View Full Version : I've some problem...don't know what is it.
Check this image...this "window" appears from minutes to minutes...I've used SpyBot search & destroy, it found some stuff which was deleted correctly...but this message still appears. I dont really know how did i get this...because i never downloaded any regcleaner etc nor browsed any of their sites :/
Im looking forward to solve this problem with your help,thanks.
log:
Logfile of HijackThis v1.99.1
Scan saved at 19:32:40, on 03-02-2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS1\System32\smss.exe
C:\WINDOWS1\system32\winlogon.exe
C:\WINDOWS1\system32\services.exe
C:\WINDOWS1\system32\lsass.exe
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\System32\svchost.exe
C:\WINDOWS1\system32\ZoneLabs\vsmon.exe
C:\WINDOWS1\Explorer.EXE
C:\WINDOWS1\system32\spoolsv.exe
C:\Programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Programas\Alwil Software\Avast4\ashServ.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS1\System32\svchost.exe
C:\Programas\Alwil Software\Avast4\ashWebSv.exe
C:\Programas\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS1\System32\igfxtray.exe
C:\WINDOWS1\System32\hkcmd.exe
C:\Programas\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS1\SOUNDMAN.EXE
C:\Programas\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Programas\HP\HP Software Update\HPWuSchd.exe
C:\Programas\HP\hpcoretech\hpcmpmgr.exe
C:\Programas\Java\jre1.5.0_10\bin\jusched.exe
C:\Programas\QuickTime\qttask.exe
C:\WINDOWS1\System32\ctfmon.exe
C:\Programas\DAEMON Tools\daemon.exe
C:\Programas\MSN Messenger\MsnMsgr.Exe
C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programas\MSN Messenger\usnsvc.exe
C:\Programas\BitComet\BitComet.exe
C:\Programas\Spybot - Search & Destroy\TeaTimer.exe
C:\Programas\Microsoft Office\Office10\WINWORD.EXE
C:\Programas\Windows Media Player\wmplayer.exe
C:\Programas\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ze.NERY\Ambiente de trabalho\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programas\BitComet\tools\BitCometBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS1\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS1\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS1\System32\hkcmd.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Programas\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programas\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Programas\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programas\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS1\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS1\System32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programas\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programas\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programas\Ficheiros comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download all links using BitComet - res://C:\Programas\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Programas\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Programas\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS1\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS1\web\related.htm
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS1\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Programas\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS1\System32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS1\system32\ZoneLabs\vsmon.exe
IMG1
http://img469.imageshack.us/img469/2453/damnfq0.gif
IMG2
http://img58.imageshack.us/img58/5706/damn2mp7.gif
teacup61
2007-02-04, 09:06
Hello nerdy,
Welcome to Safer Networking Forums :)
Before we go any further, I'll ask you to upgrade to SP1. This will provide some extra protection until you are clean again, and then you can upgrade to SP2. http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=83e4e879-fa3a-48bf-ade5-023443e29d78
Your log shows that you have disabled some startup programs using MSConfig.
This is not recommended because I cannot clearly see everything that is loading on your computer at startup.
To enable all startup items quickly please follow these instructions:
Start | Run | type msconfig | OK
If not already selected go to the General tab.
Under Startup Selection select "Normal Startup - load all device drivers and services".
Click Apply and then Close.
Post a new log when you are done.
Thanks,
tea
Thank for replying, teacup61:)
I tried to install 'Windows XP Service Pack 1a Network Install (32-Bit) for IT Professionals' but unfortunately I wasn't able to do it, because I've Portuguese windows version, not english... so I've searched for a PT version of 'Windows XP Service Pack 1a Network Install (32-Bit) for IT Professionals' and I just found one ... but it's brazilian :/ so I couldn't install it either. If there is some PT version, I'd be glad if you give me the link, else I'll have to solve this problem without upgrading to sp1a .
Here's the new Log. Thanks.
Logfile of HijackThis v1.99.1
Scan saved at 13:56:41, on 04-02-2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS1\System32\smss.exe
C:\WINDOWS1\system32\winlogon.exe
C:\WINDOWS1\system32\services.exe
C:\WINDOWS1\system32\savedump.exe
C:\WINDOWS1\system32\lsass.exe
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\System32\svchost.exe
C:\WINDOWS1\system32\ZoneLabs\vsmon.exe
C:\WINDOWS1\Explorer.EXE
C:\WINDOWS1\system32\spoolsv.exe
C:\WINDOWS1\System32\igfxtray.exe
C:\WINDOWS1\System32\hkcmd.exe
C:\Programas\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS1\SOUNDMAN.EXE
C:\Programas\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Programas\HP\HP Software Update\HPWuSchd.exe
C:\Programas\HP\hpcoretech\hpcmpmgr.exe
C:\Programas\Java\jre1.5.0_10\bin\jusched.exe
C:\Programas\QuickTime\qttask.exe
C:\WINDOWS1\System32\ctfmon.exe
C:\Programas\DAEMON Tools\daemon.exe
C:\Programas\MSN Messenger\MsnMsgr.Exe
C:\Programas\Spybot - Search & Destroy\TeaTimer.exe
C:\Programas\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Programas\Alwil Software\Avast4\ashServ.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS1\System32\svchost.exe
C:\Programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Programas\Alwil Software\Avast4\ashWebSv.exe
C:\Programas\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ze.NERY\Ambiente de trabalho\HijackThis.exe
C:\WINDOWS1\System32\wuauclt.exe
C:\Programas\MSN Messenger\usnsvc.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programas\BitComet\tools\BitCometBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS1\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS1\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS1\System32\hkcmd.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Programas\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programas\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Programas\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programas\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS1\System32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programas\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programas\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programas\Ficheiros comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download all links using BitComet - res://C:\Programas\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Programas\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Programas\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS1\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS1\web\related.htm
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS1\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Programas\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS1\System32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS1\system32\ZoneLabs\vsmon.exe
teacup61
2007-02-04, 21:48
Hello,
* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found: http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif
If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif
This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web you saved previously, along with a new HijackThis log in your next reply.
Thanks,
ttea
Ok, I did everything you said. I wasn't able to click in that green buttom, and the Dr.Web CureIt just found 1 'thing'.
Here is its log, from DrWeb.csv :
SUPPORT.DOT C:\Programas\Microsoft Office\Office10\Macros W97M.Draw Curado.
and ...
Logfile of HijackThis v1.99.1
Scan saved at 0:30:46, on 05-02-2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS1\System32\smss.exe
C:\WINDOWS1\system32\winlogon.exe
C:\WINDOWS1\system32\services.exe
C:\WINDOWS1\system32\savedump.exe
C:\WINDOWS1\system32\lsass.exe
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\System32\svchost.exe
C:\WINDOWS1\system32\ZoneLabs\vsmon.exe
C:\WINDOWS1\Explorer.EXE
C:\WINDOWS1\system32\spoolsv.exe
C:\WINDOWS1\System32\igfxtray.exe
C:\WINDOWS1\System32\hkcmd.exe
C:\Programas\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS1\SOUNDMAN.EXE
C:\Programas\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Programas\HP\HP Software Update\HPWuSchd.exe
C:\Programas\HP\hpcoretech\hpcmpmgr.exe
C:\Programas\Java\jre1.5.0_10\bin\jusched.exe
C:\Programas\QuickTime\qttask.exe
C:\WINDOWS1\System32\ctfmon.exe
C:\Programas\DAEMON Tools\daemon.exe
C:\Programas\MSN Messenger\MsnMsgr.Exe
C:\Programas\Spybot - Search & Destroy\TeaTimer.exe
C:\Programas\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Programas\Alwil Software\Avast4\ashServ.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS1\System32\svchost.exe
C:\Programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Programas\Alwil Software\Avast4\ashWebSv.exe
C:\Programas\Microsoft Office\Office10\EXCEL.EXE
C:\Programas\MSN Messenger\usnsvc.exe
C:\WINDOWS1\System32\wuauclt.exe
C:\Documents and Settings\Ze.NERY\Ambiente de trabalho\HijackThis.exe
C:\Programas\Mozilla Firefox\firefox.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programas\BitComet\tools\BitCometBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS1\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS1\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS1\System32\hkcmd.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Programas\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programas\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Programas\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programas\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS1\System32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programas\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programas\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programas\Ficheiros comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download all links using BitComet - res://C:\Programas\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Programas\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Programas\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS1\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS1\web\related.htm
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS1\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Programas\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS1\System32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS1\system32\ZoneLabs\vsmon.exe
I still have 'the problem', and I'm looking forward to solve it as soon as possible.
Thanks for your time.:)
thx.
teacup61
2007-02-05, 03:34
Well then we'll just keep trying things until we find one that works......lost of options left.;)
Please download, install, and update AVG Anti-Spyware (formerly Ewido) (http://www.ewido.net/en/download/)
Load AVG Anti-Spyware and then click the Update tab at the top. Under Manual Update click Start update.
After the update finishes (the status bar at the bottom will display "Update successful")
Click the settings tab, then click "apply all actions" and choose clean (quarantine)
Close AVG. Do not run it yet.
Please reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads. Select Safe Mode on the screen that appears.
In Safe Mode, load AVG Anti-Spyware and click on the Scanner tab at the top and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
AVG Anti-Spyware will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side.
Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
Restart back into Normal Mode.
In your reply, please post the report from AVG and a new HijackThis log. Please also let me know how your computer is running. :)
Thanks,
tea
I can't run PC in safe mode :( don't know why...maybe this malware/spyware(?) is blocking it...shall I try to do this in 'normal' mode?
thanks.
teacup61
2007-02-05, 22:59
Yes, go ahead and do it in normal mode. We'll go for safe mode later. ;)
Hello, ...
Logfile of HijackThis v1.99.1
Scan saved at 7:05:49, on 06-02-2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS1\System32\smss.exe
C:\WINDOWS1\system32\winlogon.exe
C:\WINDOWS1\system32\services.exe
C:\WINDOWS1\system32\lsass.exe
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\System32\svchost.exe
C:\WINDOWS1\system32\ZoneLabs\vsmon.exe
C:\WINDOWS1\Explorer.EXE
C:\WINDOWS1\system32\spoolsv.exe
C:\WINDOWS1\System32\igfxtray.exe
C:\WINDOWS1\System32\hkcmd.exe
C:\Programas\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS1\SOUNDMAN.EXE
C:\Programas\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Programas\HP\HP Software Update\HPWuSchd.exe
C:\Programas\HP\hpcoretech\hpcmpmgr.exe
C:\Programas\Java\jre1.5.0_10\bin\jusched.exe
C:\Programas\QuickTime\qttask.exe
C:\Programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS1\System32\ctfmon.exe
C:\Programas\DAEMON Tools\daemon.exe
C:\Programas\Spybot - Search & Destroy\TeaTimer.exe
C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Programas\Alwil Software\Avast4\ashServ.exe
C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS1\System32\svchost.exe
C:\Programas\Alwil Software\Avast4\ashWebSv.exe
C:\Programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Programas\eMule\emule.exe
C:\Programas\Winamp\winampa.exe
C:\Programas\MSN Messenger\usnsvc.exe
C:\Programas\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ze.NERY\Ambiente de trabalho\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programas\BitComet\tools\BitCometBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS1\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS1\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS1\System32\hkcmd.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Programas\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programas\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Programas\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programas\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [WinampAgent] C:\Programas\Winamp\winampa.exe
O4 - HKLM\..\RunOnce: [WMC_RebootCheck] C:\WINDOWS1\inf\unregmp2.exe /FixUps
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS1\System32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programas\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programas\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [MPlayer2_FixUp] C:\WINDOWS1\inf\unregmp2.exe /Fixups
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programas\Ficheiros comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download all links using BitComet - res://C:\Programas\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Programas\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Programas\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_10\bin\ssv.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS1\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Programas\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS1\System32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS1\system32\ZoneLabs\vsmon.exe
The text that you have entered is too long (23703 characters). Please shorten it to 20000 characters long.
I'll have to make 3 posts ...
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 7:04:53 06-02-2007
+ Scan result:
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Cleaned with backup (quarantined).
C:\WINDOWS00\system32\salvage.exe -> Backdoor.Rbot.bjp : Cleaned with backup (quarantined).
