Hello everyone, suddenly my avast, on my Windows XP SP2 stopped working, realizing that it is possible a virus, I tried to run hijackthis to have a log. That failed, with the message given on top. So I logged on my Windows Vista install and run from there. Found 10 files infected with the dread Beagle (that's what I get for giving admin access to my younger brother, lesson learned).

After removing I came back to XP to try to re-run hijackthis, same message. And search the intrawebs I found this thread here (http://forums.spybot.info/showthread.php?t=24935) and followed part of this advice. Run Combo-fix and HJT after (yeah it worked). And the logs are just below. Am I on the clear, or not yet. And can I reinstall avast? Not working anymore.

On a side note, when I try to boot on Safe Mode I get a message about "sptd.sys not loading" and it reboots automaticaly. Is this thanks to Beagle, or another problem?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:25:18, on 20/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Arquivos de programas\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe
C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe
C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\explorer.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Sol\Desktop\This.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [nTrayFw] C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Arquivos de programas\ASUS\AASP\1.00.15\AsRunHelp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\system32\umonit.exe
O4 - HKCU\..\Run: [NBJ] "C:\Arquivos de programas\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1186091684473
O17 - HKLM\System\CCS\Services\Tcpip\..\{AEDF4C5F-784D-421C-8811-B7E93E12A747}: NameServer = 208.67.222.222,208.67.220.200
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: MySQL - Unknown owner - C:\Arquivos.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7620 bytes

ComboFix 08-03-18.1 - Sol 2008-03-20 9:52:10.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1644 [GMT -3:00]
Executando de: C:\Documents and Settings\Sol\Desktop\Combo-Fix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\down
C:\WINDOWS\system32\drivers\down\101750.exe
C:\WINDOWS\system32\drivers\down\102968.exe
C:\WINDOWS\system32\drivers\down\105703.exe
C:\WINDOWS\system32\drivers\down\107203.exe
C:\WINDOWS\system32\drivers\down\108515.exe
C:\WINDOWS\system32\drivers\down\109484.exe
C:\WINDOWS\system32\drivers\down\111015.exe
C:\WINDOWS\system32\drivers\down\112765.exe
C:\WINDOWS\system32\drivers\down\113406.exe
C:\WINDOWS\system32\drivers\down\114031.exe
C:\WINDOWS\system32\drivers\down\11592921.exe
C:\WINDOWS\system32\drivers\down\11594968.exe
C:\WINDOWS\system32\drivers\down\11602375.exe
C:\WINDOWS\system32\drivers\down\11607906.exe
C:\WINDOWS\system32\drivers\down\11655640.exe
C:\WINDOWS\system32\drivers\down\116562.exe
C:\WINDOWS\system32\drivers\down\11660453.exe
C:\WINDOWS\system32\drivers\down\11674000.exe
C:\WINDOWS\system32\drivers\down\11684328.exe
C:\WINDOWS\system32\drivers\down\11692093.exe
C:\WINDOWS\system32\drivers\down\11702140.exe
C:\WINDOWS\system32\drivers\down\11704156.exe
C:\WINDOWS\system32\drivers\down\11708609.exe
C:\WINDOWS\system32\drivers\down\11714421.exe
C:\WINDOWS\system32\drivers\down\11734796.exe
C:\WINDOWS\system32\drivers\down\11736296.exe
C:\WINDOWS\system32\drivers\down\11739093.exe
C:\WINDOWS\system32\drivers\down\117406.exe
C:\WINDOWS\system32\drivers\down\118843.exe
C:\WINDOWS\system32\drivers\down\119343.exe
C:\WINDOWS\system32\drivers\down\119703.exe
