062 --a------ C:\WINDOWS\system32\audiopid.vxd
2008-05-27 16:54 . 2000-05-22 09:58 647,872 --a------ C:\WINDOWS\system32\Mscomct2.ocx
2008-05-27 16:54 . 2004-08-04 00:57 91,648 --a------ C:\WINDOWS\system32\kswdmcap.ax
2008-05-27 16:54 . 2004-08-04 00:57 61,952 --a------ C:\WINDOWS\system32\kstvtune.ax
2008-05-27 16:54 . 2004-08-04 00:56 54,784 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2008-05-27 16:54 . 2004-08-04 00:57 43,008 --a------ C:\WINDOWS\system32\ksxbar.ax
2008-05-27 16:54 . 1999-10-10 18:00 41,984 --a------ C:\WINDOWS\Ctregrun.exe
2008-05-27 16:54 . 2004-08-04 00:57 28,672 --a------ C:\WINDOWS\system32\vidcap.ax
2008-05-27 16:21 . 2008-05-27 16:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2008-05-27 16:03 . 2008-05-27 16:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-27 16:00 . 2008-05-27 16:00 <DIR> d-------- C:\WINDOWS\WinRAR
2008-05-27 14:52 . 2008-05-27 19:13 <DIR> d-------- C:\Programas\QuickTime
2008-05-27 14:51 . 2008-05-27 19:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-27 14:51 . 2004-12-18 21:32 38,229 --a------ C:\WINDOWS\system32\drivers\StMp3Rec.sys
2008-05-27 14:46 . 2008-05-27 14:51 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-05-27 01:04 . 2008-05-27 01:04 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-05-27 01:04 . 2008-05-27 16:41 <DIR> d-------- C:\Programas\MSN Messenger
2008-05-27 01:02 . 2008-05-27 01:02 <DIR> d-------- C:\Programas\Ficheiros comuns\Java
2008-05-27 01:02 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-27 00:31 . 2008-05-27 18:13 <DIR> d--hsc--- C:\Programas\Ficheiros comuns\WindowsLiveInstaller
2008-05-27 00:30 . 2008-05-27 18:14 <DIR> d-------- C:\Programas\Windows Live
2008-05-27 00:30 . 2008-05-29 14:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-27 00:10 . 2008-05-27 00:10 <DIR> d-------- C:\Programas\Windows Media Connect 2
2008-05-27 00:09 . 2008-05-27 00:09 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-05-27 00:09 . 2008-05-27 00:10 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-05-26 23:52 . 2008-05-26 23:52 <DIR> d-------- C:\WINDOWS\system32\pt-pt
2008-05-26 22:29 . 2008-05-02 22:46 182,347 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-05-26 22:26 . 2006-03-02 13:00 1,086,058 -ra------ C:\WINDOWS\SET25.tmp
2008-05-26 22:26 . 2006-03-02 13:00 1,013,613 -ra------ C:\WINDOWS\SET22.tmp
2008-05-26 22:26 . 2006-03-02 13:00 14,913 -ra------ C:\WINDOWS\SET31.tmp
2008-05-26 22:26 . 2006-03-02 13:00 14,573 -ra------ C:\WINDOWS\SET5C.tmp
2008-05-26 20:48 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-05-26 20:48 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-05-26 20:32 . 2008-05-26 20:34 <DIR> d-------- C:\Documents and Settings\JoÆo
2008-05-26 20:30 . 2008-05-26 20:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-05-26 20:20 . 2003-03-25 05:49 106,544 --a------ C:\WINDOWS\system32\tweakui.cpl
2008-05-26 20:20 . 2003-03-25 05:49 98,304 --a------ C:\WINDOWS\system32\startup.cpl
2008-05-26 20:20 . 2004-02-17 10:11 53,248 --a------ C:\WINDOWS\system32\vp6dec_settings.cpl
2008-05-26 20:20 . 2003-03-25 05:49 51,238 --a------ C:\WINDOWS\system32\tweakui.hlp
2008-05-26 20:03 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-05-26 19:28 . 2008-05-26 19:28 <DIR> d-------- C:\WINDOWS\system32\InsFiles
2008-05-26 19:28 . 2008-05-26 19:28 <DIR> d-------- C:\Programas\Modem ADSL
2008-05-26 19:28 . 2003-09-04 09:15 540,589 -ra------ C:\WINDOWS\system32\drivers\torususb.sys
2008-05-26 19:28 . 2004-05-13 15:39 331,776 -ra------ C:\WINDOWS\system32\stmadsl.cpl
2008-05-26 19:28 . 2003-11-29 00:19 253,952 -ra------ C:\WINDOWS\system32\stmcfg32.dll
2008-05-26 19:28 . 2003-03-22 21:09 249,859 -ra------ C:\WINDOWS\editadsl.exe
2008-05-26 19:28 . 2004-05-13 15:54 159,744 -ra------ C:\WINDOWS\system32\stmctrl.dll

.
((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-30 23:57 13,312 ----a-w C:\WINDOWS\dnsrelay.dll
2008-05-28 17:59 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-05-26 18:55 --------- d-----w C:\Programas\Serviços online
2008-05-26 13:23 9,709,568 ----a-w C:\WINDOWS\RTLCPL.exe
2008-05-26 13:23 86,016 ----a-w C:\WINDOWS\SoundMan.exe
2008-05-26 13:23 69,632 ----a-w C:\WINDOWS\Alcmtr.exe
2008-05-26 13:23 499,712 ----a-w C:\WINDOWS\RtlExUpd.dll
2008-05-26 13:23 49,152 ----a-w C:\WINDOWS\system32\ChCfg.exe
2008-05-26 13:23 4,381,184 ----a-w C:\WINDOWS\system32\drivers\RtkHDAud.Sys
2008-05-26 13:23 364,544 ----a-w C:\WINDOWS\RtlUpd.exe
2008-05-26 13:23 2,879,488 ----a-w C:\WINDOWS\SkyTel.exe
2008-05-26 13:23 2,808,832 ----a-w C:\WINDOWS\alcwzrd.exe
2008-05-26 13:23 2,155,008 ----a-w C:\WINDOWS\MicCal.exe
2008-05-26 13:23 16,264,192 ----a-w C:\WINDOWS\RTHDCPL.exe
2008-05-26 13:01 9,728 ----a-w C:\WINDOWS\system32\drivers\videX32.sys
2008-05-26 13:01 11,264 ----a-w C:\WINDOWS\system32\drivers\xfilt.sys
2008-05-26 09:06 --------- d-----w C:\Programas\microsoft frontpage
.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06E12C36-760F-4D92-8509-5E5DBF12C423}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{902107E5-0FB1-4227-8605-0CF4D8586767}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AC05EE52-030F-4CA5-B583-1C833EB8322F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CAF0988F-C51B-48D9-B535-808EEAE295A9}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FAB2E16A-D9C3-41D3-BF19-F3A02BA6DCEB}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360]
"MsnMsgr"="C:\Programas\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"swg"="C:\Programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-05-27 16:20 171448]
"Creative WebCam Tray"="C:\Programas\Creative\Shared Files\CamTray.exe" [2005-10-27 11:00 299008]
"SpybotSD TeaTimer"="C:\Programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 22:46 13529088]
"nwiz"="nwiz.exe" [2008-05-02 22:46 1630208 C:\WINDOWS\system32\nwiz.exe]
"SkyTel"="SkyTel.EXE" [2008-05-26 14:23 2879488 C:\WINDOWS\SkyTel.exe]
"SunJavaUpdateSched"="C:\Programas\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Google Desktop Search"="C:\Programas\Google\Google Desktop Search\GoogleDesktop.exe" [2008-05-27 16:20 1862144]
"QuickTime Task"="C:\Programas\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"Adobe Reader Speed Launcher"="C:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 22:46 86016]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-26 14:23 16264192 C:\WINDOWS\RTHDCPL.exe]
"AdslTaskBar"="stmctrl.dll" [2004-05-13 15:54 159744 C:\WINDOWS\system32\stmctrl.dll]
"Alcmtr"="ALCMTR.EXE" [2008-05-26 14:23 69632 C:\WINDOWS\Alcmtr.exe]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Arranque\
WinZip Quick Pick.lnk - C:\Programas\WinZip\WZQKPICK.EXE [2007-08-03 11:10:00 394856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnoOghG]
nnnoOghG.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnnlljh]
opnnlljh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= C:\PROGRA~1\ACEMEG~1\SystemS\ATI\atiyuv12.DLL
"vidc.divx"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivX520.dll
"vidc.iyuv"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\iyuv_32.dll
"vidc.yvu9"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\Iyvu9_32.dll
"vidc.uyvy"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"vidc.yuy2"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"vidc.yvyu"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\clbdriver.sys]
@=""

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2008-05-26 14:01]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2008-05-26 14:01]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 00:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 00:16]
R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\system32\DRIVERS\stmatm.sys [2003-08-08 10:51]
R3 TaurusUsb;ADSL Modem USB Service;C:\WINDOWS\system32\DRIVERS\torususb.sys [2003-09-04 09:15]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F8B9E5C0-4DCC-CFCF-ABA5-00401D608516}]
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Ferramentas administrativas\Recycle Bin\kdja.exe
.
Conte£do da pasta 'Tarefas Agendadas'
"2008-05-30 12:28:15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programas\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-05 22:29:57
Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializ veis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso
Ficheiros ocultos: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Programas\Alwil Software\Avast4\ashServ.exe
C:\Programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Programas\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Tempo para conclusÆo: 2008-06-05 22:32:41 - machine was rebooted [Propriet rio]
ComboFix-quarantined-files.txt 2008-06-05 21:32:38

Pre-Run: 99,713,781,760 bytes livres
Post-Run: 99,821,051,904 bytes livres

300 --- E O F --- 2008-06-05 16:27:43

by **dan12** » June 5th, 2008, 6:25 pm

Can I see a fresh HJT log also.
Can you tell me if this phrase C:\Documents and Settings\Proprietário\Ambiente de trabalho\ComboFix.exe translates to desktop?