:mozilla.164:C:\Documents and Settings\Ze\Application Data\Mozilla\Firefox\Profiles\s0gngnzl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.166:C:\Documents and Settings\Ze\Application Data\Mozilla\Firefox\Profiles\s0gngnzl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.167:C:\Documents and Settings\Ze\Application Data\Mozilla\Firefox\Profiles\s0gngnzl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.213:C:\Documents and Settings\Ze.NERY\Application Data\Mozilla\Firefox\Profiles\6r8tz0jq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.228:C:\Documents and Settings\Ze\Application Data\Mozilla\Firefox\Profiles\s0gngnzl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.232:C:\Documents and Settings\Ze.NERY\Application Data\Mozilla\Firefox\Profiles\6r8tz0jq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.491:C:\Documents and Settings\Ze\Application Data\Mozilla\Firefox\Profiles\s0gngnzl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.568:C:\Documents and Settings\Ze\Application Data\Mozilla\Firefox\Profiles\s0gngnzl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Ze.NERY\Cookies\ze@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Ze.NERY\Cookies\ze@2o7[3].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Ze.NERY\Cookies\ze@msnaccountservices.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Ze.NERY\Cookies\ze@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Ze.NERY\Cookies\ze@msnportal.112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Ze\Cookies\ze@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Ze\Cookies\ze@msnaccountservices.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Ze\Cookies\ze@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.119:C:\Documents and Settings\Ze.NERY\Application Data\Mozilla\Firefox\Profiles\6r8tz0jq.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.120:C:\Documents and Settings\Ze.NERY\Application Data\Mozilla\Firefox\Profiles\6r8tz0jq.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.121:C:\Documents and Settings\Ze.NERY\Application Data\Mozilla\Firefox\Profiles\6r8tz0jq.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.122:C:\Documents and Settings\Ze.NERY\Application Data\Mozilla\Firefox\Profiles\6r8tz0jq.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.123:C:\Documents and Settings\Ze.NERY\Application Data\Mozilla\Firefox\Profiles\6r8tz0jq.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.124:C:\Documents and Settings\Ze.NERY\Application Data\Mozilla\Firefox\Profiles\6r8tz0jq.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.135:C:\Documents and Settings\Ze.NERY\Application Data\Mozilla\Firefox\Profiles\6r8tz0jq.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.136:C:\Documents and Settings\Ze.NERY\Application Data\Mozilla\Firefox\Profiles\6r8tz0jq.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.137:C:\Documents and Settings\Ze.NERY\Application Data\Mozilla\Firefox\Profiles\6r8tz0jq.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.186:C:\Documents and Settings\Ze\Application Data\Mozilla\Firefox\Profiles\s0gngnzl.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.187:C:\Documents and Settings\Ze\Application Data\Mozilla\Firefox\Profiles\s0gngnzl.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.188:C:\Documents and Settings\Ze\Application Data\Mozilla\Firefox\Profiles\s0gngnzl.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Ze.NERY\Cookies\ze@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Ze\Cookies\ze@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.289:C:\Documents and Settings\Ze.NERY\Application Data\Mozilla\Firefox\Profiles\6r8tz0jq.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.290:C:\Documents and Settings\Ze.NERY\Application Data\Mozilla\Firefox\Profiles\6r8tz0jq.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.149:C:\Documents and Settings\Ze\Application Data\Mozilla\Firefox\Profiles\s0gngnzl.default\cookies.txt -> TrackingCookie.Adocean : Cleaned.
:mozilla.150:C:\Documents and Settings\Ze\Application Data\Mozilla\Firefox\Profiles\s0gngnzl.default\cookies.txt -> TrackingCookie.Adocean : Cleaned.
:mozilla.151:C:\Documents and Settings\Ze\Application Data\Mozilla\Firefox\Profiles\s0gngnzl.default\cookies.txt -> TrackingCookie.Adocean : Cleaned.
:mozilla.152:C:\Documents and Settings\Ze\Application Data\Mozilla\Firefox\Profiles\s0gngnzl.default\cookies.txt -> TrackingCookie.Adocean : Cleaned.
:mozilla.424:C:\Documents and Settings\Ze\Application Data\Mozilla\Firefox\Profiles\s0gngnzl.default\cookies.txt -> TrackingCookie.Adocean : Cleaned.
:mozilla.425:C:\Documents and Settings\Ze\Application Data\Mozilla\Firefox\Profiles\s0gngnzl.default\cookies.txt -> TrackingCookie.Adocean : Cleaned.
:mozilla.238:C:\Documents and Settings\Ze.NERY\Application Data\Mozilla\Firefox\Profiles\6r8tz0jq.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.239:C:\Documents and Settings\Ze.NERY\Application Data\Mozilla\Firefox\Profiles\6r8tz0jq.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.301:C:\Documents and Settings\Ze\Application Data\Mozilla\Firefox\Profiles\s0gngnzl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.302:C:\Documents and Settings\Ze\Application Data\Mozilla\Firefox\Profiles\s0gngnzl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.263:C:\Documents and Settings\Ze\Application Data\Mozilla\Firefox\Profiles\s0gngnzl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.264:C:\Documents and Settings\Ze\Application Data\Mozilla\Firefox\Profiles\s0gngnzl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.265:C:\Documents and Settings\Ze\Application Data\Mozilla\Firefox\Profiles\s0gngnzl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.266:C:\Documents and Settings\Ze\Application Data\Mozilla\Firefox\Profiles\s0gngnzl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.267:C:\Documents and Settings\Ze\Application Data\Mozilla\Firefox\Profiles\s0gngnzl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.244:C:\Documents and Settings\Ze.NERY\Application Data\Mozilla\Firefox\Profiles\6r8tz0jq.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.81:C:\Documents and Settings\Ze\Application Data\Mozilla\Firefox\Profiles\s0gngnzl.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Ze.NERY\Cookies\ze@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Ze\Cookies\ze@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.133:C:\Documents and Settings\Ze.NERY\Application Data\Mozilla\Firefox\Profiles\6r8tz0jq.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.321:C:\Documents and Settings\Ze\Application Data\Mozilla\Firefox\Profiles\s0gngnzl.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.269:C:\Documents and Settings\Ze\Application Data\Mozilla\Firefox\Profiles\s0gngnzl.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.275:C:\Documents and Settings\Ze\Application Data\Mozilla\Firefox\Profiles\s0gngnzl.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.277:C:\Documents and Settings\Ze\Application Data\Mozilla\Firefox\Profiles\s0gngnzl.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.316:C:\Documents and Settings\Ze.NERY\Application Data\Mozilla\Firefox\Profiles\6r8tz0jq.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.354:C:\Documents and Settings\Ze.NERY\Application Data\Mozilla\Firefox\Profiles\6r8tz0jq.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.201:C:\Documents and Settings\Ze.NERY\Application Data\Mozilla\Firefox\Profiles\6r8tz0jq.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.202:C:\Documents and Settings\Ze.NERY\Application Data\Mozilla\Firefox\Profiles\6r8tz0jq.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.203:C:\Documents and Settings\Ze.NERY\Application Data\Mozilla\Firefox\Profiles\6r8tz0jq.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.272:C:\Documents and Settings\Ze\Application Data\Mozilla\Firefox\Profiles\s0gngnzl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.273:C:\Documents and Settings\Ze\Application Data\Mozilla\Firefox\Profiles\s0gngnzl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.274:C:\Documents and Settings\Ze\Application Data\Mozilla\Firefox\Profiles\s0gngnzl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.276:C:\Documents and Settings\Ze\Application Data\Mozilla\Firefox\Profiles\s0gngnzl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.256:C:\Documents and Settings\Ze.NERY\Application Data\Mozilla\Firefox\Profiles\6r8tz0jq.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.257:C:\Documents and Settings\Ze.NERY\Application Data\Mozilla\Firefox\Profiles\6r8tz0jq.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.252:C:\Documents and Settings\Ze\Application Data\Mozilla\Firefox\Profiles\s0gngnzl.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.317:C:\Documents and Settings\Ze.NERY\Application Data\Mozilla\Firefox\Profiles\6r8tz0jq.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.151:C:\Documents and Settings\Ze.NERY\Application Data\Mozilla\Firefox\Profiles\6r8tz0jq.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.63:C:\Documents and Settings\Ze\Application Data\Mozilla\Firefox\Profiles\s0gngnzl.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Ze.NERY\Cookies\ze@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Ze\Cookies\ze@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.172:C:\Documents and Settings\Ze\Application Data\Mozilla\Firefox\Profiles\s0gngnzl.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.173:C:\Documents and Settings\Ze\Application Data\Mozilla\Firefox\Profiles\s0gngnzl.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.189:C:\Documents and Settings\Ze\Application Data\Mozilla\Firefox\Profiles\s0gngnzl.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.190:C:\Documents and Settings\Ze\Application Data\Mozilla\Firefox\Profiles\s0gngnzl.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.191:C:\Documents and Settings\Ze\Application Data\Mozilla\Firefox\Profiles\s0gngnzl.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.192:C:\Documents and Settings\Ze\Application Data\Mozilla\Firefox\Profiles\s0gngnzl.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.193:C:\Documents and Settings\Ze\Application Data\Mozilla\Firefox\Profiles\s0gngnzl.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.215:C:\Documents and Settings\Ze.NERY\Application Data\Mozilla\Firefox\Profiles\6r8tz0jq.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.216:C:\Documents and Settings\Ze.NERY\Application Data\Mozilla\Firefox\Profiles\6r8tz0jq.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.217:C:\Documents and Settings\Ze.NERY\Application Data\Mozilla\Firefox\Profiles\6r8tz0jq.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.218:C:\Documents and Settings\Ze.NERY\Application Data\Mozilla\Firefox\Profiles\6r8tz0jq.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.219:C:\Documents and Settings\Ze.NERY\Application Data\Mozilla\Firefox\Profiles\6r8tz0jq.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.292:C:\Documents and Settings\Ze\Application Data\Mozilla\Firefox\Profiles\s0gngnzl.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.293:C:\Documents and Settings\Ze\Application Data\Mozilla\Firefox\Profiles\s0gngnzl.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.294:C:\Documents and Settings\Ze\Application Data\Mozilla\Firefox\Profiles\s0gngnzl.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.85:C:\Documents and Settings\Ze.NERY\Application Data\Mozilla\Firefox\Profiles\6r8tz0jq.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.86:C:\Documents and Settings\Ze.NERY\Application Data\Mozilla\Firefox\Profiles\6r8tz0jq.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.87:C:\Documents and Settings\Ze.NERY\Application Data\Mozilla\Firefox\Profiles\6r8tz0jq.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.383:C:\Documents and Settings\Ze\Application Data\Mozilla\Firefox\Profiles\s0gngnzl.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.455:C:\Documents and Settings\Ze\Application Data\Mozilla\Firefox\Profiles\s0gngnzl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.456:C:\Documents and Settings\Ze\Application Data\Mozilla\Firefox\Profiles\s0gngnzl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.477:C:\Documents and Settings\Ze\Application Data\Mozilla\Firefox\Profiles\s0gngnzl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.478:C:\Documents and Settings\Ze\Application Data\Mozilla\Firefox\Profiles\s0gngnzl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.479:C:\Documents and Settings\Ze\Application Data\Mozilla\Firefox\Profiles\s0gngnzl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.352:C:\Documents and Settings\Ze.NERY\Application Data\Mozilla\Firefox\Profiles\6r8tz0jq.default\cookies.txt -> TrackingCookie.Information : Cleaned.
:mozilla.196:C:\Documents and Settings\Ze.NERY\Application Data\Mozilla\Firefox\Profiles\6r8tz0jq.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.376:C:\Documents and Settings\Ze\Application Data\Mozilla\Firefox\Profiles\s0gngnzl.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.457:C:\Documents and Settings\Ze\Application Data\Mozilla\Firefox\Profiles\s0gngnzl.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.299:C:\Documents and Settings\Ze\Application Data\Mozilla\Firefox\Profiles\s0gngnzl.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.382:C:\Documents and Settings\Ze\Application Data\Mozilla\Firefox\Profiles\s0gngnzl.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.303:C:\Documents and Settings\Ze.NERY\Application Data\Mozilla\Firefox\Profiles\6r8tz0jq.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.304:C:\Documents and Settings\Ze.NERY\Application Data\Mozilla\Firefox\Profiles\6r8tz0jq.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.305:C:\Documents and Settings\Ze.NERY\Application Data\Mozilla\Firefox\Profiles\6r8tz0jq.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.306:C:\Documents and Settings\Ze.NERY\Application Data\Mozilla\Firefox\Profiles\6r8tz0jq.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.191:C:\Documents and Settings\Ze.NERY\Application Data\Mozilla\Firefox\Profiles\6r8tz0jq.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.192:C:\Documents and Settings\Ze.NERY\Application Data\Mozilla\Firefox\Profiles\6r8tz0jq.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.193:C:\Documents and Settings\Ze.NERY\Application Data\Mozilla\Firefox\Profiles\6r8tz0jq.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.194:C:\Documents and Settings\Ze.NERY\Application Data\Mozilla\Firefox\Profiles\6r8tz0jq.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.195:C:\Documents and Settings\Ze.NERY\Application Data\Mozilla\Firefox\Profiles\6r8tz0jq.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.340:C:\Documents and Settings\Ze.NERY\Application Data\Mozilla\Firefox\Profiles\6r8tz0jq.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\Ze.NERY\Cookies\ze@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Ze.NERY\Cookies\ze@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.317:C:\Documents and Settings\Ze\Application Data\Mozilla\Firefox\Profiles\s0gngnzl.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.318:C:\Documents and Settings\Ze\Application Data\Mozilla\Firefox\Profiles\s0gngnzl.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.319:C:\Documents and Settings\Ze\Application Data\Mozilla\Firefox\Profiles\s0gngnzl.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.197:C:\Documents and Settings\Ze\Application Data\Mozilla\Firefox\Profiles\s0gngnzl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.247:C:\Documents and Settings\Ze.NERY\Application Data\Mozilla\Firefox\Profiles\6r8tz0jq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.341:C:\Documents and Settings\Ze.NERY\Application Data\Mozilla\Firefox\Profiles\6r8tz0jq.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.342:C:\Documents and Settings\Ze.NERY\Application
Data\Mozilla\Firefox\Profiles\6r8tz0jq.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.343:C:\Documents and Settings\Ze.NERY\Application Data\Mozilla\Firefox\Profiles\6r8tz0jq.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.353:C:\Documents and Settings\Ze\Application Data\Mozilla\Firefox\Profiles\s0gngnzl.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.355:C:\Documents and Settings\Ze\Application Data\Mozilla\Firefox\Profiles\s0gngnzl.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.94:C:\Documents and Settings\Ze.NERY\Application Data\Mozilla\Firefox\Profiles\6r8tz0jq.default\cookies.txt -> TrackingCookie.Texttbnru : Cleaned.