C:\WINDOWS\system32\drivers\down\119937.exe
C:\WINDOWS\system32\drivers\down\121484.exe
C:\WINDOWS\system32\drivers\down\124828.exe
C:\WINDOWS\system32\drivers\down\125468.exe
C:\WINDOWS\system32\drivers\down\126671.exe
C:\WINDOWS\system32\drivers\down\127125.exe
C:\WINDOWS\system32\drivers\down\128656.exe
C:\WINDOWS\system32\drivers\down\131812.exe
C:\WINDOWS\system32\drivers\down\132046.exe
C:\WINDOWS\system32\drivers\down\132625.exe
C:\WINDOWS\system32\drivers\down\133640.exe
C:\WINDOWS\system32\drivers\down\137812.exe
C:\WINDOWS\system32\drivers\down\141843.exe
C:\WINDOWS\system32\drivers\down\143468.exe
C:\WINDOWS\system32\drivers\down\145328.exe
C:\WINDOWS\system32\drivers\down\145359.exe
C:\WINDOWS\system32\drivers\down\147078.exe
C:\WINDOWS\system32\drivers\down\14740625.exe
C:\WINDOWS\system32\drivers\down\14742359.exe
C:\WINDOWS\system32\drivers\down\14750546.exe
C:\WINDOWS\system32\drivers\down\14750812.exe
C:\WINDOWS\system32\drivers\down\14756187.exe
C:\WINDOWS\system32\drivers\down\14766515.exe
C:\WINDOWS\system32\drivers\down\14771078.exe
C:\WINDOWS\system32\drivers\down\14788406.exe
C:\WINDOWS\system32\drivers\down\14795281.exe
C:\WINDOWS\system32\drivers\down\14803453.exe
C:\WINDOWS\system32\drivers\down\14816562.exe
C:\WINDOWS\system32\drivers\down\148171.exe
C:\WINDOWS\system32\drivers\down\14817468.exe
C:\WINDOWS\system32\drivers\down\14821453.exe
C:\WINDOWS\system32\drivers\down\14848546.exe
C:\WINDOWS\system32\drivers\down\14868765.exe
C:\WINDOWS\system32\drivers\down\14870453.exe
C:\WINDOWS\system32\drivers\down\14873281.exe
C:\WINDOWS\system32\drivers\down\14893203.exe
C:\WINDOWS\system32\drivers\down\14895625.exe
C:\WINDOWS\system32\drivers\down\14898921.exe
C:\WINDOWS\system32\drivers\down\14901828.exe
C:\WINDOWS\system32\drivers\down\14906921.exe
C:\WINDOWS\system32\drivers\down\14908984.exe
C:\WINDOWS\system32\drivers\down\14917953.exe
C:\WINDOWS\system32\drivers\down\14948968.exe
C:\WINDOWS\system32\drivers\down\14957312.exe
C:\WINDOWS\system32\drivers\down\14957609.exe
C:\WINDOWS\system32\drivers\down\14962984.exe
C:\WINDOWS\system32\drivers\down\14971421.exe
C:\WINDOWS\system32\drivers\down\14976171.exe
C:\WINDOWS\system32\drivers\down\14977671.exe
C:\WINDOWS\system32\drivers\down\152406.exe
C:\WINDOWS\system32\drivers\down\156671.exe
C:\WINDOWS\system32\drivers\down\159984.exe
C:\WINDOWS\system32\drivers\down\161203.exe
C:\WINDOWS\system32\drivers\down\162015.exe
C:\WINDOWS\system32\drivers\down\168828.exe
C:\WINDOWS\system32\drivers\down\170609.exe
C:\WINDOWS\system32\drivers\down\172312.exe
C:\WINDOWS\system32\drivers\down\172609.exe
C:\WINDOWS\system32\drivers\down\176484.exe
C:\WINDOWS\system32\drivers\down\176687.exe
C:\WINDOWS\system32\drivers\down\180203.exe
C:\WINDOWS\system32\drivers\down\181953.exe
C:\WINDOWS\system32\drivers\down\182921.exe
C:\WINDOWS\system32\drivers\down\186750.exe
C:\WINDOWS\system32\drivers\down\188078.exe
C:\WINDOWS\system32\drivers\down\188875.exe
C:\WINDOWS\system32\drivers\down\193015.exe
C:\WINDOWS\system32\drivers\down\194546.exe
C:\WINDOWS\system32\drivers\down\196578.exe
C:\WINDOWS\system32\drivers\down\198140.exe
C:\WINDOWS\system32\drivers\down\200640.exe
C:\WINDOWS\system32\drivers\down\202171.exe
C:\WINDOWS\system32\drivers\down\203781.exe
C:\WINDOWS\system32\drivers\down\206250.exe
C:\WINDOWS\system32\drivers\down\206453.exe
C:\WINDOWS\system32\drivers\down\211234.exe
C:\WINDOWS\system32\drivers\down\214484.exe
C:\WINDOWS\system32\drivers\down\215718.exe
C:\WINDOWS\system32\drivers\down\217187.exe