Combofix.exe needs to run from the desktop as the following scripts I have you run, will not work.
Can you ensure its run from the desktop next time we run it!
Thanks dan

by **dvegas** » June 5th, 2008, 7:58 pm

yes!! she´s here!! C:\Documents and Settings\Proprietário\Ambiente de trabalho\ComboFix.exe

new scan

ComboFix 08-06-05.3 - Proprietário 2008-06-06 0:28:52.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.2070.18.647 [GMT 1:00]
Executando de: C:\Documents and Settings\Proprietário\Ambiente de trabalho\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Proprietário\Menu Iniciar\Programas\Arranque\DW_Start.lnk
C:\WINDOWS\msxfcg32.dll

.
((((((((((((((((((((((( Ficheiros criados de 2008-05-05 to 2008-06-05 ))))))))))))))))))))))))))))))))
.

2008-06-05 23:31 . 2008-06-05 23:31 <DIR> d-------- C:\Nova pasta
2008-06-05 23:10 . 2008-06-05 23:10 <DIR> d-------- C:\Programas\Sun
2008-06-05 23:10 . 2006-10-04 15:06 1,197,294 --a--c--- C:\WINDOWS\system32\dllcache\SETA5.tmp
2008-06-05 23:10 . 2008-06-05 23:10 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-06-05 23:09 . 2008-06-05 23:09 3,458 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-06-05 23:08 . 2008-06-05 23:08 <DIR> d-------- C:\WINDOWS\LastGood
2008-06-05 22:32 . 2008-06-05 22:32 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Definiþ§es locais
2008-06-05 22:32 . 2008-06-05 22:32 <DIR> d-------- C:\Documents and Settings\Proprietßrio
2008-06-05 22:32 . 2008-06-05 22:32 <DIR> d-------- C:\Documents and Settings\NetworkService\Definiþ§es locais
2008-06-05 22:32 . 2008-06-05 22:32 <DIR> d-------- C:\Documents and Settings\LocalService\Definiþ§es locais
2008-06-05 22:32 . 2008-06-05 22:32 <DIR> d-------- C:\Documents and Settings\JoÒo
2008-06-05 22:32 . 2008-06-05 22:32 <DIR> d-------- C:\Documents and Settings\Administrador\Definiþ§es locais
2008-06-02 14:28 . 2008-06-02 14:28 24,576 --a------ C:\WINDOWS\sistem.exe
2008-06-02 14:28 . 2008-06-02 14:28 22,528 --a------ C:\WINDOWS\ctrlpan.dll
2008-06-01 04:23 . 2008-06-01 04:23 30,976 --a------ C:\WINDOWS\svchost32.exe
2008-06-01 04:23 . 2008-06-01 04:23 21,504 --a------ C:\WINDOWS\editpad.exe
2008-06-01 04:23 . 2008-06-02 01:29 21,248 --a------ C:\WINDOWS\rundll16.exe
2008-06-01 04:23 . 2008-06-01 04:23 19,712 --a------ C:\WINDOWS\quicken.exe
2008-06-01 04:23 . 2008-06-01 04:23 13,568 --a------ C:\WINDOWS\internet.exe
2008-06-01 04:23 . 2008-06-01 04:23 11,776 --a------ C:\WINDOWS\msconfd.dll
2008-06-01 04:03 . 2008-06-05 23:04 <DIR> d-------- C:\Programas\Spyware Doctor
2008-05-31 23:40 . 2008-06-05 23:04 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-31 22:56 . 2008-06-02 01:29 15,104 --a------ C:\WINDOWS\qttasks.exe
2008-05-31 22:55 . 2008-05-31 22:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-05-31 21:26 . 2008-05-31 21:27 <DIR> d-------- C:\Programas\Internet Explorer 7
2008-05-31 21:10 . 2006-03-02 13:00 28,288 --a--c--- C:\WINDOWS\system32\dllcache\xjis.nls
2008-05-31 21:08 . 2006-03-02 13:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-05-31 21:07 . 2006-03-02 13:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-05-31 21:07 . 2003-03-24 15:52 188,480 --a--c--- C:\WINDOWS\system32\dllcache\cfgwiz.exe
2008-05-31 21:07 . 2004-05-13 00:39 184,435 --a--c--- C:\WINDOWS\system32\dllcache\fp4amsft.dll
2008-05-31 21:07 . 2003-03-24 15:52 147,513 --a--c--- C:\WINDOWS\system32\dllcache\fp4apws.dll
2008-05-31 21:07 . 2003-03-24 15:52 82,035 --a--c--- C:\WINDOWS\system32\dllcache\fp4anscp.dll
2008-05-31 21:07 . 2003-03-24 15:52 20,540 --a--c--- C:\WINDOWS\system32\dllcache\author.dll
2008-05-31 21:07 . 2003-03-24 15:52 20,540 --a--c--- C:\WINDOWS\system32\dllcache\admin.dll
2008-05-31 21:07 . 2003-03-24 15:52 16,439 --a--c--- C:\WINDOWS\system32\dllcache\author.exe
2008-05-31 21:07 . 2003-03-24 15:52 16,439 --a--c--- C:\WINDOWS\system32\dllcache\admin.exe
2008-05-31 21:06 . 2008-05-31 21:06 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-05-31 21:06 . 2008-05-31 21:06 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-05-31 21:06 . 2008-05-31 21:06 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-05-31 21:06 . 2008-05-31 21:06 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-05-31 21:06 . 2008-05-31 21:06 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-05-31 21:01 . 2008-05-02 22:46 181,895 --a------ C:\WINDOWS\system32\nvdsp.chm
2008-05-31 21:01 . 2008-05-02 22:46 121,529 --a------ C:\WINDOWS\system32\nvcpl.chm
2008-05-31 21:01 . 2008-05-02 22:46 116,384 --a------ C:\WINDOWS\system32\nv3d.chm
2008-05-31 21:01 . 2008-05-02 22:46 54,988 --a------ C:\WINDOWS\system32\nvmob.chm
2008-05-31 19:28 . 2008-05-31 19:28 <DIR> d-------- C:\Programas\Yahoo!
2008-05-31 19:19 . 2008-05-31 19:19 26,624 --a------ C:\WINDOWS\helpcvs.exe
2008-05-31 04:04 . 2008-05-31 04:04 16,384 --a------ C:\WINDOWS\ctfmon32.exe
2008-05-30 23:54 . 2008-05-30 23:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-05-30 02:45 . 2008-05-30 02:45 9,984 --a------ C:\WINDOWS\xplugin.dll
2008-05-30 02:21 . 2008-05-30 02:21 15,616 --a------ C:\WINDOWS\cpan.dll
2008-05-30 02:21 . 2008-05-30 02:21 11,008 --a------ C:\WINDOWS\astctl32.ocx
2008-05-30 00:02 . 2008-05-30 00:11 121 --a------ C:\WINDOWS\bdagent.INI
2008-05-29 23:45 . 2008-05-30 00:12 <DIR> d-------- C:\Programas\BitDefender
2008-05-29 23:42 . 2008-05-29 23:54 <DIR> d-------- C:\WINDOWS\system32\zA
2008-05-29 23:42 . 2008-05-31 00:11 <DIR> d-------- C:\WINDOWS\system32\vntiho06
2008-05-29 23:42 . 2008-05-30 00:01 <DIR> d-------- C:\WINDOWS\system32\bIP
2008-05-29 23:42 . 2008-06-05 22:26 <DIR> d-------- C:\Temp
2008-05-29 23:42 . 2008-05-31 00:43 <DIR> d-------- C:\Programas\uTorrent