:mozilla.202:C:\Documents and Settings\Ze\Application Data\Mozilla\Firefox\Profiles\s0gngnzl.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.36:C:\Documents and Settings\Ze.NERY\Application Data\Mozilla\Firefox\Profiles\6r8tz0jq.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.37:C:\Documents and Settings\Ze.NERY\Application Data\Mozilla\Firefox\Profiles\6r8tz0jq.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.506:C:\Documents and Settings\Ze\Application Data\Mozilla\Firefox\Profiles\s0gngnzl.default\cookies.txt -> TrackingCookie.Trafic : Cleaned.
:mozilla.125:C:\Documents and Settings\Ze\Application Data\Mozilla\Firefox\Profiles\s0gngnzl.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.189:C:\Documents and Settings\Ze.NERY\Application Data\Mozilla\Firefox\Profiles\6r8tz0jq.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.130:C:\Documents and Settings\Ze\Application Data\Mozilla\Firefox\Profiles\s0gngnzl.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.131:C:\Documents and Settings\Ze\Application Data\Mozilla\Firefox\Profiles\s0gngnzl.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.132:C:\Documents and Settings\Ze\Application Data\Mozilla\Firefox\Profiles\s0gngnzl.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.133:C:\Documents and Settings\Ze\Application Data\Mozilla\Firefox\Profiles\s0gngnzl.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.134:C:\Documents and Settings\Ze\Application Data\Mozilla\Firefox\Profiles\s0gngnzl.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.135:C:\Documents and Settings\Ze\Application Data\Mozilla\Firefox\Profiles\s0gngnzl.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.136:C:\Documents and Settings\Ze\Application Data\Mozilla\Firefox\Profiles\s0gngnzl.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.320:C:\Documents and Settings\Ze\Application Data\Mozilla\Firefox\Profiles\s0gngnzl.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.540:C:\Documents and Settings\Ze\Application Data\Mozilla\Firefox\Profiles\s0gngnzl.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.544:C:\Documents and Settings\Ze\Application Data\Mozilla\Firefox\Profiles\s0gngnzl.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.546:C:\Documents and Settings\Ze\Application Data\Mozilla\Firefox\Profiles\s0gngnzl.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.91:C:\Documents and Settings\Ze.NERY\Application Data\Mozilla\Firefox\Profiles\6r8tz0jq.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.10:C:\Documents and Settings\Ze.NERY\Application Data\Mozilla\Firefox\Profiles\6r8tz0jq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.119:C:\Documents and Settings\Ze\Application Data\Mozilla\Firefox\Profiles\s0gngnzl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.11:C:\Documents and Settings\Ze.NERY\Application Data\Mozilla\Firefox\Profiles\6r8tz0jq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.120:C:\Documents and Settings\Ze\Application Data\Mozilla\Firefox\Profiles\s0gngnzl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.121:C:\Documents and Settings\Ze\Application Data\Mozilla\Firefox\Profiles\s0gngnzl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.122:C:\Documents and Settings\Ze\Application Data\Mozilla\Firefox\Profiles\s0gngnzl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.12:C:\Documents and Settings\Ze.NERY\Application Data\Mozilla\Firefox\Profiles\6r8tz0jq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.14:C:\Documents and Settings\Ze.NERY\Application Data\Mozilla\Firefox\Profiles\6r8tz0jq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.9:C:\Documents and Settings\Ze.NERY\Application Data\Mozilla\Firefox\Profiles\6r8tz0jq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.204:C:\Documents and Settings\Ze.NERY\Application Data\Mozilla\Firefox\Profiles\6r8tz0jq.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.205:C:\Documents and Settings\Ze.NERY\Application Data\Mozilla\Firefox\Profiles\6r8tz0jq.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.206:C:\Documents and Settings\Ze.NERY\Application Data\Mozilla\Firefox\Profiles\6r8tz0jq.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
::Report end
thx.
teacup61
2007-02-06, 14:28
Hello,
That found a couple of things....let's see if there might be others.
Download and Save blacklight to your desktop.
F-Secure Blacklight: https://europe.f-secure.com/blacklight/try.shtml
Double-click blbeta.exe then accept the agreement.
click > scan then > next,
You'll see a list of all items found.
Don't choose rename yet! I want to see the log first, because legit items can also be present there...
There must be also a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers)
Post the contents of the log in your next reply.
Download Silent Runners.zip (http://tinyurl.com/8bmsr) and extract it to a new folder on your Desktop. Run the Silent Runners.vbs file. You will receive a prompt: "Do you want to skip supplementary searches?" - click "NO." If your antivirus has a script blocker, you will get a warning asking if you want to allow Silent Runners.vbs to run. This script is not malicious so please allow it. A text file will appear in the folder - it's not done, let it run. (It won't appear to be doing anything!) Once the "All Done!" prompt flashes up, open the text file, and copy & paste it in your next reply.
How is your computer running? :)
Thanks,
tea
Hello :)
fsbl log:
02/06/07 16:53:48 [Info]: BlackLight Engine 1.0.55 initialized
02/06/07 16:53:48 [Info]: OS: 5.1 build 2600 ()
02/06/07 16:53:49 [Note]: 7019 4
02/06/07 16:53:49 [Note]: 7005 0
02/06/07 16:54:01 [Note]: 7006 0
02/06/07 16:54:01 [Note]: 7011 1788
02/06/07 16:54:01 [Note]: 7026 0
02/06/07 16:54:02 [Note]: 7026 0
02/06/07 16:55:09 [Note]: FSRAW library version 1.7.1021
02/06/07 17:15:53 [Note]: 7007 0
"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS1\System32\ctfmon.exe" [MS]
"DAEMON Tools" = ""C:\Programas\DAEMON Tools\daemon.exe" -lang 1033" ["DT Soft Ltd."]
"MsnMsgr" = ""C:\Programas\MSN Messenger\MsnMsgr.Exe" /background" [MS]
"SpybotSD TeaTimer" = "C:\Programas\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"IgfxTray" = "C:\WINDOWS1\System32\igfxtray.exe" ["Intel Corporation"]
"HotKeysCmds" = "C:\WINDOWS1\System32\hkcmd.exe" ["Intel Corporation"]
"PRONoMgr.exe" = "C:\Programas\Intel\NCS\PROSet\PRONoMgr.exe" ["Intel(R) Corporation"]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"ZoneAlarm Client" = ""C:\Programas\Zone Labs\ZoneAlarm\zlclient.exe"" ["Zone Labs, LLC"]
"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]
"Acrobat Assistant 7.0" = ""C:\Programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"" ["Adobe Systems Inc."]
"(Default)" = "(empty string)" [file not found]
"HP Software Update" = ""C:\Programas\HP\HP Software Update\HPWuSchd.exe"" ["Hewlett-Packard"]
"HP Component Manager" = ""C:\Programas\HP\hpcoretech\hpcmpmgr.exe"" ["Hewlett-Packard Company"]
"SunJavaUpdateSched" = ""C:\Programas\Java\jre1.5.0_10\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"QuickTime Task" = ""C:\Programas\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"!AVG Anti-Spyware" = ""C:\Programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized" ["Anti-Malware Development a.s."]
"WinampAgent" = "C:\Programas\Winamp\winampa.exe" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\(Default) = "BitComet ClickCapture"
-> {HKLM...CLSID} = "BitComet Helper"
\InProcServer32\(Default) = "C:\Programas\BitComet\tools\BitCometBHO.dll" [null data]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Programas\Java\jre1.5.0_10\bin\ssv.dll" ["Sun Microsystems, Inc."]
{AE7CD045-E861-484f-8273-0445EE161910}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEToolbarHelper Class"
\InProcServer32\(Default) = "C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Apresentar extensão de panorâmica CPL"
-> {HKLM...CLSID} = "Apresentar extensão de panorâmica CPL"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extensão de ícone HyperTerminal"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS1\System32\hticons.dll" ["Hilgraeve, Inc."]
"{D9872D13-7651-4471-9EEE-F0A00218BEBB}" = "Multiscan"
-> {HKLM...CLSID} = "ZLAVShExt Class"
\InProcServer32\(Default) = "C:\Programas\Zone Labs\ZoneAlarm\zlavscan.dll" ["Zone Labs, LLC"]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "Minhas Pastas de Compartilhamento"
\InProcServer32\(Default) = "C:\Programas\MSN Messenger\fsshext.8.1.0178.00.dll" [MS]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Programas\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programas\WinRAR\rarext.dll" [null data]
"{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" = "Adobe.Acrobat.ContextMenu"
-> {HKLM...CLSID} = "Acrobat Elements Context Menu"
\InProcServer32\(Default) = "C:\Programas\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Extensão de ícones de ficheiros do Outlook"
\InProcServer32\(Default) = "C:\Programas\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programas\Microsoft Office\Office10\msohev.dll" [MS]
"{3FCEF010-09A4-11D4-8D3B-D12F9D3D8B02}" = "TIShelEx Shell Extension"
-> {HKLM...CLSID} = "FileTimeShlExt Class"
\InProcServer32\(Default) = "C:\PROGRA~1\FICHEI~1\TISHAR~1\TICONN~1\TIShlExt.dll" ["Texas Instruments Incorporated"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Programas\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["Anti-Malware Development a.s."]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> igfxcui\DLLName = "igfxsrvc.dll" ["Intel Corporation"]
HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Programas\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
Adobe.Acrobat.ContextMenu\(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"
-> {HKLM...CLSID} = "Acrobat Elements Context Menu"
\InProcServer32\(Default) = "C:\Programas\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Programas\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Programas\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programas\WinRAR\rarext.dll" [null data]
ZLAVShExt\(Default) = "{D9872D13-7651-4471-9EEE-F0A00218BEBB}"
-> {HKLM...CLSID} = "ZLAVShExt Class"
\InProcServer32\(Default) = "C:\Programas\Zone Labs\ZoneAlarm\zlavscan.dll" ["Zone Labs, LLC"]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Programas\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programas\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Programas\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programas\WinRAR\rarext.dll" [null data]
ZLAVShExt\(Default) = "{D9872D13-7651-4471-9EEE-F0A00218BEBB}"
-> {HKLM...CLSID} = "ZLAVShExt Class"
\InProcServer32\(Default) = "C:\Programas\Zone Labs\ZoneAlarm\zlavscan.dll" ["Zone Labs, LLC"]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
"AllowLegacyWebView" = (REG_DWORD) hex:0x00000001
{unrecognized setting}
"AllowUnhashedWebView" = (REG_DWORD) hex:0x00000001
{unrecognized setting}
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"DisableRegistryTools" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|System|
Prevent access to registry editing tools}
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\Documents and Settings\Ze.NERY\Os meus documentos\As minhas imagens\2006tranceenergywallpaperlarge.jpg"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Ze.NERY\Definições locais\Application Data\Microsoft\Wallpaper1.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS1\System32\logon.scr" [MS]
Startup items in "Ze" & "All Users" startup folders:
----------------------------------------------------
C:\Documents and Settings\All Users.WINDOWS1\Menu Iniciar\Programas\Arranque
"Adobe Acrobat Speed Launcher" -> shortcut to: "C:\WINDOWS1\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe" [null data]
"Adobe Gamma Loader" -> shortcut to: "C:\Programas\Ficheiros comuns\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
"HP Digital Imaging Monitor" -> shortcut to: "C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe" ["Hewlett-Packard Co."]
"Microsoft Office" -> shortcut to: "C:\Programas\Microsoft Office\Office10\OSA.EXE -b -l" [MS]
Enabled Scheduled Tasks:
------------------------
"WebReg 20070131173958" -> launches: "C:\Programas\HP\Digital Imaging\bin\hpqwrg.exe /TaskName 20070131173958 /N "psc 1300 series" /M Q3501A /S MY47PD80KN9F /AP 303 /F /T " ["Hewlett-Packard Co."]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"
-> {HKLM...CLSID} = "Adobe PDF"
\InProcServer32\(Default) = "C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF"
\InProcServer32\(Default) = "C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{182EC0BE-5110-49C8-A062-BEB1D02A220B}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF"
\InProcServer32\(Default) = "C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.5.0_10"
\InProcServer32\(Default) = "C:\Programas\Java\jre1.5.0_10\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_10"
\InProcServer32\(Default) = "C:\Programas\Java\jre1.5.0_10\bin\npjpi150_10.dll" ["Sun Microsystems, Inc."]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
avast! Antivirus, avast! Antivirus, ""C:\Programas\Alwil Software\Avast4\ashServ.exe"" [null data]
avast! iAVS4 Control Service, aswUpdSv, ""C:\Programas\Alwil Software\Avast4\aswUpdSv.exe"" [null data]
avast! Mail Scanner, avast! Mail Scanner, ""C:\Programas\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""C:\Programas\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, "C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe" ["Anti-Malware Development a.s."]