C:\WINDOWS\system32\drivers\down\217437.exe
C:\WINDOWS\system32\drivers\down\219296.exe
C:\WINDOWS\system32\drivers\down\220093.exe
C:\WINDOWS\system32\drivers\down\220921.exe
C:\WINDOWS\system32\drivers\down\222421.exe
C:\WINDOWS\system32\drivers\down\224328.exe
C:\WINDOWS\system32\drivers\down\224859.exe
C:\WINDOWS\system32\drivers\down\224906.exe
C:\WINDOWS\system32\drivers\down\225093.exe
C:\WINDOWS\system32\drivers\down\225718.exe
C:\WINDOWS\system32\drivers\down\227015.exe
C:\WINDOWS\system32\drivers\down\227234.exe
C:\WINDOWS\system32\drivers\down\227859.exe
C:\WINDOWS\system32\drivers\down\228187.exe
C:\WINDOWS\system32\drivers\down\229812.exe
C:\WINDOWS\system32\drivers\down\229843.exe
C:\WINDOWS\system32\drivers\down\230031.exe
C:\WINDOWS\system32\drivers\down\231843.exe
C:\WINDOWS\system32\drivers\down\232062.exe
C:\WINDOWS\system32\drivers\down\233296.exe
C:\WINDOWS\system32\drivers\down\235796.exe
C:\WINDOWS\system32\drivers\down\235859.exe
C:\WINDOWS\system32\drivers\down\236500.exe
C:\WINDOWS\system32\drivers\down\237609.exe
C:\WINDOWS\system32\drivers\down\238281.exe
C:\WINDOWS\system32\drivers\down\238437.exe
C:\WINDOWS\system32\drivers\down\238828.exe
C:\WINDOWS\system32\drivers\down\239812.exe
C:\WINDOWS\system32\drivers\down\240718.exe
C:\WINDOWS\system32\drivers\down\241828.exe
C:\WINDOWS\system32\drivers\down\243937.exe
C:\WINDOWS\system32\drivers\down\244140.exe
C:\WINDOWS\system32\drivers\down\246000.exe
C:\WINDOWS\system32\drivers\down\247906.exe
C:\WINDOWS\system32\drivers\down\250296.exe
C:\WINDOWS\system32\drivers\down\252390.exe
C:\WINDOWS\system32\drivers\down\254609.exe
C:\WINDOWS\system32\drivers\down\261515.exe
C:\WINDOWS\system32\drivers\down\266968.exe
C:\WINDOWS\system32\drivers\down\271562.exe
C:\WINDOWS\system32\drivers\down\280250.exe
C:\WINDOWS\system32\drivers\down\284656.exe
C:\WINDOWS\system32\drivers\down\287515.exe
C:\WINDOWS\system32\drivers\down\288421.exe
C:\WINDOWS\system32\drivers\down\289843.exe
C:\WINDOWS\system32\drivers\down\293453.exe
C:\WINDOWS\system32\drivers\down\297390.exe
C:\WINDOWS\system32\drivers\down\302062.exe
C:\WINDOWS\system32\drivers\down\305906.exe
C:\WINDOWS\system32\drivers\down\306718.exe
C:\WINDOWS\system32\drivers\down\307671.exe
C:\WINDOWS\system32\drivers\down\308093.exe
C:\WINDOWS\system32\drivers\down\309796.exe
C:\WINDOWS\system32\drivers\down\313593.exe
C:\WINDOWS\system32\drivers\down\313890.exe
C:\WINDOWS\system32\drivers\down\314718.exe
C:\WINDOWS\system32\drivers\down\319234.exe
C:\WINDOWS\system32\drivers\down\319984.exe
C:\WINDOWS\system32\drivers\down\328640.exe
C:\WINDOWS\system32\drivers\down\333812.exe
C:\WINDOWS\system32\drivers\down\335359.exe
C:\WINDOWS\system32\drivers\down\337390.exe
C:\WINDOWS\system32\drivers\down\338890.exe
C:\WINDOWS\system32\drivers\down\341343.exe
C:\WINDOWS\system32\drivers\down\346687.exe
C:\WINDOWS\system32\drivers\down\348875.exe
C:\WINDOWS\system32\drivers\down\351546.exe
C:\WINDOWS\system32\drivers\down\353390.exe
C:\WINDOWS\system32\drivers\down\359328.exe
C:\WINDOWS\system32\drivers\down\361296.exe
C:\WINDOWS\system32\drivers\down\370312.exe
C:\WINDOWS\system32\drivers\down\86343.exe
C:\WINDOWS\system32\drivers\down\88343.exe
C:\WINDOWS\system32\drivers\down\96343.exe
C:\WINDOWS\system32\drivers\down\97187.exe
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\mdelk.exe
C:\WINDOWS\system32\wintems.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SROSA


((((((((((((((((((((((( Ficheiros criados de 2008-02-20 to 2008-03-20 ))))))))))))))))))))))))))))))))
.