2008-05-29 23:42 . 2008-05-31 00:43 <DIR> d-------- C:\Documents and Settings\Proprietário\Application Data\uTorrent
2008-05-29 23:42 . 2008-05-29 23:42 298,311 --a------ C:\WINDOWS\system32\gside.exe
2008-05-29 23:42 . 2008-05-29 23:42 88,961 --a------ C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
2008-05-29 23:42 . 2008-05-30 00:47 861 --a------ C:\WINDOWS\system32\winpfz33.sys
2008-05-29 23:41 . 2008-05-29 23:41 <DIR> dr------- C:\Documents and Settings\LocalService\Favoritos
2008-05-29 23:41 . 2008-05-29 23:41 4 --a------ C:\WINDOWS\system32\hljwugsf.bin
2008-05-29 23:34 . 2008-05-29 23:45 <DIR> d-------- C:\Programas\Ficheiros comuns\BitDefender
2008-05-29 22:55 . 2008-05-30 00:55 774 --ahs---- C:\WINDOWS\system32\dnprjbij.ini
2008-05-29 14:30 . 2008-05-29 14:30 <DIR> dr-h----- C:\MSOCache
2008-05-29 00:59 . 2008-05-30 15:02 613 --a------ C:\WINDOWS\wininit.ini
2008-05-28 23:33 . 2008-05-28 23:39 <DIR> d-------- C:\Documents and Settings\Proprietário\Application Data\AVGTOOLBAR
2008-05-28 23:31 . 2008-05-29 00:12 124,688 --a------ C:\WINDOWS\system32\MSWINSCK.OCX
2008-05-28 23:22 . 2008-06-02 01:27 <DIR> d-------- C:\Programas\Spybot - Search & Destroy
2008-05-28 23:22 . 2008-06-02 02:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-28 18:59 . 2008-05-28 18:59 <DIR> dr-h----- C:\Documents and Settings\Proprietário\Application Data\SecuROM
2008-05-28 14:49 . 2008-05-28 14:49 <DIR> d-------- C:\Programas\Ficheiros comuns\Adobe
2008-05-27 19:12 . 2008-05-27 19:12 <DIR> d-------- C:\Programas\Apple Software Update
2008-05-27 19:12 . 2008-05-27 19:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-05-27 19:08 . 2008-05-27 19:13 <DIR> d-------- C:\Documents and Settings\Proprietário\Application Data\Apple Computer
2008-05-27 18:45 . 2008-05-27 18:45 <DIR> d-------- C:\Documents and Settings\Proprietário\Application Data\skypePM
2008-05-27 18:45 . 2008-05-27 18:45 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-05-27 18:41 . 2008-05-27 18:41 <DIR> d-------- C:\Programas\Ficheiros comuns\Skype
2008-05-27 18:41 . 2008-05-27 18:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-05-27 18:25 . 2008-05-27 18:25 379 --a------ C:\WINDOWS\ODBC.INI
2008-05-27 18:24 . 2008-05-27 18:24 <DIR> d-------- C:\Programas\Microsoft.NET
2008-05-27 18:24 . 2003-06-18 17:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-05-27 18:23 . 2008-05-27 18:24 <DIR> d--h----- C:\WINDOWS\ShellNew
2008-05-27 18:12 . 2008-05-27 18:12 <DIR> d-------- C:\Documents and Settings\Proprietário\Application Data\Creative
2008-05-27 16:55 . 2003-06-12 23:25 7,062 --a------ C:\WINDOWS\system32\audiopid.vxd
2008-05-27 16:54 . 2000-05-22 09:58 647,872 --a------ C:\WINDOWS\system32\Mscomct2.ocx
2008-05-27 16:54 . 2004-08-04 00:57 91,648 --a------ C:\WINDOWS\system32\kswdmcap.ax
2008-05-27 16:54 . 2004-08-04 00:57 61,952 --a------ C:\WINDOWS\system32\kstvtune.ax
2008-05-27 16:54 . 2004-08-04 00:56 54,784 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2008-05-27 16:54 . 2004-08-04 00:57 43,008 --a------ C:\WINDOWS\system32\ksxbar.ax
2008-05-27 16:54 . 1999-10-10 18:00 41,984 --a------ C:\WINDOWS\Ctregrun.exe
2008-05-27 16:54 . 2004-08-04 00:57 28,672 --a------ C:\WINDOWS\system32\vidcap.ax
2008-05-27 16:21 . 2008-05-27 16:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2008-05-27 16:03 . 2008-05-27 16:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-27 16:00 . 2008-05-27 16:00 <DIR> d-------- C:\WINDOWS\WinRAR
2008-05-27 14:52 . 2008-05-27 19:13 <DIR> d-------- C:\Programas\QuickTime
2008-05-27 14:51 . 2008-05-27 19:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-27 14:51 . 2004-12-18 21:32 38,229 --a------ C:\WINDOWS\system32\drivers\StMp3Rec.sys
2008-05-27 14:46 . 2008-05-27 14:51 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-05-27 01:04 . 2008-05-27 01:04 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-05-27 01:04 . 2008-05-27 16:41 <DIR> d-------- C:\Programas\MSN Messenger
2008-05-27 01:04 . 2008-05-27 14:42 <DIR> d-------- C:\Documents and Settings\Proprietário\Contacts
2008-05-27 01:04 . 2008-05-27 14:42 <DIR> d-------- C:\Documents and Settings\Proprietário\Contacts
2008-05-27 01:02 . 2008-05-27 01:02 <DIR> d-------- C:\Programas\Ficheiros comuns\Java
2008-05-27 01:02 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-27 00:31 . 2008-05-27 18:13 <DIR> d--hsc--- C:\Programas\Ficheiros comuns\WindowsLiveInstaller
2008-05-27 00:30 . 2008-05-27 18:14 <DIR> d-------- C:\Programas\Windows Live
2008-05-27 00:30 . 2008-05-29 14:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-27 00:10 . 2008-05-27 00:10 <DIR> d-------- C:\Programas\Windows Media Connect 2
2008-05-27 00:09 . 2008-05-27 00:09 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-05-27 00:09 . 2008-05-27 00:10 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-05-26 23:52 . 2008-05-26 23:52 <DIR> d-------- C:\WINDOWS\system32\pt-pt
2008-05-26 22:29 . 2008-05-02 22:46 182,347 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-05-26 22:26 . 2006-03-02 13:00 1,086,058 -ra------ C:\WINDOWS\SET25.tmp
2008-05-26 22:26 . 2006-03-02 13:00 1,013,613 -ra------ C:\WINDOWS\SET22.tmp
2008-05-26 22:26 . 2006-03-02 13:00 14,913 -ra------ C:\WINDOWS\SET31.tmp
2008-05-26 22:26 . 2006-03-02 13:00 14,573 -ra------ C:\WINDOWS\SET5C.tmp
2008-05-26 20:48 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-05-26 20:48 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-05-26 20:32 . 2008-05-26 20:34 <DIR> d-------- C:\Documents and Settings\João\Os meus documentos
2008-05-26 20:32 . 2008-05-26 20:34 <DIR> d-------- C:\Documents and Settings\João
2008-05-26 20:30 . 2008-06-05 23:57 <DIR> d-------- C:\Documents and Settings\Proprietário\Application Data\Azureus