Machine Debug Manager, MDM, ""C:\Programas\Ficheiros comuns\Microsoft Shared\VS7Debug\mdm.exe"" [MS]
Serviço de Compartilhamento de Pastas Messenger do USN Journal Reader, usnjsvc, ""C:\Programas\MSN Messenger\usnsvc.exe"" [MS]
TrueVector Internet Monitor, vsmon, "C:\WINDOWS1\system32\ZoneLabs\vsmon.exe -service" ["Zone Labs, LLC"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS1\System32\wdfmgr.exe" [MS]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
Adobe PDF Port\Driver = "C:\WINDOWS1\System32\AdobePDF.dll" ["Adobe Systems Incorporated."]
hpzsnt09\Driver = "hpzsnt09.dll" ["HP"]
----------
<<!>>: Suspicious data at a malware launch point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 343 seconds.
---------- (total run time: 1330 seconds)
Well, my PC is running well (sometimes it gets slow, but it's kinda normal I think, 'cause it's a "weak" PC :|), but I receive these annoying messages in each 30min (+|-)...no matter if I'm running a full-window program, it won't dissapear until I click in 'OK' buttom.
http://img217.imageshack.us/img217/1292/wtfkb3.gif
teacup61
2007-02-07, 07:24
Hello,
Let's put a little extra armor in place and see if that gets it.
Download the HostsXpert Here
http://www.funkytoad.com/download/HostsXpert.zip
Unzip HostsXpert to your desktop
Open up the HostsXpert program.
* Make sure that the "make hosts writable?" button in the upper right corner is enabled.
* Click back up Host files
* then click Restore orginal host files
* close program
Please download WinHelp2002's DelDomains by right-clicking on the following link, and choosing "Save Target As":
http://www.mvps.org/winhelp2002/DelDomains.inf
Save the file to the desktop. Then go to the desktop, right click on DelDomains.inf, and choose Install. You may not see any noticeable changes or prompts; this is normal. Then please restart your computer.
1. Download this file - combofix.exe (http://download.bleepingcomputer.com/sUBs/combofix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.
Let me know if you still get the alerts.
Thanks,
tea
Hello...
ComboFix 07-02-07 - Running from: "C:\Documents and Settings\Ze.NERY\Ambiente de trabalho"
((((((((((((((((((((((((((((((( Files Created from 2007-01-07 to 2007-02-07 ))))))))))))))))))))))))))))))))))
2007-02-05 20:48 <DIR> d-------- C:\Programas\Last.fm
2007-02-05 17:20 36,528 --------- C:\WINDOWS1\system32\drivers\PxHelp20.sys
2007-02-05 17:20 2,560 --------- C:\WINDOWS1\system32\drivers\cdralw2k.sys
2007-02-05 17:20 2,432 --------- C:\WINDOWS1\system32\drivers\cdr4_xp.sys
2007-02-05 17:20 129,784 --------- C:\WINDOWS1\system32\pxafs.dll
2007-02-05 17:20 115,880 --------- C:\WINDOWS1\system32\pxinsi64.exe
2007-02-05 17:16 <DIR> d-------- C:\Programas\Winamp
2007-02-05 15:38 3,968 --a------ C:\WINDOWS1\system32\drivers\AvgAsCln.sys
2007-02-05 15:37 <DIR> d-------- C:\Programas\Grisoft
2007-02-04 21:40 <DIR> d-------- C:\DOCUME~1\ZE982B~1.NER\DoctorWeb
2007-02-04 16:53 <DIR> d-------- C:\Programas\Propellerhead
2007-02-04 16:51 233,472 --a------ C:\WINDOWS1\system32\REX Shared Library.dll
2007-02-04 16:51 225,280 --a------ C:\WINDOWS1\system32\ReWire.dll
2007-02-04 16:51 <DIR> d-------- C:\DOCUME~1\ZE982B~1.NER\Application Data\Propellerhead Software
2007-02-04 16:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\Application Data\Propellerhead Software
2007-02-04 13:26 <DIR> d-------- C:\1a1f408368fdde8
2007-02-03 17:46 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\Application Data\Spybot - Search & Destroy
2007-02-03 15:42 56 --a------ C:\WINDOWS1\system\WinSec78159.dll
2007-02-03 15:42 <DIR> d-------- C:\Programas\Free MP3 Converter
2007-02-03 15:25 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\Application Data\{11A3B848-FFD6-49C0-80F9-4AFD6A8A3FEE}
2007-02-03 13:05 <DIR> d-------- C:\WINDOWS1\pss
2007-02-02 20:22 <DIR> d-------- C:\Programas\Native Instruments
2007-02-01 19:59 <DIR> d-------- C:\Programas\Gigabyte
2007-02-01 19:58 327,168 --a------ C:\WINDOWS1\IsUninst.exe
2007-02-01 14:07 <DIR> d-------- C:\DOCUME~1\ZE982B~1.NER\Gadu-Gadu
2007-02-01 13:51 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Contacts
2007-02-01 13:50 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Talkback
2007-02-01 13:49 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-02-01 13:49 <DIR> dr------- C:\DOCUME~1\ADMINI~1\Menu Iniciar
2007-02-01 13:49 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Modelos
2007-02-01 13:49 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Defini‡äes locais
2007-02-01 13:49 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Os meus documentos
2007-02-01 13:49 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Favoritos
2007-02-01 13:49 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Ambiente de trabalho
2007-02-01 13:04 <DIR> d--hs---- C:\WINDOWS1\CSC
2007-01-31 18:21 <DIR> d-------- C:\WINDOWS1\Sun
2007-01-31 18:21 <DIR> d-------- C:\DOCUME~1\ZE982B~1.NER\Application Data\Sun
2007-01-30 19:35 <DIR> d-------- C:\WINDOWS1\system32\appmgmt
2007-01-30 19:28 24,064 --a------ C:\DOCUME~1\ZE982B~1.NER\Application Data\GDIPFONTCACHEV1.DAT
2007-01-30 16:18 <DIR> d-------- C:\DOCUME~1\ZE982B~1.NER\Application Data\Apple Computer
2007-01-30 16:10 90,112 --a------ C:\WINDOWS1\system32\dpl100.dll
2007-01-30 16:10 856,064 --a------ C:\WINDOWS1\system32\xvidcore.dll
2007-01-30 16:10 568,850 --a------ C:\WINDOWS1\system32\x264vfw.dll
2007-01-30 16:10 3,596,288 --a------ C:\WINDOWS1\system32\qt-dx331.dll
2007-01-30 16:10 286,720 --a------ C:\WINDOWS1\system32\3ivxVfWCodec.dll
2007-01-30 16:10 217,088 --a------ C:\WINDOWS1\system32\xvidvfw.dll
2007-01-30 16:10 200,704 --a------ C:\WINDOWS1\system32\ssldivx.dll
2007-01-30 16:10 200,704 --a------ C:\WINDOWS1\system32\dtu100.dll
2007-01-30 16:10 157,696 --a------ C:\WINDOWS1\system32\unrar.dll
2007-01-30 16:10 1,044,480 --a------ C:\WINDOWS1\system32\libdivx.dll
2007-01-30 16:10 1,024,000 --a------ C:\WINDOWS1\system32\3ivx.dll
2007-01-30 16:09 619,156 --a------ C:\WINDOWS1\system32\divx.dll
2007-01-30 16:09 5,120 --a------ C:\WINDOWS1\system32\ff_vfw.dll
2007-01-30 16:09 <DIR> d-------- C:\Programas\K-Lite Codec Pack
2007-01-30 16:09 <DIR> d-------- C:\DOCUME~1\ZE982B~1.NER\Application Data\Real
2007-01-30 16:09 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\Application Data\Real
2007-01-30 15:52 <DIR> d-------- C:\Programas\QuickTime
2007-01-30 15:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\Application Data\Apple Computer
2007-01-30 15:47 <DIR> d-------- C:\Programas\Java
2007-01-30 15:46 <DIR> d-------- C:\Programas\Ficheiros comuns\Java
2007-01-30 14:50 <DIR> d-------- C:\WINDOWS1\Cache
2007-01-30 00:24 51,056 -ra------ C:\WINDOWS1\system32\drivers\hpzid412.sys
2007-01-30 00:24 16,496 -ra------ C:\WINDOWS1\system32\drivers\HPZipr12.sys
2007-01-30 00:23 21,488 -ra------ C:\WINDOWS1\system32\drivers\HPZius12.sys
2007-01-30 00:23 13,824 --a------ C:\WINDOWS1\system32\drivers\usbscan.sys
2007-01-29 23:58 626,960 -ra------ C:\WINDOWS1\system32\hpvaut32.dll
2007-01-29 23:58 487,424 -ra------ C:\WINDOWS1\system32\hpvcp70.dll
2007-01-29 23:58 44,544 -ra------ C:\WINDOWS1\system32\MSXML4a.dll
2007-01-29 23:58 344,064 -ra------ C:\WINDOWS1\system32\hpvcr70.dll
2007-01-29 23:52 43,488 --a------ C:\WINDOWS1\system32\drivers\AFS2K.SYS
2007-01-29 23:51 <DIR> d-------- C:\WINDOWS1\RegisteredPackages
2007-01-29 23:50 98,816 --a------ C:\WINDOWS1\system32\dmstyle.dll
2007-01-29 23:50 937,984 --a------ C:\WINDOWS1\system32\dxdiag.exe
2007-01-29 23:50 83,968 --a------ C:\WINDOWS1\system32\drivers\nabtsfec.sys
2007-01-29 23:50 80,896 --a------ C:\WINDOWS1\system32\dpvsetup.exe
2007-01-29 23:50 8,192 --a------ C:\WINDOWS1\system32\d3d8thk.dll
2007-01-29 23:50 797,184 --a------ C:\WINDOWS1\system32\d3dim700.dll
2007-01-29 23:50 77,824 --a------ C:\WINDOWS1\system32\dpmodemx.dll
2007-01-29 23:50 76,800 --a------ C:\WINDOWS1\system32\dpwsockx.dll
2007-01-29 23:50 76,800 --a------ C:\WINDOWS1\system32\dmscript.dll
2007-01-29 23:50 733,184 --a------ C:\WINDOWS1\system32\qedwipes.dll
2007-01-29 23:50 723,968 --a------ C:\WINDOWS1\system32\dpnet.dll
2007-01-29 23:50 7,424 --a------ C:\WINDOWS1\system32\drivers\mskssrv.sys
2007-01-29 23:50 68,096 --a------ C:\WINDOWS1\system32\dpnhupnp.dll
2007-01-29 23:50 667,648 --a------ C:\WINDOWS1\system32\dinput8.dll
2007-01-29 23:50 648,704 --a------ C:\WINDOWS1\system32\dinput.dll
2007-01-29 23:50 64,512 --a------ C:\WINDOWS1\system32\amstream.dll
2007-01-29 23:50 602,624 --a------ C:\WINDOWS1\system32\dx7vb.dll
2007-01-29 23:50 58,368 --a------ C:\WINDOWS1\system32\dmcompos.dll
2007-01-29 23:50 52,096 --a------ C:\WINDOWS1\system32\drivers\msdv.sys
2007-01-29 23:50 5,504 --a------ C:\WINDOWS1\system32\drivers\mstee.sys
2007-01-29 23:50 5,248 --a------ C:\WINDOWS1\system32\drivers\mspclock.sys
2007-01-29 23:50 491,520 --a------ C:\WINDOWS1\system32\dsdmoprp.dll
2007-01-29 23:50 47,104 --a------ C:\WINDOWS1\system32\wstdecod.dll
2007-01-29 23:50 467,968 --a------ C:\WINDOWS1\system32\diactfrm.dll
2007-01-29 23:50 45,696 --a------ C:\WINDOWS1\system32\drivers\stream.sys
2007-01-29 23:50 449,024 --a------ C:\WINDOWS1\system32\qdvd.dll
2007-01-29 23:50 44,544 --a------ C:\WINDOWS1\system32\dxdllreg.exe
2007-01-29 23:50 4,608 --a------ C:\WINDOWS1\system32\drivers\mspqm.sys
2007-01-29 23:50 4,096 --a------ C:\WINDOWS1\system32\ksuser.dll
2007-01-29 23:50 4,096 --a------ C:\WINDOWS1\system32\drivers\swenum.sys
2007-01-29 23:50 381,952 --a------ C:\WINDOWS1\system32\dpvoice.dll
2007-01-29 23:50 355,328 --a------ C:\WINDOWS1\system32\dsound.dll
2007-01-29 23:50 354,816 --a------ C:\WINDOWS1\system32\psisdecd.dll
2007-01-29 23:50 34,304 --a------ C:\WINDOWS1\system32\mciqtz32.dll
2007-01-29 23:50 33,280 --a------ C:\WINDOWS1\system32\dmloader.dll
2007-01-29 23:50 324,096 --a------ C:\WINDOWS1\system32\mswebdvd.dll