2008-03-19 16:44 . 2008-03-19 16:44 176,768 --a------ C:\Temp\FxBeagle.exe
2008-03-16 17:28 . 1998-06-24 00:00 609,584 --a------ C:\WINDOWS\system32\COMCTL32.OCX
2008-03-16 17:28 . 1998-06-24 00:00 203,576 --a------ C:\WINDOWS\system32\RICHTX32.OCX
2008-03-16 17:17 . 2008-03-16 17:20 <DIR> d-------- C:\Arquivos de programas\UM Software Lab
2008-03-15 23:58 . 2008-03-16 00:31 <DIR> d-------- C:\Documents and Settings\Sol\Dados de aplicativos\Gizmo5
2008-03-15 23:55 . 2008-03-16 00:10 <DIR> d-------- C:\Documents and Settings\Juan\Dados de aplicativos\Gizmo5
2008-03-15 13:46 . 2008-03-15 20:27 <DIR> d-------- C:\Temp\Fedora-8-dvd-x86_64
2008-03-12 17:40 . 2008-03-12 17:40 <DIR> d-------- C:\Arquivos de programas\DekovSoft
2008-03-12 17:34 . 2008-03-12 17:34 <DIR> d-------- C:\WINDOWS\Problems
2008-03-12 17:34 . 2008-03-12 17:34 3,120 --a------ C:\WINDOWS\Y8CAEBJ5.ocx
2008-03-12 17:34 . 2008-03-12 17:34 3,120 --a------ C:\WINDOWS\system32\I9EYCMH4.ocx
2008-03-12 17:34 . 2008-03-12 17:39 6 --a------ C:\WINDOWS\WinPAT.dat
2008-03-10 10:01 . 2008-03-10 10:01 <DIR> d-------- C:\Documents and Settings\Juan\Dados de aplicativos\DivX
2008-03-06 19:03 . 2008-03-06 19:03 <DIR> d-------- C:\cps_rio_07_files
2008-03-06 19:03 . 2008-03-06 19:03 5,624 --a------ C:\cps_rio_07.htm
2008-03-06 18:00 . 2008-03-17 20:47 <DIR> d-------- C:\Documents and Settings\Juan\Dados de aplicativos\OpenOffice.org2
2008-03-05 17:16 . 2008-03-05 17:16 <DIR> d-------- C:\Documents and Settings\Juan\Dados de aplicativos\AdobeUM
2008-03-05 16:19 . 2008-03-05 16:19 <DIR> d-------- C:\Documents and Settings\Juan\Dados de aplicativos\vlc
2008-03-05 16:16 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-03-05 16:16 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-03-05 16:16 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-03-04 20:49 . 2008-03-04 20:50 <DIR> d-------- C:\Arquivos de programas\WikiMonitor
2008-03-04 20:20 . 2008-03-04 20:20 <DIR> d-------- C:\Arquivos de programas\Windows Live
2008-03-04 20:20 . 2008-03-04 20:20 <DIR> d--hsc--- C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller
2008-03-04 20:19 . 2008-03-04 20:19 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller
2008-03-04 19:09 . 2008-03-05 20:45 <DIR> d-------- C:\Documents and Settings\Juan\Dados de aplicativos\uTorrent
2008-03-02 12:27 . 2008-03-02 12:27 <DIR> d---s---- C:\Documents and Settings\Juan\UserData
2008-03-02 12:07 . 2004-08-03 23:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-03-02 12:07 . 2004-08-03 23:08 25,600 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
2008-03-02 12:06 . 1998-10-02 20:00 327,168 --a------ C:\WINDOWS\IsUninst.exe
2008-02-29 13:50 . 2008-03-02 12:09 <DIR> d-------- C:\Documents and Settings\Juan\Dados de aplicativos\Winamp
2008-02-29 13:49 . 2008-03-02 11:58 <DIR> d-------- C:\Documents and Settings\Juan\Contacts
2008-02-29 13:46 . 2007-08-02 18:26 <DIR> d--h----- C:\Documents and Settings\Juan\Modelos
2008-02-29 13:46 . 2008-03-04 19:10 <DIR> dr------- C:\Documents and Settings\Juan\Meus documentos
2008-02-29 13:46 . 2007-08-02 15:18 <DIR> dr------- C:\Documents and Settings\Juan\Menu Iniciar
2008-02-29 13:46 . 2008-02-29 13:47 <DIR> dr------- C:\Documents and Settings\Juan\Favoritos