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-30 23:57 13,312 ----a-w C:\WINDOWS\dnsrelay.dll
2008-05-28 17:59 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-05-26 18:55 --------- d-----w C:\Programas\Serviços online
2008-05-26 13:23 9,709,568 ----a-w C:\WINDOWS\RTLCPL.exe
2008-05-26 13:23 86,016 ----a-w C:\WINDOWS\SoundMan.exe
2008-05-26 13:23 69,632 ----a-w C:\WINDOWS\Alcmtr.exe
2008-05-26 13:23 499,712 ----a-w C:\WINDOWS\RtlExUpd.dll
2008-05-26 13:23 49,152 ----a-w C:\WINDOWS\system32\ChCfg.exe
2008-05-26 13:23 4,381,184 ----a-w C:\WINDOWS\system32\drivers\RtkHDAud.Sys
2008-05-26 13:23 364,544 ----a-w C:\WINDOWS\RtlUpd.exe
2008-05-26 13:23 2,879,488 ----a-w C:\WINDOWS\SkyTel.exe
2008-05-26 13:23 2,808,832 ----a-w C:\WINDOWS\alcwzrd.exe
2008-05-26 13:23 2,155,008 ----a-w C:\WINDOWS\MicCal.exe
2008-05-26 13:23 16,264,192 ----a-w C:\WINDOWS\RTHDCPL.exe
2008-05-26 13:01 9,728 ----a-w C:\WINDOWS\system32\drivers\videX32.sys
2008-05-26 13:01 11,264 ----a-w C:\WINDOWS\system32\drivers\xfilt.sys
2008-05-26 09:06 --------- d-----w C:\Programas\microsoft frontpage
2008-03-19 20:29 21,760 ----a-w C:\Documents and Settings\João\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( snapshot@2008-06-05_22.32.28.43 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-05 21:29:26 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-05 21:59:49 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2006-03-02 12:00:00 212,992 ----a-w C:\WINDOWS\inf\unregmp2.exe
+ 2007-01-05 19:06:06 317,440 ----a-w C:\WINDOWS\inf\unregmp2.exe
- 2006-03-02 12:00:00 8,704 ----a-w C:\WINDOWS\system32\asferror.dll
+ 2007-01-05 19:01:02 7,680 ----a-w C:\WINDOWS\system32\asferror.dll
- 2006-03-02 12:00:00 286,208 ----a-w C:\WINDOWS\system32\blackbox.dll
+ 2006-10-18 20:47:10 542,720 ----a-w C:\WINDOWS\system32\blackbox.dll
- 2006-03-02 12:00:00 159,232 ----a-w C:\WINDOWS\system32\cewmdm.dll
+ 2006-10-18 20:47:10 229,376 ----a-w C:\WINDOWS\system32\cewmdm.dll
- 2008-05-31 20:12:16 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-06-05 22:08:34 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-05-31 20:12:16 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Definições locais\Histórico\History.IE5\index.dat
+ 2008-06-05 22:08:34 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Definições locais\Histórico\History.IE5\index.dat
- 2008-05-31 20:12:16 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Definições locais\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-05 22:08:34 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Definições locais\Temporary Internet Files\Content.IE5\index.dat
- 2006-03-02 12:00:00 8,704 -c--a-w C:\WINDOWS\system32\dllcache\asferror.dll
+ 2007-01-05 19:01:02 7,680 -c--a-w C:\WINDOWS\system32\dllcache\asferror.dll
- 2006-03-02 12:00:00 286,208 -c--a-w C:\WINDOWS\system32\dllcache\blackbox.dll
+ 2006-10-18 20:47:10 542,720 -c--a-w C:\WINDOWS\system32\dllcache\blackbox.dll
- 2006-03-02 12:00:00 159,232 -c--a-w C:\WINDOWS\system32\dllcache\cewmdm.dll
+ 2006-10-18 20:47:10 229,376 -c--a-w C:\WINDOWS\system32\dllcache\cewmdm.dll
- 2006-03-02 12:00:00 695,296 -c--a-w C:\WINDOWS\system32\dllcache\drmv2clt.dll
+ 2006-10-18 20:47:10 991,744 -c--a-w C:\WINDOWS\system32\dllcache\drmv2clt.dll
- 2006-03-02 12:00:00 6,656 -c--a-w C:\WINDOWS\system32\dllcache\laprxy.dll
+ 2006-10-18 20:47:14 11,264 -c--a-w C:\WINDOWS\system32\dllcache\LAPRXY.dll
- 2006-03-02 12:00:00 103,936 -c--a-w C:\WINDOWS\system32\dllcache\logagent.exe
+ 2006-10-18 19:03:58 100,864 -c--a-w C:\WINDOWS\system32\dllcache\logagent.exe
- 2006-03-02 12:00:00 310,272 -c--a-w C:\WINDOWS\system32\dllcache\mp43dmod.dll
+ 2006-10-18 20:47:14 4,096 -c--a-w C:\WINDOWS\system32\dllcache\MP43DMOD.dll
- 2006-03-02 12:00:00 384,512 -c--a-w C:\WINDOWS\system32\dllcache\mp4sdmod.dll
+ 2006-10-18 20:47:14 4,096 -c--a-w C:\WINDOWS\system32\dllcache\MP4SDMOD.dll
- 2006-03-02 12:00:00 240,640 -c--a-w C:\WINDOWS\system32\dllcache\mpg4dmod.dll
+ 2006-10-18 20:47:14 4,096 -c--a-w C:\WINDOWS\system32\dllcache\MPG4DMOD.dll
- 2006-03-02 12:00:00 368,640 -c--a-w C:\WINDOWS\system32\dllcache\mpvis.dll
+ 2007-01-05 19:01:40 244,224 -c--a-w C:\WINDOWS\system32\dllcache\mpvis.dll
- 2006-03-02 12:00:00 259,072 -c--a-w C:\WINDOWS\system32\dllcache\msnetobj.dll
+ 2006-10-18 20:47:16 179,712 -c--a-w C:\WINDOWS\system32\dllcache\msnetobj.dll
- 2006-03-02 12:00:00 52,736 -c--a-w C:\WINDOWS\system32\dllcache\mspmsnsv.dll
+ 2006-10-18 20:47:16 27,136 -c--a-w C:\WINDOWS\system32\dllcache\mspmsnsv.dll
- 2006-03-02 12:00:00 201,728 -c--a-w C:\WINDOWS\system32\dllcache\mspmsp.dll
+ 2006-10-18 20:47:16 175,616 -c--a-w C:\WINDOWS\system32\dllcache\mspmsp.dll
- 2006-03-02 12:00:00 356,352 -c--a-w C:\WINDOWS\system32\dllcache\msscp.dll
+ 2006-10-18 20:47:16 414,208 -c--a-w C:\WINDOWS\system32\dllcache\msscp.dll
- 2006-03-02 12:00:00 246,272 -c--a-w C:\WINDOWS\system32\dllcache\mswmdm.dll
+ 2006-10-18 20:47:16 321,536 -c--a-w C:\WINDOWS\system32\dllcache\mswmdm.dll
- 2006-03-02 12:00:00 237,568 -c--a-w C:\WINDOWS\system32\dllcache\qasf.dll
+ 2006-10-18 20:47:18 211,456 -c--a-w C:\WINDOWS\system32\dllcache\qasf.dll
- 2006-03-02 12:00:00 774,144 -c--a-w C:\WINDOWS\system32\dllcache\setup_wm.exe
+ 2007-01-05 20:20:44 1,677,312 -c--a-w C:\WINDOWS\system32\dllcache\setup_wm.exe
- 2006-03-02 12:00:00 212,992 -c--a-w C:\WINDOWS\system32\dllcache\unregmp2.exe
+ 2007-01-05 19:06:06 317,440 -c--a-w C:\WINDOWS\system32\dllcache\unregmp2.exe
- 2006-03-02 12:00:00 408,064 -c--a-w C:\WINDOWS\system32\dllcache\wmadmod.dll
+ 2006-10-18 20:47:18 757,248 -c--a-w C:\WINDOWS\system32\dllcache\WMADMOD.dll
- 2006-03-02 12:00:00 670,720 -c--a-w C:\WINDOWS\system32\dllcache\wmadmoe.dll
+ 2006-10-18 20:47:18 1,117,696 -c--a-w C:\WINDOWS\system32\dllcache\WMADMOE.dll
- 2006-03-02 12:00:00 230,400 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll
+ 2006-10-18 20:47:18 222,208 -c--a-w C:\WINDOWS\system32\dllcache\WMASF.dll
- 2006-03-02 12:00:00 27,136 -c--a-w C:\WINDOWS\system32\dllcache\wmdmlog.dll
+ 2006-10-18 20:47:18 33,792 -c--a-w C:\WINDOWS\system32\dllcache\wmdmlog.dll
- 2006-03-02 12:00:00 23,552 -c--a-w C:\WINDOWS\system32\dllcache\wmdmps.dll
+ 2006-10-18 20:47:18 37,376 -c--a-w C:\WINDOWS\system32\dllcache\wmdmps.dll
- 2006-03-02 12:00:00 193,536 -c--a-w C:\WINDOWS\system32\dllcache\wmerror.dll
+ 2007-01-05 19:06:28 259,584 -c--a-w C:\WINDOWS\system32\dllcache\wmerror.dll
- 2006-03-02 12:00:00 151,552 -c--a-w C:\WINDOWS\system32\dllcache\wmidx.dll
+ 2006-10-18 20:47:20 157,184 -c--a-w C:\WINDOWS\system32\dllcache\wmidx.dll
- 2006-03-02 12:00:00 1,050,624 -c--a-w C:\WINDOWS\system32\dllcache\wmnetmgr.dll
+ 2006-10-18 20:47:20 937,984 -c--a-w C:\WINDOWS\system32\dllcache\WMNetMgr.dll
- 2006-03-02 12:00:00 4,874,240 -c--a-w C:\WINDOWS\system32\dllcache\wmp.dll
+ 2006-10-18 20:47:20 10,834,432 -c--a-w C:\WINDOWS\system32\dllcache\wmp.dll
- 2006-03-02 12:00:00 114,688 -c--a-w C:\WINDOWS\system32\dllcache\wmpasf.dll
+ 2006-10-18 20:47:20 242,688 -c--a-w C:\WINDOWS\system32\dllcache\wmpasf.dll
- 2006-03-02 12:00:00 98,304 -c--a-w C:\WINDOWS\system32\dllcache\wmpband.dll
+ 2007-01-05 19:06:48 96,256 -c--a-w C:\WINDOWS\system32\dllcache\wmpband.dll
- 2006-03-02 12:00:00 233,472 -c--a-w C:\WINDOWS\system32\dllcache\wmpdxm.dll
+ 2006-10-18 20:47:20 314,880 -c--a-w C:\WINDOWS\system32\dllcache\wmpdxm.dll
- 2006-03-02 12:00:00 73,728 -c--a-w C:\WINDOWS\system32\dllcache\wmplayer.exe
+ 2007-01-05 19:07:24 64,000 -c--a-w C:\WINDOWS\system32\dllcache\wmplayer.exe
- 2006-03-02 12:00:00 2,969,600 -c--a-w C:\WINDOWS\system32\dllcache\wmploc.dll
+ 2007-01-05 20:24:16 8,277,504 -c--a-w C:\WINDOWS\system32\dllcache\wmploc.dll
- 2006-03-02 12:00:00 102,400 -c--a-w C:\WINDOWS\system32\dllcache\wmpshell.dll
+ 2007-01-05 19:07:42 99,840 -c--a-w C:\WINDOWS\system32\dllcache\wmpshell.dll