2007-01-29 23:50 32,768 --a------ C:\WINDOWS1\system32\dpnhpast.dll
2007-01-29 23:50 311,808 --a------ C:\WINDOWS1\system32\qdv.dll
2007-01-29 23:50 31,744 --a------ C:\WINDOWS1\system32\pid.dll
2007-01-29 23:50 3,072 --a------ C:\WINDOWS1\system32\dpnlobby.dll
2007-01-29 23:50 3,072 --a------ C:\WINDOWS1\system32\dpnaddr.dll
2007-01-29 23:50 284,160 --a------ C:\WINDOWS1\system32\ddraw.dll
2007-01-29 23:50 28,160 --a------ C:\WINDOWS1\system32\dplaysvr.exe
2007-01-29 23:50 27,136 --a------ C:\WINDOWS1\system32\dmband.dll
2007-01-29 23:50 257,024 --a------ C:\WINDOWS1\system32\qcap.dll
2007-01-29 23:50 24,064 --a------ C:\WINDOWS1\system32\ddrawex.dll
2007-01-29 23:50 223,232 --a------ C:\WINDOWS1\system32\gcdef.dll
2007-01-29 23:50 217,600 --a------ C:\WINDOWS1\system32\dplayx.dll
2007-01-29 23:50 19,968 --a------ C:\WINDOWS1\system32\dpvacm.dll
2007-01-29 23:50 186,880 --a------ C:\WINDOWS1\system32\dsdmo.dll
2007-01-29 23:50 18,944 --a------ C:\WINDOWS1\system32\encapi.dll
2007-01-29 23:50 18,688 --a------ C:\WINDOWS1\system32\drivers\wstcodec.sys
2007-01-29 23:50 18,432 --a------ C:\WINDOWS1\system32\dswave.dll
2007-01-29 23:50 171,520 --a------ C:\WINDOWS1\system32\dmime.dll
2007-01-29 23:50 16,896 --a------ C:\WINDOWS1\system32\msyuv.dll
2007-01-29 23:50 16,896 --a------ C:\WINDOWS1\system32\dpnsvr.exe
2007-01-29 23:50 16,384 --a------ C:\WINDOWS1\system32\drivers\ccdecode.sys
2007-01-29 23:50 15,104 --a------ C:\WINDOWS1\system32\drivers\mpe.sys
2007-01-29 23:50 14,976 --a------ C:\WINDOWS1\system32\drivers\streamip.sys
2007-01-29 23:50 132,096 --a------ C:\WINDOWS1\system32\devenum.dll
2007-01-29 23:50 130,304 --a------ C:\WINDOWS1\system32\drivers\ks.sys
2007-01-29 23:50 13,312 --a------ C:\WINDOWS1\system32\msdmo.dll
2007-01-29 23:50 116,736 --a------ C:\WINDOWS1\system32\dmusic.dll
2007-01-29 23:50 112,128 --a------ C:\WINDOWS1\system32\dpvvox.dll
2007-01-29 23:50 11,392 --a------ C:\WINDOWS1\system32\drivers\bdasup.sys
2007-01-29 23:50 100,864 --a------ C:\WINDOWS1\system32\dmsynth.dll
2007-01-29 23:50 10,880 --a------ C:\WINDOWS1\system32\drivers\slip.sys
2007-01-29 23:50 10,112 --a------ C:\WINDOWS1\system32\drivers\ndisip.sys
2007-01-29 23:50 1,962,496 --a------ C:\WINDOWS1\system32\quartz.dll
2007-01-29 23:50 1,798,144 --a------ C:\WINDOWS1\system32\qedit.dll
2007-01-29 23:50 1,675,264 --a------ C:\WINDOWS1\system32\dxdiagn.dll
2007-01-29 23:50 1,634,304 --a------ C:\WINDOWS1\system32\d3d9.dll
2007-01-29 23:50 1,294,336 --a------ C:\WINDOWS1\system32\dsound3d.dll
2007-01-29 23:50 1,230,336 --a------ C:\WINDOWS1\system32\msvidctl.dll
2007-01-29 23:50 1,189,888 --a------ C:\WINDOWS1\system32\dx8vb.dll
2007-01-29 23:50 1,177,600 --a------ C:\WINDOWS1\system32\d3d8.dll
2007-01-29 23:34 38,867 --------- C:\WINDOWS1\hpomdl03.dat
2007-01-29 23:34 29,227 --a------ C:\WINDOWS1\hpoins03.dat
2007-01-29 17:06 <DIR> d-------- C:\Programas\Ficheiros comuns\SpellEx
2007-01-29 17:03 <DIR> d-------- C:\WINDOWS1\system32\URTTEMP
2007-01-29 16:05 <DIR> dr--s---- C:\WINDOWS1\assembly
2007-01-29 16:03 <DIR> d-------- C:\WINDOWS1\Microsoft.NET
2007-01-29 15:40 49,536 --a------ C:\WINDOWS1\system32\drivers\tiehdusb.sys
2007-01-29 15:40 21,456 --a------ C:\WINDOWS1\system32\drivers\SilvrLnk.sys
2007-01-29 15:39 <DIR> d-------- C:\Programas\TI Education
2007-01-29 15:39 <DIR> d-------- C:\Programas\Ficheiros comuns\TI Shared
2007-01-29 15:26 <DIR> d-------- C:\Programas\Ficheiros comuns\Wise Installation Wizard
2007-01-28 18:43 24,832 --a------ C:\WINDOWS1\system32\drivers\usbprint.sys
2007-01-28 18:42 24,960 --a------ C:\WINDOWS1\system32\drivers\usbccgp.sys
2007-01-28 18:42 182,880 --a------ C:\WINDOWS1\system32\iuengine.dll
2007-01-28 13:24 <DIR> d-------- C:\WINDOWS1\ShellNew
2007-01-27 18:36 53,248 --a------ C:\WINDOWS1\system32\ImageOle.dll
2007-01-27 18:36 <DIR> d-------- C:\Programas\Ocean Technology
2007-01-27 15:37 2,560 --a------ C:\WINDOWS1\system32\bitcometres.dll
2007-01-27 15:32 <DIR> d-------- C:\DOCUME~1\ZE982B~1.NER\Application Data\AdobeUM
2007-01-27 15:09 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\Application Data\Adobe Systems
2007-01-27 15:08 <DIR> d-------- C:\DOCUME~1\ZE982B~1.NER\Application Data\Adobe
2007-01-27 15:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\Application Data\Adobe
2007-01-27 13:16 94,424 --a------ C:\WINDOWS1\system32\drivers\aswmon2.sys
2007-01-27 13:16 85,952 --a------ C:\WINDOWS1\system32\drivers\aswmon.sys
2007-01-27 13:16 43,176 --a------ C:\WINDOWS1\system32\drivers\aswTdi.sys
2007-01-27 13:16 31,560 --a------ C:\WINDOWS1\system32\drivers\aavmker4.sys
2007-01-27 13:16 23,352 --a------ C:\WINDOWS1\system32\drivers\aswRdr.sys
2007-01-27 13:15 90,112 --a------ C:\WINDOWS1\system32\AVASTSS.scr
2007-01-27 13:15 689,280 --a------ C:\WINDOWS1\system32\aswBoot.exe
2007-01-27 13:15 499,712 --a------ C:\WINDOWS1\system32\MSVCP71.dll
2007-01-27 13:15 348,160 --a------ C:\WINDOWS1\system32\MSVCR71.dll
2007-01-27 13:15 1,060,864 --a------ C:\WINDOWS1\system32\MFC71.dll
2007-01-27 13:15 <DIR> d-------- C:\Programas\Alwil Software
2007-01-26 22:03 <DIR> d-------- C:\DOCUME~1\ZE982B~1.NER\Contacts
2007-01-26 22:02 <DIR> d----c--- C:\WINDOWS1\system32\DRVSTORE
2007-01-26 21:52 <DIR> d-------- C:\Programas\DAEMON Tools
2007-01-26 21:45 646,392 --a------ C:\WINDOWS1\system32\drivers\sptd.sys
2007-01-26 21:45 4,212 ---h----- C:\WINDOWS1\system32\zllictbl.dat
2007-01-26 21:44 75,512 --a------ C:\WINDOWS1\zllsputility.exe
2007-01-26 21:44 11,264 --a------ C:\WINDOWS1\system32\SpOrder.dll
2007-01-26 21:44 1,087,216 --a------ C:\WINDOWS1\system32\zpeng24.dll
2007-01-26 21:44 <DIR> d-------- C:\WINDOWS1\system32\ZoneLabs
2007-01-26 21:43 <DIR> d-------- C:\WINDOWS1\Internet Logs
2007-01-26 21:30 32,768 --a------ C:\DOCUME~1\ZE982B~1.NER\index.dat
2007-01-26 21:28 0 --a------ C:\WINDOWS1\nsreg.dat
2007-01-26 21:28 <DIR> d-------- C:\DOCUME~1\ZE982B~1.NER\Application Data\Talkback
2007-01-26 21:24 79,616 --a------ C:\WINDOWS1\system32\drivers\wdmaud.sys
2007-01-26 21:24 57,472 --a------ C:\WINDOWS1\system32\drivers\sysaudio.sys
2007-01-26 21:24 54,272 --a------ C:\WINDOWS1\system32\drivers\swmidi.sys
2007-01-26 21:24 50,048 --a------ C:\WINDOWS1\system32\drivers\DMusic.sys
2007-01-26 21:24 5,632 --a------ C:\WINDOWS1\system32\drivers\splitter.sys
2007-01-26 21:24 40,960 --a------ C:\WINDOWS1\system32\ChCfg.exe
2007-01-26 21:24 2,816 --a------ C:\WINDOWS1\system32\drivers\drmkaud.sys
2007-01-26 21:24 159,232 --a------ C:\WINDOWS1\system32\drivers\kmixer.sys
2007-01-26 21:24 122,472 --a------ C:\WINDOWS1\system32\drivers\aec.sys
2007-01-26 21:23 577,536 --a------ C:\WINDOWS1\soundman.exe
2007-01-26 21:23 57,344 --a------ C:\WINDOWS1\system32\drivers\drmk.sys
2007-01-26 21:23 307,200 --a------ C:\WINDOWS1\alcupd.exe
2007-01-26 21:23 3,842,560 -ra------ C:\WINDOWS1\system32\drivers\alcxwdm.sys
2007-01-26 21:23 217,088 --a------ C:\WINDOWS1\Alcrmv.exe
2007-01-26 21:23 135,168 --a------ C:\WINDOWS1\system32\RtlCPAPI.dll
2007-01-26 21:23 135,040 --a------ C:\WINDOWS1\system32\drivers\portcls.sys
2007-01-26 21:23 10,476,032 --a------ C:\WINDOWS1\system32\RTLCPL.exe
2007-01-26 21:22 167,936 -ra------ C:\WINDOWS1\system32\igfxres.dll
2007-01-26 21:22 102,400 -ra------ C:\WINDOWS1\system32\drivers\ianswxp.sys
2007-01-26 21:21 61,440 -ra------ C:\WINDOWS1\system32\iAlmCoIn_v3929.dll
2007-01-26 21:21 495,616 -ra------ C:\WINDOWS1\system32\ialmgdev.dll
2007-01-26 21:21 49,152 -ra------ C:\WINDOWS1\system32\ialmrem.dll
2007-01-26 21:21 36,864 -ra------ C:\WINDOWS1\system32\igfxexps.dll
2007-01-26 21:21 24,064 -ra------ C:\WINDOWS1\system32\IntelNic.dll
2007-01-26 21:21 2,289,664 -ra------ C:\WINDOWS1\system32\ialmgicd.dll
2007-01-26 21:21 145,408 -ra------ C:\WINDOWS1\system32\drivers\e100b325.sys
2007-01-26 21:21 12,288 -ra------ C:\WINDOWS1\system32\e100bmsg.dll
2007-01-26 21:21 118,784 -ra------ C:\WINDOWS1\system32\Prounstl.exe
2007-01-26 21:21 106,496 -ra------ C:\WINDOWS1\system32\igfxext.exe
2007-01-26 21:20 86,016 -ra------ C:\WINDOWS1\system32\igfxdo.dll
2007-01-26 21:20 770,107 -ra------ C:\WINDOWS1\system32\ialmdd5.dll
2007-01-26 21:20 752,093 -ra------ C:\WINDOWS1\system32\drivers\ialmnt5.sys
2007-01-26 21:20 495,616 -ra------ C:\WINDOWS1\system32\igfxcfg.exe
2007-01-26 21:20 45,056 -ra------ C:\WINDOWS1\system32\igfxdgps.dll
2007-01-26 21:20 38,463 -ra------ C:\WINDOWS1\system32\ialmrnt5.dll
2007-01-26 21:20 344,064 -ra------ C:\WINDOWS1\system32\igfxsrvc.dll
2007-01-26 21:20 225,280 -ra------ C:\WINDOWS1\system32\igfxpph.dll
2007-01-26 21:20 225,280 -ra------ C:\WINDOWS1\system32\igfxeud.dll
2007-01-26 21:20 155,648 -ra------ C:\WINDOWS1\system32\igfxtray.exe
2007-01-26 21:20 153,275 -ra------ C:\WINDOWS1\system32\ialmdev5.dll
2007-01-26 21:20 151,552 -ra------ C:\WINDOWS1\system32\igfxdiag.exe
2007-01-26 21:20 139,264 -ra------ C:\WINDOWS1\system32\igfxdev.dll
2007-01-26 21:20 126,976 -ra------ C:\WINDOWS1\system32\igfxhk.dll
2007-01-26 21:20 126,976 -ra------ C:\WINDOWS1\system32\hkcmd.exe
2007-01-26 21:20 118,784 -ra------ C:\WINDOWS1\system32\hccutils.dll
2007-01-26 21:20 114,688 -ra------ C:\WINDOWS1\system32\igfxzoom.exe
2007-01-26 21:20 101,436 -ra------ C:\WINDOWS1\system32\ialmdnt5.dll
2007-01-26 21:20 1,245,184 -ra------ C:\WINDOWS1\system32\igfxress.dll
2007-01-26 21:17 50,688 --a------ C:\WINDOWS1\system32\drivers\usbhub.sys
2007-01-26 21:17 18,944 --a------ C:\WINDOWS1\system32\drivers\usbuhci.sys
2007-01-26 21:17 123,264 --a------ C:\WINDOWS1\system32\drivers\usbport.sys
2007-01-26 21:16 86,656 --a------ C:\WINDOWS1\system32\drivers\atapi.sys
2007-01-26 21:16 70,144 --a------ C:\WINDOWS1\system32\usbui.dll
2007-01-26 21:16 63,104 --a------ C:\WINDOWS1\system32\drivers\pci.sys
2007-01-26 21:16 36,352 --a------ C:\WINDOWS1\system32\drivers\isapnp.sys
2007-01-26 21:16 3,456 --a------ C:\WINDOWS1\system32\drivers\pciide.sys
2007-01-26 21:16 23,680 --a------ C:\WINDOWS1\system32\drivers\pciidex.sys