2008-02-29 13:46 . 2008-03-15 23:55 <DIR> dr-h----- C:\Documents and Settings\Juan\Dados de aplicativos
2008-02-29 13:46 . 2008-03-20 09:54 <DIR> d--h----- C:\Documents and Settings\Juan\Configura‡äes locais
2008-02-29 13:46 . 2008-03-05 18:25 <DIR> d--h----- C:\Documents and Settings\Juan\Ambiente de rede
2008-02-29 13:46 . 2007-08-02 15:18 <DIR> d--h----- C:\Documents and Settings\Juan\Ambiente de impressÆo
2008-02-29 13:46 . 2004-08-03 21:45 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-02-28 18:01 . 2008-02-28 18:01 <DIR> d-------- C:\Temp\Sam Kininger - Funk is as funk does (feat. Fred Wesley + members of Soulive an Lettuce)
2008-02-25 21:45 . 2008-02-25 22:01 <DIR> d-------- C:\Temp\HD Juan
2008-02-24 22:24 . 2008-02-24 22:55 <DIR> d-------- C:\Documents and Settings\Sol\Dados de aplicativos\Notepad++
2008-02-24 22:24 . 2008-02-24 22:24 <DIR> d-------- C:\Arquivos de programas\Notepad++
2008-02-22 00:15 . 2008-02-22 00:15 <DIR> d-------- C:\Temp\Overtures - The Greatest Hits

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-19 00:59 --------- d-----w C:\Arquivos de programas\eMule
2008-03-15 19:51 --------- d-----w C:\Documents and Settings\Sol\Dados de aplicativos\uTorrent
2008-03-15 16:48 --------- d-----w C:\Arquivos de programas\Java
2008-03-15 05:39 --------- d-----w C:\Documents and Settings\Sol\Dados de aplicativos\.purple
2008-03-15 03:38 --------- d-----w C:\Documents and Settings\Sol\Dados de aplicativos\Winamp
2008-03-14 21:44 --------- d-----w C:\Arquivos de programas\Winamp
2008-03-13 00:05 --------- d-----w C:\Documents and Settings\Sol\Dados de aplicativos\OpenOffice.org2
2008-03-10 13:29 --------- d-----w C:\Documents and Settings\Lego\Dados de aplicativos\OpenOffice.org2
2008-03-07 23:35 --------- d-----w C:\Documents and Settings\Sol\Dados de aplicativos\gtk-2.0
2008-03-04 23:21 --------- d-----w C:\Arquivos de programas\MSN Messenger
2008-02-29 17:01 --------- d-----w C:\Arquivos de programas\Skype
2008-02-27 01:18 --------- d-----w C:\Documents and Settings\Sol\Dados de aplicativos\Skype
2008-02-15 22:00 --------- d-----w C:\Arquivos de programas\Pidgin
2008-02-15 22:00 --------- d-----w C:\Arquivos de programas\Aspell
2008-02-15 21:59 --------- d-----w C:\Arquivos de programas\Arquivos comuns\GTK
2008-02-13 04:15 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information
2008-01-31 00:36 --------- d-----w C:\Documents and Settings\Sol\Dados de aplicativos\Media Player Classic
2008-01-31 00:35 --------- d-----w C:\Arquivos de programas\Combined Community Codec Pack
2008-01-29 23:56 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin
2008-01-27 04:42 --------- d-----w C:\Documents and Settings\Sol\Dados de aplicativos\dvdcss
2008-01-23 00:43 --------- d-----w C:\Arquivos de programas\Macromedia
2008-01-23 00:43 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Macromedia
.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="C:\Arquivos de programas\Ahead\Nero BackItUp\NBJ.exe" [2005-02-10 17:00 1937408]
"MsnMsgr"="C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.exe" [2008-03-05 17:13 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 19:32 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 19:32 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 19:32 455168]