- 2006-03-02 12:00:00 759,296 -c--a-w C:\WINDOWS\system32\dllcache\wmsdmod.dll
+ 2006-10-18 20:47:22 4,096 -c--a-w C:\WINDOWS\system32\dllcache\wmsdmod.dll
- 2006-03-02 12:00:00 1,119,744 -c--a-w C:\WINDOWS\system32\dllcache\wmsdmoe2.dll
+ 2006-10-18 20:47:22 4,096 -c--a-w C:\WINDOWS\system32\dllcache\wmsdmoe2.dll
- 2006-03-02 12:00:00 484,864 -c--a-w C:\WINDOWS\system32\dllcache\wmspdmod.dll
+ 2006-10-18 20:47:22 603,648 -c--a-w C:\WINDOWS\system32\dllcache\WMSPDMOD.dll
- 2006-03-02 12:00:00 896,512 -c--a-w C:\WINDOWS\system32\dllcache\wmspdmoe.dll
+ 2006-10-18 20:47:22 1,329,152 -c--a-w C:\WINDOWS\system32\dllcache\WMSPDMOE.dll
- 2006-03-02 12:00:00 2,105,344 -c--a-w C:\WINDOWS\system32\dllcache\wmvcore.dll
+ 2006-10-18 20:47:22 2,450,944 -c--a-w C:\WINDOWS\system32\dllcache\wmvcore.dll
- 2006-03-02 12:00:00 809,984 -c--a-w C:\WINDOWS\system32\dllcache\wmvdmod.dll
+ 2006-10-18 20:47:22 4,096 -c--a-w C:\WINDOWS\system32\dllcache\wmvdmod.dll
- 2006-03-02 12:00:00 1,001,472 -c--a-w C:\WINDOWS\system32\dllcache\wmvdmoe2.dll
+ 2006-10-18 20:47:22 4,096 -c--a-w C:\WINDOWS\system32\dllcache\wmvdmoe2.dll
- 2006-03-02 12:00:00 695,296 ----a-w C:\WINDOWS\system32\drmv2clt.dll
+ 2006-10-18 20:47:10 991,744 ----a-w C:\WINDOWS\system32\drmv2clt.dll
- 2006-03-02 12:00:00 6,656 ----a-w C:\WINDOWS\system32\laprxy.dll
+ 2006-10-18 20:47:14 11,264 ----a-w C:\WINDOWS\system32\LAPRXY.dll
- 2006-03-02 12:00:00 103,936 ----a-w C:\WINDOWS\system32\logagent.exe
+ 2006-10-18 19:03:58 100,864 ----a-w C:\WINDOWS\system32\logagent.exe
- 2006-03-02 12:00:00 310,272 ----a-w C:\WINDOWS\system32\mp43dmod.dll
+ 2006-10-18 20:47:14 4,096 ----a-w C:\WINDOWS\system32\MP43DMOD.dll
- 2006-03-02 12:00:00 384,512 ----a-w C:\WINDOWS\system32\mp4sdmod.dll
+ 2006-10-18 20:47:14 4,096 ----a-w C:\WINDOWS\system32\MP4SDMOD.dll
- 2006-03-02 12:00:00 240,640 ----a-w C:\WINDOWS\system32\mpg4dmod.dll
+ 2006-10-18 20:47:14 4,096 ----a-w C:\WINDOWS\system32\MPG4DMOD.dll
- 2006-03-02 12:00:00 259,072 ----a-w C:\WINDOWS\system32\msnetobj.dll
+ 2006-10-18 20:47:16 179,712 ----a-w C:\WINDOWS\system32\msnetobj.dll
- 2006-03-02 12:00:00 52,736 ----a-w C:\WINDOWS\system32\mspmsnsv.dll
+ 2006-10-18 20:47:16 27,136 ----a-w C:\WINDOWS\system32\mspmsnsv.dll
- 2006-03-02 12:00:00 201,728 ----a-w C:\WINDOWS\system32\mspmsp.dll
+ 2006-10-18 20:47:16 175,616 ----a-w C:\WINDOWS\system32\mspmsp.dll
- 2006-03-02 12:00:00 356,352 ----a-w C:\WINDOWS\system32\msscp.dll
+ 2006-10-18 20:47:16 414,208 ----a-w C:\WINDOWS\system32\msscp.dll
- 2006-03-02 12:00:00 246,272 ----a-w C:\WINDOWS\system32\mswmdm.dll
+ 2006-10-18 20:47:16 321,536 ----a-w C:\WINDOWS\system32\mswmdm.dll
- 2006-03-02 12:00:00 237,568 ----a-w C:\WINDOWS\system32\qasf.dll
+ 2006-10-18 20:47:18 211,456 ----a-w C:\WINDOWS\system32\qasf.dll
- 2008-03-20 13:41:20 14,640 ----a-w C:\WINDOWS\system32\spmsg.dll
+ 2006-09-25 16:58:48 14,640 ------w C:\WINDOWS\system32\spmsg.dll
- 2006-03-02 12:00:00 408,064 ----a-w C:\WINDOWS\system32\wmadmod.dll
+ 2006-10-18 20:47:18 757,248 ----a-w C:\WINDOWS\system32\wmadmod.dll
- 2006-03-02 12:00:00 670,720 ----a-w C:\WINDOWS\system32\wmadmoe.dll
+ 2006-10-18 20:47:18 1,117,696 ----a-w C:\WINDOWS\system32\WMADMOE.dll
- 2006-03-02 12:00:00 230,400 ----a-w C:\WINDOWS\system32\wmasf.dll
+ 2006-10-18 20:47:18 222,208 ----a-w C:\WINDOWS\system32\wmasf.dll
- 2006-03-02 12:00:00 27,136 ----a-w C:\WINDOWS\system32\wmdmlog.dll
+ 2006-10-18 20:47:18 33,792 ----a-w C:\WINDOWS\system32\wmdmlog.dll
- 2006-03-02 12:00:00 23,552 ----a-w C:\WINDOWS\system32\wmdmps.dll
+ 2006-10-18 20:47:18 37,376 ----a-w C:\WINDOWS\system32\wmdmps.dll
- 2006-03-02 12:00:00 193,536 ----a-w C:\WINDOWS\system32\wmerror.dll
+ 2007-01-05 19:06:28 259,584 ----a-w C:\WINDOWS\system32\wmerror.dll
- 2006-03-02 12:00:00 151,552 ----a-w C:\WINDOWS\system32\wmidx.dll
+ 2006-10-18 20:47:20 157,184 ----a-w C:\WINDOWS\system32\wmidx.dll
- 2006-03-02 12:00:00 1,050,624 ----a-w C:\WINDOWS\system32\wmnetmgr.dll
+ 2006-10-18 20:47:20 937,984 ----a-w C:\WINDOWS\system32\WMNetMgr.dll
- 2006-03-02 12:00:00 4,874,240 ----a-w C:\WINDOWS\system32\wmp.dll
+ 2006-10-18 20:47:20 10,834,432 ----a-w C:\WINDOWS\system32\wmp.dll
- 2006-03-02 12:00:00 114,688 ----a-w C:\WINDOWS\system32\wmpasf.dll
+ 2006-10-18 20:47:20 242,688 ----a-w C:\WINDOWS\system32\wmpasf.dll
- 2006-03-02 12:00:00 233,472 ----a-w C:\WINDOWS\system32\wmpdxm.dll
+ 2006-10-18 20:47:20 314,880 ----a-w C:\WINDOWS\system32\wmpdxm.dll
- 2006-03-02 12:00:00 2,969,600 ----a-w C:\WINDOWS\system32\wmploc.dll
+ 2007-01-05 20:24:16 8,277,504 ----a-w C:\WINDOWS\system32\wmploc.dll
- 2006-03-02 12:00:00 102,400 ----a-w C:\WINDOWS\system32\wmpshell.dll
+ 2007-01-05 19:07:42 99,840 ----a-w C:\WINDOWS\system32\wmpshell.dll
- 2006-03-02 12:00:00 759,296 ----a-w C:\WINDOWS\system32\wmsdmod.dll
+ 2006-10-18 20:47:22 4,096 ----a-w C:\WINDOWS\system32\wmsdmod.dll
- 2006-03-02 12:00:00 1,119,744 ----a-w C:\WINDOWS\system32\wmsdmoe2.dll
+ 2006-10-18 20:47:22 4,096 ----a-w C:\WINDOWS\system32\wmsdmoe2.dll
- 2006-03-02 12:00:00 484,864 ----a-w C:\WINDOWS\system32\wmspdmod.dll
+ 2006-10-18 20:47:22 603,648 ----a-w C:\WINDOWS\system32\WMSPDMOD.dll
- 2006-03-02 12:00:00 896,512 ----a-w C:\WINDOWS\system32\wmspdmoe.dll
+ 2006-10-18 20:47:22 1,329,152 ----a-w C:\WINDOWS\system32\WMSPDMOE.dll
- 2006-03-02 12:00:00 2,105,344 ----a-w C:\WINDOWS\system32\wmvcore.dll
+ 2006-10-18 20:47:22 2,450,944 ----a-w C:\WINDOWS\system32\wmvcore.dll
- 2006-03-02 12:00:00 809,984 ----a-w C:\WINDOWS\system32\wmvdmod.dll
+ 2006-10-18 20:47:22 4,096 ----a-w C:\WINDOWS\system32\wmvdmod.dll
- 2006-03-02 12:00:00 1,001,472 ----a-w C:\WINDOWS\system32\wmvdmoe2.dll
+ 2006-10-18 20:47:22 4,096 ----a-w C:\WINDOWS\system32\wmvdmoe2.dll
+ 2008-06-05 21:58:54 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_420.dat
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360]
"MsnMsgr"="C:\Programas\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"swg"="C:\Programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-05-27 16:20 171448]
"SpybotSD TeaTimer"="C:\Programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"Creative WebCam Tray"="C:\Programas\Creative\Shared Files\CamTray.exe" [2005-10-27 11:00 299008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 22:46 13529088]
"nwiz"="nwiz.exe" [2008-05-02 22:46 1630208 C:\WINDOWS\system32\nwiz.exe]
"SkyTel"="SkyTel.EXE" [2008-05-26 14:23 2879488 C:\WINDOWS\SkyTel.exe]
"Google Desktop Search"="C:\Programas\Google\Google Desktop Search\GoogleDesktop.exe" [2008-05-27 16:20 1862144]
"QuickTime Task"="C:\Programas\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"Adobe Reader Speed Launcher"="C:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 22:46 86016]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-26 14:23 16264192 C:\WINDOWS\RTHDCPL.exe]
"AdslTaskBar"="stmctrl.dll" [2004-05-13 15:54 159744 C:\WINDOWS\system32\stmctrl.dll]
"SunJavaUpdateSched"="C:\Programas\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Arranque\
WinZip Quick Pick.lnk - C:\Programas\WinZip\WZQKPICK.EXE [2007-08-03 11:10:00 394856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnoOghG]
nnnoOghG.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnnlljh]
opnnlljh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= C:\PROGRA~1\ACEMEG~1\SystemS\ATI\atiyuv12.DLL
"vidc.divx"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivX520.dll
"vidc.iyuv"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\iyuv_32.dll
"vidc.yvu9"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\Iyvu9_32.dll
"vidc.uyvy"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"vidc.yuy2"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"vidc.yvyu"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Programas\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programas\\soulseek\\slsk.exe"=
"C:\\Programas\\azureus\\Azureus.exe"=