2007-01-26 21:16 <DIR> d-------- C:\WINDOWS1\system32\ReinstallBackups
2007-01-26 21:14 552 --a------ C:\WINDOWS1\system32\d3d8caps.dat
2007-01-26 21:12 2,621,440 --ah----- C:\DOCUME~1\ZE982B~1.NER\NTUSER.DAT
2007-01-26 21:12 <DIR> dr------- C:\DOCUME~1\ZE982B~1.NER\Os meus documentos
2007-01-26 21:12 <DIR> dr------- C:\DOCUME~1\ZE982B~1.NER\Menu Iniciar
2007-01-26 21:12 <DIR> dr------- C:\DOCUME~1\ZE982B~1.NER\Favoritos
2007-01-26 21:12 <DIR> d--hs---- C:\WINDOWS1\Installer
2007-01-26 21:12 <DIR> d--h----- C:\DOCUME~1\ZE982B~1.NER\Modelos
2007-01-26 21:12 <DIR> d--h----- C:\DOCUME~1\ZE982B~1.NER\Defini‡äes locais
2007-01-26 21:12 <DIR> d-------- C:\DOCUME~1\ZE982B~1.NER\Ambiente de trabalho
2007-01-26 21:10 786,432 --ah----- C:\DOCUME~1\LOCALS~1.NTA\NTUSER.DAT
2007-01-26 21:10 <DIR> d--h----- C:\DOCUME~1\LOCALS~1.NTA\Defini‡äes locais
2007-01-26 21:10 <DIR> d-------- C:\WINDOWS1\Prefetch
2007-01-26 21:09 786,432 --ah----- C:\DOCUME~1\NETWOR~1.NTA\NTUSER.DAT
2007-01-26 21:09 <DIR> d--h----- C:\DOCUME~1\NETWOR~1.NTA\Defini‡äes locais
2007-01-26 21:03 233,472 ---h----- C:\DOCUME~1\DEFAUL~1.WIN\NTUSER.DAT
2007-01-26 21:03 <DIR> d-------- C:\WINDOWS1\system32\xircom
2007-01-26 21:02 112,128 --a------ C:\WINDOWS1\system32\mapi32.dll
2007-01-26 21:01 <DIR> dr------- C:\WINDOWS1\Offline Web Pages
2007-01-26 21:01 <DIR> d--hs---- C:\DOCUME~1\ALLUSE~1.WIN\DRM
2007-01-26 21:01 <DIR> d---s---- C:\WINDOWS1\Downloaded Program Files
2007-01-26 21:00 90,624 --a------ C:\WINDOWS1\system32\msoert2.dll
2007-01-26 21:00 73,728 --a------ C:\WINDOWS1\system32\ils.dll
2007-01-26 21:00 70,400 --a------ C:\WINDOWS1\system32\drivers\sr.sys
2007-01-26 21:00 65,536 --a------ C:\WINDOWS1\system32\msconf.dll
2007-01-26 21:00 61,952 --a------ C:\WINDOWS1\system32\srclient.dll
2007-01-26 21:00 40,960 --a------ C:\WINDOWS1\system32\safrslv.dll
2007-01-26 21:00 39,424 --a------ C:\WINDOWS1\system32\safrcdlg.dll
2007-01-26 21:00 33,792 --a------ C:\WINDOWS1\system32\racpldlg.dll
2007-01-26 21:00 32,768 --a------
C:\WINDOWS1\system32\mnmsrvc.exe
2007-01-26 21:00 32,384 --a------ C:\WINDOWS1\system32\mnmdd.dll
2007-01-26 21:00 28,672 --a------ C:\WINDOWS1\system32\isrdbg32.dll
2007-01-26 21:00 26,624 --a------ C:\WINDOWS1\system32\safrdm.dll
2007-01-26 21:00 24,576 --a------ C:\WINDOWS1\system32\nmmkcert.dll
2007-01-26 21:00 220,672 --a------ C:\WINDOWS1\system32\srrstr.dll
2007-01-26 21:00 179,712 --a------ C:\WINDOWS1\system32\qmgr.dll
2007-01-26 21:00 17,408 --a------ C:\WINDOWS1\system32\qmgrprxy.dll
2007-01-26 21:00 155,648 --a------ C:\WINDOWS1\system32\srsvc.dll
2007-01-26 21:00 12,288 --a------ C:\WINDOWS1\system32\nmevtmsg.dll
2007-01-26 21:00 11,264 --a------ C:\WINDOWS1\system32\atrace.dll
2007-01-26 21:00 <DIR> d-------- C:\WINDOWS1\system32\Restore
2007-01-26 21:00 <DIR> d-------- C:\WINDOWS1\system32\Macromed
2007-01-26 21:00 <DIR> d-------- C:\WINDOWS1\system32\DirectX
2007-01-26 21:00 <DIR> d-------- C:\WINDOWS1\srchasst
2007-01-26 21:00 <DIR> d-------- C:\WINDOWS1\PCHEALTH
2007-01-26 20:59 9,728 --a------ C:\WINDOWS1\system32\mstinit.exe
2007-01-26 20:59 81,920 --a------ C:\WINDOWS1\system32\isign32.dll
2007-01-26 20:59 71,680 --a------ C:\WINDOWS1\system32\acctres.dll
2007-01-26 20:59 69,632 --a------ C:\WINDOWS1\system32\icwdial.dll
2007-01-26 20:59 61,440 --a------ C:\WINDOWS1\system32\icwphbk.dll
2007-01-26 20:59 593,920 --a------ C:\WINDOWS1\system32\inetcomm.dll
2007-01-26 20:59 49,664 --a------ C:\WINDOWS1\system32\inetres.dll
2007-01-26 20:59 274,432 --a------ C:\WINDOWS1\system32\inetcfg.dll
2007-01-26 20:59 254,464 --a------ C:\WINDOWS1\system32\mstask.dll
2007-01-26 20:59 228,864 --a------ C:\WINDOWS1\system32\msoeacct.dll
2007-01-26 20:59 21,924 --a------ C:\WINDOWS1\system32\emptyregdb.dat
2007-01-26 20:59 160,256 --a------ C:\WINDOWS1\system32\schedsvc.dll
2007-01-26 20:59 16,384 --a------ C:\WINDOWS1\system32\icfgnt5.dll
2007-01-26 20:59 <DIR> d---s---- C:\WINDOWS1\Tasks
2007-01-26 20:58 95,744 --a------ C:\WINDOWS1\system32\wuaueng.dll
2007-01-26 20:58 9,728 --a------ C:\WINDOWS1\system32\xolehlp.dll
2007-01-26 20:58 88,576 --a------ C:\WINDOWS1\system32\tscfgwmi.dll
2007-01-26 20:58 869,376 --a------ C:\WINDOWS1\system32\msdtctm.dll
2007-01-26 20:58 85,504 --a------ C:\WINDOWS1\system32\catsrvps.dll
2007-01-26 20:58 83,968 --a------ C:\WINDOWS1\system32\mtxoci.dll
2007-01-26 20:58 82,432 --a------ C:\WINDOWS1\system32\comrepl.dll
2007-01-26 20:58 81,408 --a------ C:\WINDOWS1\system32\charmap.exe
2007-01-26 20:58 8,704 --a------ C:\WINDOWS1\system32\icaapi.dll
2007-01-26 20:58 73,864 --a------ C:\WINDOWS1\system32\rdpwsx.dll
2007-01-26 20:58 73,216 --a------ C:\WINDOWS1\system32\avwav.dll
2007-01-26 20:58 685,568 --a------ C:\WINDOWS1\system32\getuname.dll
2007-01-26 20:58 61,952 --a------ C:\WINDOWS1\system32\rdshost.exe
2007-01-26 20:58 6,144 --a------ C:\WINDOWS1\system32\msdtc.exe
2007-01-26 20:58 583,168 --a------ C:\WINDOWS1\system32\catsrvut.dll
2007-01-26 20:58 57,344 --a------ C:\WINDOWS1\system32\sol.exe
2007-01-26 20:58 57,344 --a------ C:\WINDOWS1\system32\remotepg.dll
2007-01-26 20:58 56,832 --a------ C:\WINDOWS1\system32\colbact.dll
2007-01-26 20:58 55,296 --a------ C:\WINDOWS1\system32\freecell.exe
2007-01-26 20:58 54,784 --a------ C:\WINDOWS1\system32\msdtclog.dll
2007-01-26 20:58 54,272 --a------ C:\WINDOWS1\system32\stclient.dll
2007-01-26 20:58 534,528 --a------ C:\WINDOWS1\system32\spider.exe
2007-01-26 20:58 503,296 --a------ C:\WINDOWS1\system32\mstscax.dll
2007-01-26 20:58 5,632 --a------ C:\WINDOWS1\system32\write.exe
2007-01-26 20:58 5,120 --a------
C:\WINDOWS1\system32\dcomcnfg.exe
2007-01-26 20:58 496,128 --a------ C:\WINDOWS1\system32\hypertrm.dll
2007-01-26 20:58 495,616 --a------ C:\WINDOWS1\system32\comuid.dll
2007-01-26 20:58 468,480 --a------ C:\WINDOWS1\system32\clbcatq.dll
2007-01-26 20:58 44,544 --a------ C:\WINDOWS1\system32\hticons.dll
2007-01-26 20:58 41,984 --a------ C:\WINDOWS1\system32\rdpclip.exe
2007-01-26 20:58 40,448 --a------ C:\WINDOWS1\system32\tscupgrd.exe
2007-01-26 20:58 4,608 --a------ C:\WINDOWS1\system32\rdpcfgex.dll
2007-01-26 20:58 4,096 --a------ C:\WINDOWS1\system32\wuauserv.dll
2007-01-26 20:58 4,096 --a------ C:\WINDOWS1\system32\mtxex.dll
2007-01-26 20:58 388,096 --a------ C:\WINDOWS1\system32\mstsc.exe
2007-01-26 20:58 360,960 --a------ C:\WINDOWS1\system32\msdtcprx.dll
2007-01-26 20:58 35,328 --a------ C:\WINDOWS1\system32\winchat.exe
2007-01-26 20:58 343,040 --a------ C:\WINDOWS1\system32\mspaint.exe
2007-01-26 20:58 33,792 --a------ C:\WINDOWS1\system32\regini.exe
2007-01-26 20:58 33,280 --a------ C:\WINDOWS1\system32\cfgbkend.dll
2007-01-26 20:58 25,600 --a------ C:\WINDOWS1\system32\comaddin.dll
2007-01-26 20:58 25,088 --a------ C:\WINDOWS1\system32\mtxlegih.dll
2007-01-26 20:58 231,936 --a------ C:\WINDOWS1\system32\avtapi.dll
2007-01-26 20:58 22,528 --a------ C:\WINDOWS1\system32\qwinsta.exe
2007-01-26 20:58 22,528 --a------ C:\WINDOWS1\system32\msg.exe
2007-01-26 20:58 215,040 --a------ C:\WINDOWS1\system32\catsrv.dll
2007-01-26 20:58 200,192 --a------ C:\WINDOWS1\system32\termsrv.dll
2007-01-26 20:58 20,480 --a------ C:\WINDOWS1\system32\mtxdm.dll
2007-01-26 20:58 20,232 --a------ C:\WINDOWS1\system32\drivers\tdtcp.sys
2007-01-26 20:58 183,808 --a------ C:\WINDOWS1\system32\accwiz.exe
2007-01-26 20:58 18,944 --a------ C:\WINDOWS1\system32\qprocess.exe
2007-01-26 20:58 17,408 --a------ C:\WINDOWS1\system32\tsshutdn.exe
2007-01-26 20:58 17,408 --a------ C:\WINDOWS1\system32\qappsrv.exe
2007-01-26 20:58 16,384 --a------ C:\WINDOWS1\system32\tskill.exe
2007-01-26 20:58 16,384 --a------ C:\WINDOWS1\system32\rwinsta.exe
2007-01-26 20:58 16,384 --a------ C:\WINDOWS1\system32\avmeter.dll
2007-01-26 20:58 151,040 --a------ C:\WINDOWS1\system32\msdtcuiu.dll
2007-01-26 20:58 15,872 --a------ C:\WINDOWS1\system32\logoff.exe
2007-01-26 20:58 15,872 --a------ C:\WINDOWS1\system32\cdmodem.dll
2007-01-26 20:58 15,360 --a------ C:\WINDOWS1\system32\tscon.exe
2007-01-26 20:58 15,360 --a------ C:\WINDOWS1\system32\shadow.exe
2007-01-26 20:58 147,456 --a------ C:\WINDOWS1\system32\comsnap.dll
2007-01-26 20:58 14,848 --a------ C:\WINDOWS1\system32\tsdiscon.exe
2007-01-26 20:58 14,848 --a------ C:\WINDOWS1\system32\rdpsnd.dll
2007-01-26 20:58 139,776 --a------ C:\WINDOWS1\system32\sndvol32.exe
2007-01-26 20:58 134,656 --a------ C:\WINDOWS1\system32\rdchost.dll
2007-01-26 20:58 131,584 --a------ C:\WINDOWS1\system32\sessmgr.exe
2007-01-26 20:58 128,000 --a------ C:\WINDOWS1\system32\mshearts.exe
2007-01-26 20:58 125,440 --a------ C:\WINDOWS1\system32\sndrec32.exe
2007-01-26 20:58 12,288 --a------ C:\WINDOWS1\system32\rdsaddin.exe
2007-01-26 20:58 119,808 --a------ C:\WINDOWS1\system32\winmine.exe
2007-01-26 20:58 118,272 --a------ C:\WINDOWS1\system32\mplay32.exe
2007-01-26 20:58 115,200 --a------ C:\WINDOWS1\system32\calc.exe
2007-01-26 20:58 114,176 --a------ C:\WINDOWS1\system32\wuauclt.exe
2007-01-26 20:58 11,144 --a------ C:\WINDOWS1\system32\drivers\tdpipe.sys
2007-01-26 20:58 107,912 --a------ C:\WINDOWS1\system32\drivers\rdpwd.sys
2007-01-26 20:58 101,376 --a------ C:\WINDOWS1\system32\clipbrd.exe
2007-01-26 20:58 100,864 --a------ C:\WINDOWS1\system32\clbcatex.dll
2007-01-26 20:58 10,240 --a------ C:\WINDOWS1\system32\reset.exe
2007-01-26 20:58 1,251 --a------ C:\WINDOWS1\system32\usrlogon.cmd
2007-01-26 20:58 1,139,200 --a------ C:\WINDOWS1\system32\comsvcs.dll
2007-01-26 20:58 <DIR> d-------- C:\WINDOWS1\system32\MsDtc
2007-01-26 20:58 <DIR> d-------- C:\WINDOWS1\system32\Com
2007-01-26 20:58 <DIR> d-------- C:\WINDOWS1\Registration
2007-01-26 20:57 57,344 --a------ C:\WINDOWS1\system32\licwmi.dll
2007-01-26 20:57 53,248 --a------ C:\WINDOWS1\system32\servdeps.dll
2007-01-26 20:57 37,896 --a------ C:\WINDOWS1\system32\drivers\termdd.sys
2007-01-26 20:57 181,632 --a------ C:\WINDOWS1\system32\drivers\rdpdr.sys