"nTrayFw"="C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2006-06-23 01:07 704512]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 15:21 61952 C:\WINDOWS\system32\HdAShCut.exe]
"SoundMAXPnP"="C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe" [2005-05-19 22:11 925696]
"SoundMAX"="C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" [2005-09-07 15:35 716800]
"AsusStartupHelp"="C:\Arquivos de programas\ASUS\AASP\1.00.15\AsRunHelp.exe" [2006-11-14 03:25 363008]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43 8466432]
"nwiz"="nwiz.exe" [2007-06-29 00:43 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2007-06-29 00:43 81920 C:\WINDOWS\system32\nvmctray.dll]
"Acrobat Assistant 7.0"="C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 20:52 483328]
"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-20 09:53 75128]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"googletalk"="C:\Arquivos de programas\Google\Google Talk\googletalk.exe" [2007-01-01 18:22 3739648]
"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"UMonit"="C:\WINDOWS\system32\umonit.exe" [ ]

C:\Documents and Settings\Juan\Menu Iniciar\Programas\Inicializar\
OpenOffice.org 2.2.lnk - C:\Arquivos de programas\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 17:54:56 393216]

C:\Documents and Settings\Lego\Menu Iniciar\Programas\Inicializar\
OpenOffice.org 2.2.lnk - C:\Arquivos de programas\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 17:54:56 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Arquivos de programas\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"C:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=
"C:\\Arquivos de programas\\Google\\Google Talk\\googletalk.exe"=
"C:\\Jogos\\civ iv\\Warlords\\Civ4Warlords.exe"=
"C:\\Jogos\\civ iv\\Warlords\\Civ4Warlords_PitBoss.exe"=
"C:\\Jogos\\civ iv\\Beyond the Sword\\Civ4BeyondSword.exe"=
"C:\\Jogos\\civ iv\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=
"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

R3 fixustor;fixustor;C:\WINDOWS\system32\drivers\fixustor.sys [2005-05-23 05:39]
S1 srosa;Megadrv3;C:\WINDOWS\system32\drivers\srosa.sys []
S3 HWACCESS;HWACCESS;C:\WINDOWS\system32\HWACCESS.SYS [2007-09-17 16:48]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94f027de-4141-11dc-957e-001a92d2757b}]
\Shell\AutoRun\command - J:\StartPortableApps.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-20 10:00:58
Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso
Ficheiros ocultos: 0
**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"C:\Arquivos de programas\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"C:\Arquivos de programas\MySQL\MySQL Server 5.0\my.ini\" MySQL"
.
------------------------ Other Running Processes ------------------------
.
C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Arquivos de programas\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\msiexec.exe
C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
.
**************************************************************************
.
Tempo para conclusão: 2008-03-20 10:04:14 - machine was rebooted [Sol]
ComboFix-quarantined-files.txt 2008-03-20 13:04:11
.
2008-02-19 17:34:49 --- E O F ---