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2008-05-26 14:01]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2008-05-26 14:01]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 00:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 00:16]
R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\system32\DRIVERS\stmatm.sys [2003-08-08 10:51]
R3 TaurusUsb;ADSL Modem USB Service;C:\WINDOWS\system32\DRIVERS\torususb.sys [2003-09-04 09:15]

*Newly Created Service* - CATCHME
*Newly Created Service* - MSISERVER

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F8B9E5C0-4DCC-CFCF-ABA5-00401D608516}]
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Ferramentas administrativas\Recycle Bin\kdja.exe
.
Conteúdo da pasta 'Tarefas Agendadas'
"2008-05-30 12:28:15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programas\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-06 00:30:18
Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso
Ficheiros ocultos: 0

**************************************************************************
.
Tempo para conclusão: 2008-06-06 0:31:43
ComboFix-quarantined-files.txt 2008-06-05 23:31:42
ComboFix2.txt 2008-06-05 21:32:43

Pre-Run: 91,914,739,712 bytes livres
Post-Run: 91,974,955,008 bytes livres

400 --- E O F --- 2008-06-05 21:49:09

by **dan12** » June 6th, 2008, 7:05 am

1. Close any open browsers.

2. Open notepad and copy/paste the text in the codebox below into it:

Code: Select all

File::
C:\WINDOWS\avpcc.dll
C:\WINDOWS\sistem.exe
C:\WINDOWS\ctrlpan.dll
C:\WINDOWS\mtwirl32.dll
C:\WINDOWS\svchost32.exe
C:\WINDOWS\rundll16.exe
C:\WINDOWS\internet.exe
C:\WINDOWS\msconfd.dll
C:\WINDOWS\xplugin.dll
C:\WINDOWS\cpan.dll
C:\WINDOWS\astctl32.ocx
C:\WINDOWS\system32\gside.exe
C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
C:\WINDOWS\system32\winpfz33.sys
C:\WINDOWS\system32\hljwugsf.bin
C:\WINDOWS\system32\dnprjbij.ini
C:\WINDOWS\SET25.tmp
C:\WINDOWS\SET22.tmp
C:\WINDOWS\SET31.tmp
C:\WINDOWS\SET5C.tmp
C:\WINDOWS\dnsrelay.dll
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Ferramentas administrativas\Recycle Bin\kdja.exe
Folder::
C:\WINDOWS\system32\zA
C:\WINDOWS\system32\vntiho06
C:\WINDOWS\system32\bIP
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06E12C36-760F-4D92-8509-5E5DBF12C423}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{902107E5-0FB1-4227-8605-0CF4D8586767}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AC05EE52-030F-4CA5-B583-1C833EB8322F}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CAF0988F-C51B-48D9-B535-808EEAE295A9}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FAB2E16A-D9C3-41D3-BF19-F3A02BA6DCEB}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnoOghG]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnnlljh]

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

: Malwarebytes' Anti-Malware :

Please download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
- Update Malwarebytes' Anti-Malware
- and Launch Malwarebytes' Anti-Malware
then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply
- If you accidently close it, the log file is saved here and will be named like this:
- C:\\Documents and Settings\\Username\\Application Data\\Malwarebytes\\Malwarebytes' Anti-Malware\\Logs\\mbam-log-date (time).txt

Post me the reports from above scans

by **dvegas** » June 6th, 2008, 7:40 am

Malwarebytes' Anti-Malware 1.15
Versão do banco de dados: 831

12:38:28 06-06-2008
mbam-log-6-6-2008 (12-38-28).txt

Tipo de Verificação: Completa (C:\|D:\|)
Objetos verificados: 140142
Tempo decorrido: 18 minute(s), 9 second(s)

Processos da Memória infectados: 0
Módulos de Memória Infectados: 0
Chaves do Registro infectadas: 8
Valores do Registro infectados: 1
Ítens do Registro infectados: 0
Pastas infectadas: 0
Arquivos infectados: 6

Processos da Memória infectados:
(Nenhum ítem malicioso foi detectado)

Módulos de Memória Infectados:
(Nenhum ítem malicioso foi detectado)

Chaves do Registro infectadas:
HKEY_CLASSES_ROOT\Interface\{1e404d48-670a-4085-a6a0-d195793ddd33} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9f593aac-ca4c-4a41-a7ff-a00812192d61} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{749ec66f-a838-4b38-b8e5-e65d905fff74} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06e12c36-760f-4d92-8509-5e5dbf12c423} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mySearchAssistant (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

Valores do Registro infectados:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{c108ae59-c97f-4517-8b74-5590be3c2a82} (Trojan.Vundo) -> Quarantined and deleted successfully.

Ítens do Registro infectados:
(Nenhum ítem malicioso foi detectado)

Pastas infectadas:
(Nenhum ítem malicioso foi detectado)

Arquivos infectados:
C:\Programas\Alwil Software\Avast.Pro.v4.7.986.Incl.Keymaker-CORE\CORE10k.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\svchost32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\internet.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gside.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winpfz33.sys (Malware.Trace) -> Quarantined and deleted successfully.

by **dan12** » June 6th, 2008, 9:29 am

I will need to see the combofix scan and a fresh HJT log when scan has finished.
Thanks dan

by **dvegas** » June 6th, 2008, 10:20 am

combofix

ComboFix 08-06-05.3 - Proprietário 2008-06-06 15:14:27.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.2070.18.677 [GMT 1:00]
Executando de: C:\Documents and Settings\Proprietário\Ambiente de trabalho\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((( Ficheiros criados de 2008-05-06 to 2008-06-06 ))))))))))))))))))))))))))))))))
.