2007-01-26 20:57 178,176 --a------ C:\WINDOWS1\system32\cmprops.dll
2007-01-26 20:57 16,384 --a------ C:\WINDOWS1\system32\mmfutil.dll
2007-01-26 20:53 3,072 --a------ C:\WINDOWS1\system32\drivers\audstub.sys
2007-01-26 20:52 56,960 --a------ C:\WINDOWS1\system32\drivers\redbook.sys
2007-01-26 20:48 9,936 --a------ C:\WINDOWS1\system\LZEXPAND.DLL
2007-01-26 20:48 9,163 --a------ C:\WINDOWS1\system\VER.DLL
2007-01-26 20:48 86,044 --a------ C:\WINDOWS1\system32\dgsetup.dll
2007-01-26 20:48 82,944 --a------ C:\WINDOWS1\system\OLECLI.DLL
2007-01-26 20:48 8,192 -ra------ C:\WINDOWS1\system32\kbdhept.dll
2007-01-26 20:48 72,192 --a------ C:\WINDOWS1\system32\storprop.dll
2007-01-26 20:48 70,352 --a------ C:\WINDOWS1\system\MMSYSTEM.DLL
2007-01-26 20:48 70,272 --a------ C:\WINDOWS1\system\AVICAP.DLL
2007-01-26 20:48 7,168 -ra------ C:\WINDOWS1\system32\kbdcz.dll
2007-01-26 20:48 67,584 --a------ C:\WINDOWS1\NOTEPAD.EXE
2007-01-26 20:48 6,656 -ra------ C:\WINDOWS1\system32\kbdycl.dll
2007-01-26 20:48 6,656 -ra------ C:\WINDOWS1\system32\kbdsl1.dll
2007-01-26 20:48 6,656 -ra------ C:\WINDOWS1\system32\kbdsl.dll
2007-01-26 20:48 6,656 -ra------ C:\WINDOWS1\system32\kbdpl.dll
2007-01-26 20:48 6,656 -ra------ C:\WINDOWS1\system32\kbdhu.dll
2007-01-26 20:48 6,656 -ra------ C:\WINDOWS1\system32\kbdhela3.dll
2007-01-26 20:48 6,656 -ra------ C:\WINDOWS1\system32\kbdcz2.dll
2007-01-26 20:48 6,656 -ra------ C:\WINDOWS1\system32\kbdcz1.dll
2007-01-26 20:48 6,656 -ra------ C:\WINDOWS1\system32\kbdcr.dll
2007-01-26 20:48 6,656 -ra------ C:\WINDOWS1\system32\KBDAL.DLL
2007-01-26 20:48 6,656 --a------ C:\WINDOWS1\system32\batt.dll
2007-01-26 20:48 6,144 -ra------ C:\WINDOWS1\system32\kbdtuq.dll
2007-01-26 20:48 6,144 -ra------ C:\WINDOWS1\system32\kbdtuf.dll
2007-01-26 20:48 6,144 -ra------ C:\WINDOWS1\system32\kbdlv1.dll
2007-01-26 20:48 6,144 -ra------ C:\WINDOWS1\system32\kbdlv.dll
2007-01-26 20:48 6,144 -ra------ C:\WINDOWS1\system32\kbdhela2.dll
2007-01-26 20:48 6,144 -ra------ C:\WINDOWS1\system32\kbdgkl.dll
2007-01-26 20:48 6,144 -ra------ C:\WINDOWS1\system32\kbdest.dll
2007-01-26 20:48 5,632 -ra------ C:\WINDOWS1\system32\kbdro.dll
2007-01-26 20:48 5,632 -ra------ C:\WINDOWS1\system32\kbdpl1.dll
2007-01-26 20:48 5,632 -ra------ C:\WINDOWS1\system32\kbdmon.dll
2007-01-26 20:48 5,632 -ra------ C:\WINDOWS1\system32\kbdlt1.dll
2007-01-26 20:48 5,632 -ra------ C:\WINDOWS1\system32\kbdlt.dll
2007-01-26 20:48 5,632 -ra------ C:\WINDOWS1\system32\kbdkyr.dll
2007-01-26 20:48 5,632 -ra------ C:\WINDOWS1\system32\kbdhu1.dll
2007-01-26 20:48 5,632 -ra------ C:\WINDOWS1\system32\kbdhe319.dll
2007-01-26 20:48 5,632 -ra------ C:\WINDOWS1\system32\kbdhe220.dll
2007-01-26 20:48 5,632 -ra------ C:\WINDOWS1\system32\kbdhe.dll
2007-01-26 20:48 5,632 -ra------ C:\WINDOWS1\system32\kbdazel.dll
2007-01-26 20:48 5,120 --a------ C:\WINDOWS1\system\SHELL.DLL
2007-01-26 20:48 33,888 --a------ C:\WINDOWS1\system\COMMDLG.DLL
2007-01-26 20:48 24,661 --a------ C:\WINDOWS1\system32\spxcoins.dll
2007-01-26 20:48 24,064 --a------ C:\WINDOWS1\system\OLESVR.DLL
2007-01-26 20:48 19,200 --a------ C:\WINDOWS1\system\TAPI.DLL
2007-01-26 20:48 176,157 --a------ C:\WINDOWS1\system32\dgrpsetu.dll
2007-01-26 20:48 15,872 --a------ C:\WINDOWS1\TASKMAN.EXE
2007-01-26 20:48 13,312 --a------ C:\WINDOWS1\system32\irclass.dll
2007-01-26 20:48 127,168 --a------ C:\WINDOWS1\system\MSVIDEO.DLL
2007-01-26 20:48 109,536 --a------ C:\WINDOWS1\system\AVIFILE.DLL
2007-01-26 20:48 103,424 --a------ C:\WINDOWS1\system32\EqnClass.Dll
2007-01-26 20:48 10,496 --a------ C:\WINDOWS1\system32\drivers\irenum.sys
2007-01-26 20:48 <DIR> dr-h----- C:\DOCUME~1\DEFAUL~1.WIN\Defini‡äes locais
2007-01-26 20:48 <DIR> dr------- C:\DOCUME~1\DEFAUL~1.WIN\Menu Iniciar
2007-01-26 20:48 <DIR> dr------- C:\DOCUME~1\ALLUSE~1.WIN\Menu Iniciar
2007-01-26 20:48 <DIR> dr------- C:\DOCUME~1\ALLUSE~1.WIN\Documentos
2007-01-26 20:48 <DIR> d--h----- C:\DOCUME~1\DEFAUL~1.WIN\Modelos
2007-01-26 20:48 <DIR> d--h----- C:\DOCUME~1\ALLUSE~1.WIN\Modelos
2007-01-26 20:48 <DIR> d-------- C:\DOCUME~1\DEFAUL~1.WIN\Os meus documentos
2007-01-26 20:48 <DIR> d-------- C:\DOCUME~1\DEFAUL~1.WIN\Favoritos
2007-01-26 20:48 <DIR> d-------- C:\DOCUME~1\DEFAUL~1.WIN\Ambiente de trabalho
2007-01-26 20:48 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\Favoritos
2007-01-26 20:48 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\Ambiente de trabalho
2007-01-26 20:47 <DIR> d-------- C:\WINDOWS1\system32\CatRoot2
2007-01-26 20:47 <DIR> d-------- C:\WINDOWS1\system32\CatRoot
2007-01-26 20:42 <DIR> dr-hsc--- C:\WINDOWS1\system32\dllcache
2007-01-26 20:42 <DIR> dr--s---- C:\WINDOWS1\Fonts
2007-01-26 20:42 <DIR> dr------- C:\WINDOWS1\Web
2007-01-26 20:42 <DIR> d--h----- C:\WINDOWS1\inf
2007-01-26 20:42 <DIR> d-------- C:\WINDOWS1\WinSxS
2007-01-26 20:42 <DIR> d-------- C:\WINDOWS1\twain_32
2007-01-26 20:42 <DIR> d-------- C:\WINDOWS1\system32\wins
2007-01-26 20:42 <DIR> d-------- C:\WINDOWS1\system32\wbem
2007-01-26 20:42 <DIR> d-------- C:\WINDOWS1\system32\usmt
2007-01-26 20:42 <DIR> d-------- C:\WINDOWS1\system32\spool
2007-01-26 20:42 <DIR> d-------- C:\WINDOWS1\system32\ShellExt
2007-01-26 20:42 <DIR> d-------- C:\WINDOWS1\system32\Setup
2007-01-26 20:42 <DIR> d-------- C:\WINDOWS1\system32\ras
2007-01-26 20:42 <DIR> d-------- C:\WINDOWS1\system32\oobe
2007-01-26 20:42 <DIR> d-------- C:\WINDOWS1\system32\npp
2007-01-26 20:42 <DIR> d-------- C:\WINDOWS1\system32\mui
2007-01-26 20:42 <DIR> d-------- C:\WINDOWS1\system32\inetsrv
2007-01-26 20:42 <DIR> d-------- C:\WINDOWS1\system32\IME
2007-01-26 20:42 <DIR> d-------- C:\WINDOWS1\system32\icsxml
2007-01-26 20:42 <DIR> d-------- C:\WINDOWS1\system32\ias
2007-01-26 20:42 <DIR> d-------- C:\WINDOWS1\system32\export
2007-01-26 20:42 <DIR> d-------- C:\WINDOWS1\system32\drivers\etc
2007-01-26 20:42 <DIR> d-------- C:\WINDOWS1\system32\drivers\disdn
2007-01-26 20:42 <DIR> d-------- C:\WINDOWS1\system32\drivers
2007-01-26 20:42 <DIR> d-------- C:\WINDOWS1\system32\dhcp
2007-01-26 20:42 <DIR> d-------- C:\WINDOWS1\system32\config
2007-01-26 20:42 <DIR> d-------- C:\WINDOWS1\system32\3com_dmi
2007-01-26 20:42 <DIR> d-------- C:\WINDOWS1\system32\3076
2007-01-26 20:42 <DIR> d-------- C:\WINDOWS1\system32\2070
2007-01-26 20:42 <DIR> d-------- C:\WINDOWS1\system32\2052
2007-01-26 20:42 <DIR> d-------- C:\WINDOWS1\system32\1054
2007-01-26 20:42 <DIR> d-------- C:\WINDOWS1\system32\1042
2007-01-26 20:42 <DIR> d-------- C:\WINDOWS1\system32\1041
2007-01-26 20:42 <DIR> d-------- C:\WINDOWS1\system32\1037
2007-01-26 20:42 <DIR> d-------- C:\WINDOWS1\system32\1033
2007-01-26 20:42 <DIR> d-------- C:\WINDOWS1\system32\1031
2007-01-26 20:42 <DIR> d-------- C:\WINDOWS1\system32\1028
2007-01-26 20:42 <DIR> d-------- C:\WINDOWS1\system32\1025
2007-01-26 20:42 <DIR> d-------- C:\WINDOWS1\system32
2007-01-26 20:42 <DIR> d-------- C:\WINDOWS1\system
2007-01-26 20:42 <DIR> d-------- C:\WINDOWS1\security
2007-01-26 20:42 <DIR> d-------- C:\WINDOWS1\Resources
2007-01-26 20:42 <DIR> d-------- C:\WINDOWS1\repair
2007-01-26 20:42 <DIR> d-------- C:\WINDOWS1\mui
2007-01-26 20:42 <DIR> d-------- C:\WINDOWS1\msapps
2007-01-26 20:42 <DIR> d-------- C:\WINDOWS1\msagent
2007-01-26 20:42 <DIR> d-------- C:\WINDOWS1\Media
2007-01-26 20:42 <DIR> d-------- C:\WINDOWS1\java
2007-01-26 20:42 <DIR> d-------- C:\WINDOWS1\ime
2007-01-26 20:42 <DIR> d-------- C:\WINDOWS1\Help
2007-01-26 20:42 <DIR> d-------- C:\WINDOWS1\Driver Cache
2007-01-26 20:42 <DIR> d-------- C:\WINDOWS1\Debug
2007-01-26 20:42 <DIR> d-------- C:\WINDOWS1\Cursors
2007-01-26 20:42 <DIR> d-------- C:\WINDOWS1\Connection Wizard
2007-01-26 20:42 <DIR> d-------- C:\WINDOWS1\Config
2007-01-26 20:42 <DIR> d-------- C:\WINDOWS1\AppPatch
2007-01-26 20:42 <DIR> d-------- C:\WINDOWS1\addins
2007-01-26 20:42 <DIR> d-------- C:\WINDOWS1
2007-01-26 14:40 <DIR> d-------- C:\Programas\SmartFTP
2007-01-25 15:06 <DIR> d-------- C:\DOCUME~1\Ze\Application Data\AdobeUM
2007-01-25 15:02 <DIR> d-------- C:\Programas\Ficheiros comuns\Adobe Systems Shared
2007-01-25 15:02 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Adobe Systems
2007-01-24 22:55 <DIR> d-------- C:\Programas\D-Tools
2007-01-24 21:41 <DIR> d-------- C:\DOCUME~1\Ze\Application Data\Adobe
2007-01-24 21:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Adobe
2007-01-24 21:35 <DIR> d-------- C:\Programas\Ficheiros comuns\Adobe
2007-01-24 20:20 <DIR> d-------- C:\$WIN_NT$.~BT
2007-01-21 12:14 19,944 --a------ C:\DOCUME~1\Ze\Application Data\GDIPFONTCACHEV1.DAT
2007-01-20 23:54 <DIR> d-------- C:\Programas\XP Codec Pack
2007-01-20 22:08 <DIR> d-------- C:\Downloads
2007-01-20 22:06 <DIR> d-------- C:\Programas\BitComet Acceleration Patch
2007-01-20 22:03 <DIR> d-------- C:\Programas\BitComet
2007-01-20 18:04 <DIR> d-------- C:\Programas\Return to Castle Wolfenstein
2007-01-20 14:08 <DIR> d-------- C:\Programas\Gadu-Gadu
2007-01-20 14:08 <DIR> d-------- C:\DOCUME~1\Ze\Gadu-Gadu
2007-01-19 21:50 <DIR> d-------- C:\DOCUME~1\Ze\Application Data\Help
2007-01-19 21:47 <DIR> d-------- C:\DOCUME~1\Ze\Application Data\Jasc
2007-01-19 21:42 <DIR> d-------- C:\Programas\Jasc Software Inc
2007-01-19 12:53 51,056 --a------ C:\WINDOWS1\system32\sirenacm.dll
2007-01-17 18:09 <DIR> d-------- C:\Programas\Power Translator
2007-01-16 19:33 <DIR> d-------- C:\Programas\Miranda IM
2007-01-15 22:12 <DIR> d-------- C:\UnrealTournament
2007-01-12 21:45 <DIR> d-------- C:\etmin
2007-01-12 21:23 <DIR> d-------- C:\Programas\The All-Seeing Eye
2007-01-12 21:19 <DIR> d-------- C:\Programas\Wolfenstein - Enemy Territory
2007-01-12 15:00 <DIR> d-------- C:\Programas\Overland
2007-01-10 23:23 <DIR> d-------- C:\Programas\Ficheiros comuns\Hewlett-Packard
2007-01-10 23:16 <DIR> d-------- C:\Programas\Ficheiros comuns\HP
2007-01-10 22:50 <DIR> d-------- C:\Programas\HP
2007-01-10 22:41 <DIR> d-------- C:\WUTemp
2007-01-10 19:45 <DIR> d-------- C:\Programas\xpam