2008-06-06 15:13 . 2008-06-06 15:13 <DIR> d-------- C:\WINDOWS\LastGood
2008-06-06 12:14 . 2008-06-06 12:18 <DIR> d-------- C:\Programas\Malwarebytes' Anti-Malware
2008-06-06 12:14 . 2008-06-06 12:14 <DIR> d-------- C:\Documents and Settings\Proprietário\Application Data\Malwarebytes
2008-06-06 12:14 . 2008-06-06 12:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-06 12:14 . 2008-06-05 16:04 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-06 12:14 . 2008-06-05 16:04 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-06 01:10 . 2008-06-06 01:10 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-06 01:10 . 2008-06-06 01:10 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-05 23:31 . 2008-06-05 23:31 <DIR> d-------- C:\Nova pasta
2008-06-05 23:10 . 2008-06-05 23:10 <DIR> d-------- C:\Programas\Sun
2008-06-05 23:10 . 2008-06-05 23:10 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-06-05 22:32 . 2008-06-05 22:32 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Definiþ§es locais
2008-06-05 22:32 . 2008-06-05 22:32 <DIR> d-------- C:\Documents and Settings\Proprietßrio
2008-06-05 22:32 . 2008-06-05 22:32 <DIR> d-------- C:\Documents and Settings\NetworkService\Definiþ§es locais
2008-06-05 22:32 . 2008-06-05 22:32 <DIR> d-------- C:\Documents and Settings\LocalService\Definiþ§es locais
2008-06-05 22:32 . 2008-06-05 22:32 <DIR> d-------- C:\Documents and Settings\Administrador\Definiþ§es locais
2008-06-02 14:28 . 2008-06-02 14:28 24,576 --a------ C:\WINDOWS\sistem.exe
2008-06-02 14:28 . 2008-06-02 14:28 22,528 --a------ C:\WINDOWS\ctrlpan.dll
2008-06-01 04:23 . 2008-06-01 04:23 21,504 --a------ C:\WINDOWS\editpad.exe
2008-06-01 04:23 . 2008-06-02 01:29 21,248 --a------ C:\WINDOWS\rundll16.exe
2008-06-01 04:23 . 2008-06-01 04:23 19,712 --a------ C:\WINDOWS\quicken.exe
2008-06-01 04:23 . 2008-06-01 04:23 11,776 --a------ C:\WINDOWS\msconfd.dll
2008-06-01 04:03 . 2008-06-05 23:04 <DIR> d-------- C:\Programas\Spyware Doctor
2008-05-31 23:40 . 2008-06-05 23:04 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-31 22:56 . 2008-06-02 01:29 15,104 --a------ C:\WINDOWS\qttasks.exe
2008-05-31 22:55 . 2008-05-31 22:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-05-31 21:26 . 2008-05-31 21:27 <DIR> d-------- C:\Programas\Internet Explorer 7
2008-05-31 21:10 . 2006-03-02 13:00 28,288 --a--c--- C:\WINDOWS\system32\dllcache\xjis.nls
2008-05-31 21:08 . 2006-03-02 13:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-05-31 21:07 . 2006-03-02 13:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-05-31 21:07 . 2003-03-24 15:52 188,480 --a--c--- C:\WINDOWS\system32\dllcache\cfgwiz.exe
2008-05-31 21:07 . 2004-05-13 00:39 184,435 --a--c--- C:\WINDOWS\system32\dllcache\fp4amsft.dll
2008-05-31 21:07 . 2003-03-24 15:52 147,513 --a--c--- C:\WINDOWS\system32\dllcache\fp4apws.dll
2008-05-31 21:07 . 2003-03-24 15:52 82,035 --a--c--- C:\WINDOWS\system32\dllcache\fp4anscp.dll
2008-05-31 21:07 . 2003-03-24 15:52 20,540 --a--c--- C:\WINDOWS\system32\dllcache\author.dll
2008-05-31 21:07 . 2003-03-24 15:52 20,540 --a--c--- C:\WINDOWS\system32\dllcache\admin.dll
2008-05-31 21:07 . 2003-03-24 15:52 16,439 --a--c--- C:\WINDOWS\system32\dllcache\author.exe
2008-05-31 21:07 . 2003-03-24 15:52 16,439 --a--c--- C:\WINDOWS\system32\dllcache\admin.exe
2008-05-31 21:06 . 2008-05-31 21:06 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-05-31 21:06 . 2008-05-31 21:06 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-05-31 21:06 . 2008-05-31 21:06 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-05-31 21:06 . 2008-05-31 21:06 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-05-31 21:06 . 2008-05-31 21:06 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-05-31 21:01 . 2008-05-02 22:46 181,895 --a------ C:\WINDOWS\system32\nvdsp.chm
2008-05-31 21:01 . 2008-05-02 22:46 121,529 --a------ C:\WINDOWS\system32\nvcpl.chm
2008-05-31 21:01 . 2008-05-02 22:46 116,384 --a------ C:\WINDOWS\system32\nv3d.chm
2008-05-31 21:01 . 2008-05-02 22:46 54,988 --a------ C:\WINDOWS\system32\nvmob.chm
2008-05-31 19:28 . 2008-05-31 19:28 <DIR> d-------- C:\Programas\Yahoo!
2008-05-31 19:19 . 2008-05-31 19:19 26,624 --a------ C:\WINDOWS\helpcvs.exe
2008-05-31 04:04 . 2008-05-31 04:04 16,384 --a------ C:\WINDOWS\ctfmon32.exe
2008-05-30 23:54 . 2008-05-30 23:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-05-30 02:45 . 2008-05-30 02:45 9,984 --a------ C:\WINDOWS\xplugin.dll
2008-05-30 02:21 . 2008-05-30 02:21 15,616 --a------ C:\WINDOWS\cpan.dll
2008-05-30 02:21 . 2008-05-30 02:21 11,008 --a------ C:\WINDOWS\astctl32.ocx
2008-05-30 00:02 . 2008-05-30 00:11 121 --a------ C:\WINDOWS\bdagent.INI
2008-05-29 23:45 . 2008-05-30 00:12 <DIR> d-------- C:\Programas\BitDefender
2008-05-29 23:42 . 2008-05-29 23:54 <DIR> d-------- C:\WINDOWS\system32\zA
2008-05-29 23:42 . 2008-05-31 00:11 <DIR> d-------- C:\WINDOWS\system32\vntiho06
2008-05-29 23:42 . 2008-05-30 00:01 <DIR> d-------- C:\WINDOWS\system32\bIP
2008-05-29 23:42 . 2008-06-05 22:26 <DIR> d-------- C:\Temp
2008-05-29 23:42 . 2008-05-31 00:43 <DIR> d-------- C:\Programas\uTorrent
2008-05-29 23:42 . 2008-05-31 00:43 <DIR> d-------- C:\Documents and Settings\Proprietário\Application Data\uTorrent
2008-05-29 23:41 . 2008-05-29 23:41 <DIR> dr------- C:\Documents and Settings\LocalService\Favoritos
2008-05-29 23:41 . 2008-05-29 23:41 4 --a------ C:\WINDOWS\system32\hljwugsf.bin
2008-05-29 23:34 . 2008-05-29 23:45 <DIR> d-------- C:\Programas\Ficheiros comuns\BitDefender
2008-05-29 22:55 . 2008-05-30 00:55 774 --ahs---- C:\WINDOWS\system32\dnprjbij.ini
2008-05-29 14:30 . 2008-05-29 14:30 <DIR> dr-h----- C:\MSOCache
2008-05-29 00:59 . 2008-05-30 15:02 613 --a------ C:\WINDOWS\wininit.ini
2008-05-28 23:33 . 2008-05-28 23:39 <DIR> d-------- C:\Documents and Settings\Proprietário\Application Data\AVGTOOLBAR
2008-05-28 23:31 . 2008-05-29 00:12 124,688 --a------ C:\WINDOWS\system32\MSWINSCK.OCX
2008-05-28 23:22 . 2008-06-02 01:27 <DIR> d-------- C:\Programas\Spybot - Search & Destroy
2008-05-28 23:22 . 2008-06-02 02:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-28 18:59 . 2008-05-28 18:59 <DIR> dr-h----- C:\Documents and Settings\Proprietário\Application Data\SecuROM
2008-05-28 14:49 . 2008-05-28 14:49 <DIR> d-------- C:\Programas\Ficheiros comuns\Adobe
2008-05-27 19:12 . 2008-05-27 19:12 <DIR> d-------- C:\Programas\Apple Software Update
2008-05-27 19:12 . 2008-05-27 19:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-05-27 19:08 . 2008-05-27 19:13 <DIR> d-------- C:\Documents and Settings\Proprietário\Application Data\Apple Computer
2008-05-27 18:45 . 2008-05-27 18:45 <DIR> d-------- C:\Documents and Settings\Proprietário\Application Data\skypePM
2008-05-27 18:45 . 2008-05-27 18:45 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-05-27 18:41 . 2008-05-27 18:41 <DIR> d-------- C:\Programas\Ficheiros comuns\Skype
2008-05-27 18:41 . 2008-05-27 18:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-05-27 18:25 . 2008-05-27 18:25 379 --a------ C:\WINDOWS\ODBC.INI
2008-05-27 18:24 . 2008-05-27 18:24 <DIR> d-------- C:\Programas\Microsoft.NET
2008-05-27 18:24 . 2003-06-18 17:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-05-27 18:23 . 2008-05-27 18:24 <DIR> d--h----- C:\WINDOWS\ShellNew
2008-05-27 18:12 . 2008-05-27 18:12 <DIR> d-------- C:\Documents and Settings\Proprietário\Application Data\Creative
2008-05-27 16:55 . 2003-06-12 23:25 7,062 --a------ C:\WINDOWS\system32\audiopid.vxd
2008-05-27 16:54 . 2000-05-22 09:58 647,872 --a------ C:\WINDOWS\system32\Mscomct2.ocx
2008-05-27 16:54 . 2004-08-04 00:57 91,648 --a------ C:\WINDOWS\system32\kswdmcap.ax
2008-05-27 16:54 . 2004-08-04 00:57 61,952 --a------ C:\WINDOWS\system32\kstvtune.ax
2008-05-27 16:54 . 2004-08-04 00:56 54,784 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2008-05-27 16:54 . 2004-08-04 00:57 43,008 --a------ C:\WINDOWS\system32\ksxbar.ax
2008-05-27 16:54 . 1999-10-10 18:00 41,984 --a------ C:\WINDOWS\Ctregrun.exe
2008-05-27 16:54 . 2004-08-04 00:57 28,672 --a------ C:\WINDOWS\system32\vidcap.ax
2008-05-27 16:21 . 2008-05-27 16:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2008-05-27 16:03 . 2008-05-27 16:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-27 16:00 . 2008-05-27 16:00 <DIR> d-------- C:\WINDOWS\WinRAR
2008-05-27 14:52 . 2008-05-27 19:13 <DIR> d-------- C:\Programas\QuickTime
2008-05-27 14:51 . 2008-05-27 19:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-27 14:51 . 2004-12-18 21:32 38,229 --a------ C:\WINDOWS\system32\drivers\StMp3Rec.sys
2008-05-27 14:46 . 2008-05-27 14:51 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-05-27 01:04 . 2008-05-27 01:04 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-05-27 01:04 . 2008-05-27 16:41 <DIR> d-------- C:\Programas\MSN Messenger
2008-05-27 01:04 . 2008-05-27 14:42 <DIR> d-------- C:\Documents and Settings\Proprietário\Contacts
2008-05-27 01:04 . 2008-05-27 14:42 <DIR> d-------- C:\Documents and Settings\Proprietário\Contacts
2008-05-27 01:02 . 2008-05-27 01:02 <DIR> d-------- C:\Programas\Ficheiros comuns\Java
2008-05-27 01:02 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-27 00:31 . 2008-05-27 18:13 <DIR> d--hsc--- C:\Programas\Ficheiros comuns\WindowsLiveInstaller
2008-05-27 00:30 . 2008-05-27 18:14 <DIR> d-------- C:\Programas\Windows Live
2008-05-27 00:30 . 2008-05-29 14:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-27 00:10 . 2008-05-27 00:10 <DIR> d-------- C:\Programas\Windows Media Connect 2
2008-05-27 00:09 . 2008-05-27 00:09 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-05-27 00:09 . 2008-05-27 00:10 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-05-26 23:52 . 2008-05-26 23:52 <DIR> d-------- C:\WINDOWS\system32\pt-pt
2008-05-26 23:18 . 2008-06-06 13:14 1,073,037,312 --a------ C:\WINDOWS\MEMORY.DMP
2008-05-26 22:29 . 2008-05-02 22:46 182,347 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-05-26 22:26 . 2006-03-02 13:00 1,086,058 -ra------ C:\WINDOWS\SET25.tmp
2008-05-26 22:26 . 2006-03-02 13:00 1,013,613 -ra------ C:\WINDOWS\SET22.tmp
2008-05-26 22:26 . 2006-03-02 13:00 14,913 -ra------ C:\WINDOWS\SET31.tmp
2008-05-26 22:26 . 2006-03-02 13:00 14,573 -ra------ C:\WINDOWS\SET5C.tmp
2008-05-26 20:48 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-05-26 20:48 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-05-26 20:32 . 2008-05-26 20:34 <DIR> d-------- C:\Documents and Settings\João\Os meus documentos
2008-05-26 20:32 . 2008-05-26 20:34 <DIR> d-------- C:\Documents and Settings\João
2008-05-26 20:30 . 2008-06-05 23:57 <DIR> d-------- C:\Documents and Settings\Proprietário\Application Data\Azureus

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-30 23:57 13,312 ----a-w C:\WINDOWS\dnsrelay.dll
2008-05-28 17:59 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-05-26 18:55 --------- d-----w C:\Programas\Serviços online
2008-05-26 13:23 9,709,568 ----a-w C:\WINDOWS\RTLCPL.exe
2008-05-26 13:23 86,016 ----a-w C:\WINDOWS\SoundMan.exe
2008-05-26 13:23 69,632 ----a-w C:\WINDOWS\Alcmtr.exe
2008-05-26 13:23 499,712 ----a-w C:\WINDOWS\RtlExUpd.dll
2008-05-26 13:23 49,152 ----a-w C:\WINDOWS\system32\ChCfg.exe
2008-05-26 13:23 4,381,184 ----a-w C:\WINDOWS\system32\drivers\RtkHDAud.Sys
2008-05-26 13:23 364,544 ----a-w C:\WINDOWS\RtlUpd.exe
2008-05-26 13:23 2,879,488 ----a-w C:\WINDOWS\SkyTel.exe
2008-05-26 13:23 2,808,832 ----a-w C:\WINDOWS\alcwzrd.exe
2008-05-26 13:23 2,155,008 ----a-w C:\WINDOWS\MicCal.exe
2008-05-26 13:23 16,264,192 ----a-w C:\WINDOWS\RTHDCPL.exe
2008-05-26 13:01 9,728 ----a-w C:\WINDOWS\system32\drivers\videX32.sys
2008-05-26 13:01 11,264 ----a-w C:\WINDOWS\system32\drivers\xfilt.sys
2008-05-26 09:06 --------- d-----w C:\Programas\microsoft frontpage
2008-03-19 20:29 21,760 ----a-w C:\Documents and Settings\João\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( snapshot_2008-06-06_ 0.31.36,98 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-05 21:59:49 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-06 14:11:59 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-06 14:12:03 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_418.dat
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{902107E5-0FB1-4227-8605-0CF4D8586767}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AC05EE52-030F-4CA5-B583-1C833EB8322F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CAF0988F-C51B-48D9-B535-808EEAE295A9}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FAB2E16A-D9C3-41D3-BF19-F3A02BA6DCEB}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360]
"MsnMsgr"="C:\Programas\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"swg"="C:\Programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-05-27 16:20 171448]
"SpybotSD TeaTimer"="C:\Programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"Creative WebCam Tray"="C:\Programas\Creative\Shared Files\CamTray.exe" [2005-10-27 11:00 299008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 22:46 13529088]
"nwiz"="nwiz.exe" [2008-05-02 22:46 1630208 C:\WINDOWS\system32\nwiz.exe]
"SkyTel"="SkyTel.EXE" [2008-05-26 14:23 2879488 C:\WINDOWS\SkyTel.exe]
"Google Desktop Search"="C:\Programas\Google\Google Desktop Search\GoogleDesktop.exe" [2008-05-27 16:20 1862144]
"QuickTime Task"="C:\Programas\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"Adobe Reader Speed Launcher"="C:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 22:46 86016]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-26 14:23 16264192 C:\WINDOWS\RTHDCPL.exe]
"AdslTaskBar"="stmctrl.dll" [2004-05-13 15:54 159744 C:\WINDOWS\system32\stmctrl.dll]
"SunJavaUpdateSched"="C:\Programas\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Arranque\
WinZip Quick Pick.lnk - C:\Programas\WinZip\WZQKPICK.EXE [2007-08-03 11:10:00 394856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnoOghG]
nnnoOghG.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnnlljh]
opnnlljh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= C:\PROGRA~1\ACEMEG~1\SystemS\ATI\atiyuv12.DLL
"vidc.divx"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivX520.dll
"vidc.iyuv"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\iyuv_32.dll
"vidc.yvu9"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\Iyvu9_32.dll
"vidc.uyvy"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"vidc.yuy2"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"vidc.yvyu"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Programas\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programas\\soulseek\\slsk.exe"=
"C:\\Programas\\azureus\\Azureus.exe"=

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2008-05-26 14:01]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2008-05-26 14:01]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 00:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 00:16]
R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\system32\DRIVERS\stmatm.sys [2003-08-08 10:51]
R3 TaurusUsb;ADSL Modem USB Service;C:\WINDOWS\system32\DRIVERS\torususb.sys [2003-09-04 09:15]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F8B9E5C0-4DCC-CFCF-ABA5-00401D608516}]
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Ferramentas administrativas\Recycle Bin\kdja.exe
.
Conteúdo da pasta 'Tarefas Agendadas'
"2008-05-30 12:28:15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programas\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-06 15:16:47
Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso
Ficheiros ocultos: 0

**************************************************************************
.
Tempo para conclusão: 2008-06-06 15:18:59
ComboFix-quarantined-files.txt 2008-06-06 14:18:57
ComboFix2.txt 2008-06-06 01:03:44
ComboFix3.txt 2008-06-06 01:01:31
ComboFix4.txt 2008-06-05 23:31:44
ComboFix5.txt 2008-06-05 21:32:43

Pre-Run: 90,761,756,672 bytes livres
Post-Run: 90,756,517,888 bytes livres

262 --- E O F --- 2008-06-06 13:59:29

by **dvegas** » June 6th, 2008, 10:21 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:21:04, on 06-06-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Programas\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programas\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programas\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Programas\Internet Explorer\IEXPLORE.EXE
C:\Programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programas\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programas\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06E12C36-760F-4D92-8509-5E5DBF12C423} - (no file)
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {902107E5-0FB1-4227-8605-0CF4D8586767} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {AC05EE52-030F-4CA5-B583-1C833EB8322F} - (no file)
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: (no name) - {CAF0988F-C51B-48D9-B535-808EEAE295A9} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: (no name) - {FAB2E16A-D9C3-41D3-BF19-F3A02BA6DCEB} - (no file)
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programas\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programas\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Programas\Creative\Shared Files\CamTray.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programas\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programas\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 1828591125
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 1829019109
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/ ... /CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4DD62A15-6A62-477F-BF4D-661AF5D9FBEE}: NameServer = 212.55.154.174
O17 - HKLM\System\CS2\Services\Tcpip\..\{4DD62A15-6A62-477F-BF4D-661AF5D9FBEE}: NameServer = 212.55.154.174
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHEI~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: nnnoOghG - nnnoOghG.dll (file missing)
O20 - Winlogon Notify: opnnlljh - opnnlljh.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: GoogleDesktopManager - Google - C:\Programas\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Programas\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 10232 bytes

by **dan12** » June 6th, 2008, 11:07 am

There is something you are not doing right as the script is not running! I can see you have run it a further five times! was there a reason for that?
when you copy and paste the script into combofix.exe, firstly, as I told you it has to be from the desktop!

when copying the script it has to be into notepad nothing else, no other editor.

2. Open notepad and copy/paste the text in the codebox below into it:

Please check those points and run again.
dan

Free Malware Removal Forum

coolwebsearch spyware

coolwebsearch spyware

Re: coolwebsearch spyware

Re: coolwebsearch spyware

Re: coolwebsearch spyware

Re: coolwebsearch spyware

Re: coolwebsearch spyware

Re: coolwebsearch spyware

Re: coolwebsearch spyware

Re: coolwebsearch spyware

Re: coolwebsearch spyware

Re: coolwebsearch spyware

Re: coolwebsearch spyware

Re: coolwebsearch spyware

Re: coolwebsearch spyware

Re: coolwebsearch spyware

Who is online