2007-01-10 16:19 <DIR> d-------- C:\Programas\Teamspeak2_RC2
2007-01-10 16:19 <DIR> d-------- C:\DOCUME~1\Ze\Application Data\teamspeak2
2007-01-09 21:04 <DIR> d--hs---- C:\RECYCLER
2007-01-09 17:57 <DIR> d-------- C:\Programas\eMule
2007-01-08 17:16 <DIR> d-------- C:\Programas\Hide IP Platinum
2007-01-07 17:24 <DIR> d-------- C:\Programas\AWC
2007-01-07 16:02 <DIR> d-------- C:\TopazChat
2007-01-07 14:44 <DIR> d-------- C:\Programas\Warcraft III
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-02-07 12:41 -------- d-------- C:\Programas\mozilla firefox
2007-02-05 17:49 -------- d-------- C:\Programas\msn messenger
2007-02-05 00:29 -------- d---s---- C:\DOCUME~1\ZE982B~1.NER\Application Data\microsoft
2007-01-30 15:53 -------- d--h----- C:\Programas\installshield installation information
2007-01-30 15:51 -------- d-------- C:\Programas\Ficheiros comuns\installshield
2007-01-29 17:14 73246 --a------ C:\WINDOWS1\system32\perfc016.dat
2007-01-29 17:14 448002 --a------ C:\WINDOWS1\system32\perfh016.dat
2007-01-28 18:44 -------- d--h----- C:\Programas\windowsupdate
2007-01-26 21:31 -------- d-------- C:\DOCUME~1\ZE982B~1.NER\Application Data\macromedia
2007-01-26 21:27 -------- d-------- C:\DOCUME~1\ZE982B~1.NER\Application Data\mozilla
2007-01-26 21:23 -------- d-------- C:\Programas\realtek ac97
2007-01-26 21:23 -------- d-------- C:\Programas\avrack
2007-01-26 21:12 -------- d-------- C:\Programas\messenger
2007-01-26 21:12 -------- d-------- C:\DOCUME~1\ZE982B~1.NER\Application Data\identities
2007-01-26 20:48 62 --ahs---- C:\DOCUME~1\ZE982B~1.NER\Application Data\desktop.ini
2007-01-06 22:16 -------- d-------- C:\Programas\realtek sound manager
2007-01-06 22:15 -------- d-------- C:\Programas\intel
2007-01-06 21:57 -------- d-------- C:\Programas\microsoft
frontpage
2007-01-06 21:56 0 -rahs---- C:\MSDOS.SYS
2007-01-06 21:56 0 -rahs---- C:\IO.SYS
2007-01-06 21:56 0 --a------ C:\CONFIG.SYS
2007-01-06 21:56 0 --a------ C:\AUTOEXEC.BAT
2007-01-06 21:55 -------- d-------- C:\Programas\servi‡os online
2007-01-06 21:54 -------- d-------- C:\Programas\movie maker
2007-01-06 21:54 -------- d-------- C:\Programas\Ficheiros comuns\mssoap
2007-01-06 21:52 -------- d-------- C:\Programas\windows nt
2007-01-06 21:52 -------- d-------- C:\Programas\msn gaming zone
2007-01-06 21:45 -------- d-------- C:\Programas\Ficheiros comuns\speechengines
2007-01-06 21:45 -------- d-------- C:\Programas\Ficheiros comuns\odbc
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"DAEMON Tools"="\"C:\\Programas\\DAEMON Tools\\daemon.exe\" -lang 1033"
"MsnMsgr"="\"C:\\Programas\\MSN Messenger\\MsnMsgr.Exe\" /background"
"SpybotSD TeaTimer"="C:\\Programas\\Spybot - Search & Destroy\\TeaTimer.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IgfxTray"="C:\\WINDOWS1\\System32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS1\\System32\\hkcmd.exe"
"PRONoMgr.exe"="C:\\Programas\\Intel\\NCS\\PROSet\\PRONoMgr.exe"
"SoundMan"="SOUNDMAN.EXE"
"ZoneAlarm Client"="\"C:\\Programas\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"Acrobat Assistant 7.0"="\"C:\\Programas\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""
@=""
"HP Software Update"="\"C:\\Programas\\HP\\HP Software Update\\HPWuSchd.exe\""
"HP Component Manager"="\"C:\\Programas\\HP\\hpcoretech\\hpcmpmgr.exe\""
"SunJavaUpdateSched"="\"C:\\Programas\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"QuickTime Task"="\"C:\\Programas\\QuickTime\\qttask.exe\" -atboottime"
"!AVG Anti-Spyware"="\"C:\\Programas\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"WinampAgent"="C:\\Programas\\Winamp\\winampa.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=dword:00000001
"AllowUnhashedWebView"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS1\tasks\WebReg 20070131173958.job
********************************************************************
catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 07-02-07 12:51:10
C:\Programas\DAEMON Tools\daemon.exe
C:\Programas\MSN Messenger\MsnMsgr.Exe
C:\Programas\Spybot - Search & Destroy\TeaTimer.exe
C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Programas\Alwil Software\Avast4\ashServ.exe
C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS1\System32\svchost.exe
C:\Programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Programas\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS1\System32\wuauclt.exe
C:\Programas\Mozilla Firefox\firefox.exe
C:\Programas\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Ze.NERY\Ambiente de trabalho\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programas\BitComet\tools\BitCometBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS1\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS1\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS1\System32\hkcmd.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Programas\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programas\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Programas\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programas\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [WinampAgent] C:\Programas\Winamp\winampa.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programas\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programas\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programas\Ficheiros comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download all links using BitComet - res://C:\Programas\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Programas\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Programas\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_10\bin\ssv.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS1\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Programas\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS1\System32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS1\system32\ZoneLabs\vsmon.exe
Sorry for making 4 replies in a row, but I wasn't able to put all in 1. (too many chars).
Regards,
Nery.
Reply #19 (above this one) is a mistake, sorry.
Logfile of HijackThis v1.99.1
Scan saved at 12:53:14, on 07-02-2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS1\System32\smss.exe
C:\WINDOWS1\system32\winlogon.exe
C:\WINDOWS1\system32\services.exe
C:\WINDOWS1\system32\lsass.exe
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\System32\svchost.exe
C:\WINDOWS1\system32\ZoneLabs\vsmon.exe
C:\WINDOWS1\Explorer.EXE
C:\WINDOWS1\system32\spoolsv.exe
C:\WINDOWS1\System32\igfxtray.exe
C:\WINDOWS1\System32\hkcmd.exe
C:\Programas\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS1\SOUNDMAN.EXE
C:\Programas\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Programas\HP\HP Software Update\HPWuSchd.exe
C:\Programas\HP\hpcoretech\hpcmpmgr.exe
C:\Programas\Java\jre1.5.0_10\bin\jusched.exe
C:\Programas\QuickTime\qttask.exe
C:\Programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programas\Winamp\winampa.exe
C:\Programas\DAEMON Tools\daemon.exe
C:\Programas\MSN Messenger\MsnMsgr.Exe
C:\Programas\Spybot - Search & Destroy\TeaTimer.exe
C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Programas\Alwil Software\Avast4\ashServ.exe
C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS1\System32\svchost.exe
C:\Programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Programas\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS1\System32\wuauclt.exe
C:\Programas\Mozilla Firefox\firefox.exe
C:\Programas\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Ze.NERY\Ambiente de trabalho\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programas\BitComet\tools\BitCometBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS1\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS1\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS1\System32\hkcmd.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Programas\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programas\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Programas\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programas\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [WinampAgent] C:\Programas\Winamp\winampa.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programas\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programas\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programas\Ficheiros comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download all links using BitComet - res://C:\Programas\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Programas\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Programas\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_10\bin\ssv.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS1\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Programas\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS1\System32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS1\system32\ZoneLabs\vsmon.exe
regards :)
teacup61
2007-02-07, 14:25
Hello,
Please turn on Windows Automatic Updates and let it download and install all the updates you said you couldn't get from the MS site. :) This sure will help.
How is it running?
Thanks!
tea
Ok I'm downloading some updates...shall I also update to SP2?
I still receive those annoying messages...let's see if after downloading all those new updates (except sp2, right?) they'll dissapear or not.
thx.
teacup61
2007-02-07, 20:43
(except sp2, right?) Right :bigthumb:
Hello, teacup61!
... after installing 80% of the new updates, I didn't get that annoying msg anymore ;)
maybe it's too soon to take conclusions, BUT ... my problem is solved, I think!
If I get this msgs again, I'll send you a PM, so you can open this thread again etc etc :laugh:
but if I don't get, I wanna thank you for all! Great work mate, really thanks for all. See you around ;)
You can close the thread now :)
Regards,
Nery.
:bigthumb: