Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Infected with Spyware [RESOLVED]

Started by valent5 , Jul 26 2008 08:00 AM

  • This topic is locked This topic is locked

#1
valent5
Posted 26 July 2008 - 08:00 AM

valent5

    Member

  • Member
  • PipPip
  • 15 posts
:) Hello,

My desktop changed to this: "Warning! Spyware detected on your computer. Install an antivirus or spyware remover to clean your computer."

Plus i get regular popups and sometimes windows appear and tell me to download their antivirus and antispyware.

My antivirus detects spyware everytime i turn on my computer

I hope you can help me :)

Here is my Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:59:31, on 26-07-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\FICHEI~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\FICHEI~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Programas\Mozy\mozybackup.exe
C:\Programas\McAfee\MPF\MPFSrv.exe
C:\Programas\McAfee\MSK\MskSrver.exe
C:\Programas\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\PSIService.exe
c:\Programas\Ficheiros comuns\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programas\PC Connectivity Solution\ServiceLayer.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Programas\Mozy\mozybackup.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programas\CyberLink\PowerDVD\PDVDServ.exe
C:\Programas\Ficheiros comuns\PCSuite\DataLayer\DataLayer.exe
C:\Programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programas\Logitech\Video\LogiTray.exe
C:\Programas\Java\jre1.6.0_03\bin\jusched.exe
C:\Programas\SimpleCenter\bin\win\sclauncher.exe
C:\PROGRA~1\MYWEBS~1\bar\9.bin\m3SrchMn.exe
C:\PROGRA~1\MYWEBS~1\bar\9.bin\mwsoemon.exe
C:\Programas\QuickTime\QTTask.exe
C:\Programas\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\lphc1jtj0ep8v.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programas\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\Logitech\Video\FxSvr2.exe
C:\Programas\Yahoo!\Widgets\YahooWidgets.exe
C:\Programas\iPod\bin\iPodService.exe
C:\Programas\Yahoo!\Widgets\YahooWidgets.exe
C:\Programas\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Proprietário\Ambiente de trabalho\HiJackThis(2).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.imesh....ar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
R3 - URLSearchHook: (no name) - {ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Programas\MyWebSearch\SrchAstt\9.bin\MWSSRCAS.DLL
O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: {dfcfd723-78be-87da-86e4-0c5a1650def1} - {1fed0561-a5c0-4e68-ad78-eb87327dfcfd} - C:\WINDOWS\system32\eqrlyo.dll
O2 - BHO: (no name) - {213AD3F9-287E-42D0-92DE-F817ABC4C313} - C:\WINDOWS\system32\iifeeCRL.dll
O2 - BHO: (no name) - {6230596F-3A44-4CDF-815B-372FA03C75D6} - C:\WINDOWS\system32\vtUMfCSj.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programas\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programas\Windows Live Toolbar\msntb.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Programas\MyWebSearch\bar\9.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] C:\Programas\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [DataLayer] C:\Programas\Ficheiros comuns\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programas\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programas\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Programas\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [NSLauncher] C:\Programas\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [sclauncher] C:\Programas\SimpleCenter\bin\win\sclauncher.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programas\Ficheiros comuns\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\9.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\9.bin\mwsoemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programas\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [flag loud mp3 bore] C:\Documents and Settings\All Users\Application Data\Phone store flag loud\Anti proc.exe
O4 - HKLM\..\Run: [lphc1jtj0ep8v] C:\WINDOWS\system32\lphc1jtj0ep8v.exe
O4 - HKLM\..\Run: [7c7c398e] rundll32.exe "C:\WINDOWS\system32\geosntbl.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programas\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [MsgCenterExe] "C:\Programas\Ficheiros comuns\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Yahoo! Widgets.lnk = C:\Programas\Yahoo!\Widgets\YahooWidgets.exe
O8 - Extra context menu item: &Search - http://edits.mywebse...html?p=ZNfox000
O8 - Extra context menu item: &Windows Live Search - res://C:\Programas\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://C:\Programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Programas\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/b...lineScanner.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zon...wn.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1183658465531
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {F2D35D99-63B1-46D3-970C-6E22320D5DCB} (kSoloCntrlIE Class) - http://www.ksolo.com...kSoloIEHDSD.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHEI~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: vtUMfCSj - C:\WINDOWS\SYSTEM32\vtUMfCSj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Programas\Ares\chatServer.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Programas\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FICHEI~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHEI~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: Mozy Backup Service (mozybackup) - Unknown owner - C:\Programas\Mozy\mozybackup.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Programas\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Programas\McAfee\MSK\MskSrver.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programas\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programas\Ficheiros comuns\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Programas\Ficheiros comuns\Protexis\License Service\PsiService_2.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programas\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 12249 bytes
  • 0

Advertisements

#2
Rorschach112
Posted 26 July 2008 - 09:00 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please download SmitfraudFix (by S!Ri) to your Desktop.

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.


Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlog...processutil.htm





Please download Runscanner to your desktop and run it.
  • When the first page comes up select Beginner Mode
  • On the next page select Save a binary .Run file (Recommended) then click Start full scan at the top.
  • At this time Runscanner.exe may request access to the Internet through your firewall please allow it to do so, it will then run for two or three minutes.
  • On completion it will ask for a location to save the file and a name. It will do this for both the .run file and the log file
  • Call the .run file "Select a name" and save it to your desktop. You will see the .run file on your desktop. Upload that file here. If the forum doesn't let you upload it then please zip the .run file by right clicking and selecting send to Zip file

Then upload that as an attachment in your next post (you may have to zip the .run file to upload it here).
  • 0

#3
valent5
Posted 26 July 2008 - 12:17 PM

valent5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Thanks for replying Rorschach112 :)


Here are my logs (since you asked me to attach one of them, i attached both)

Here's my Smitfraud log:

SmitFraudFix v2.331

Scan done at 18:50:36,23, 26-07-2008
Run from C:\Documents and Settings\Propriet rio\Ambiente de trabalho\SmitfraudFix
OS: Microsoft Windows XP [VersÆo 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\FICHEI~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\FICHEI~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Programas\Mozy\mozybackup.exe
C:\Programas\McAfee\MPF\MPFSrv.exe
C:\Programas\McAfee\MSK\MskSrver.exe
C:\Programas\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\PSIService.exe
c:\Programas\Ficheiros comuns\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programas\PC Connectivity Solution\ServiceLayer.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Programas\Mozy\mozybackup.exe
C:\Programas\iPod\bin\iPodService.exe
C:\Programas\Mozy\mozybackup.exe
C:\Programas\Ficheiros comuns\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\winlogon.exe
C:\Programas\Mozy\mozybackup.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programas\CyberLink\PowerDVD\PDVDServ.exe
C:\Programas\Ficheiros comuns\PCSuite\DataLayer\DataLayer.exe
C:\Programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programas\Logitech\Video\LogiTray.exe
C:\Programas\Java\jre1.6.0_03\bin\jusched.exe
C:\Programas\SimpleCenter\bin\win\sclauncher.exe
C:\PROGRA~1\MYWEBS~1\bar\9.bin\m3SrchMn.exe
C:\PROGRA~1\MYWEBS~1\bar\9.bin\mwsoemon.exe
C:\Programas\QuickTime\QTTask.exe
C:\Programas\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\lphc1jtj0ep8v.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\Internet Explorer\IEXPLORE.EXE
C:\Programas\Yahoo!\Widgets\YahooWidgets.exe
C:\Programas\Logitech\Video\FxSvr2.exe
C:\Programas\Yahoo!\Widgets\YahooWidgets.exe
C:\Programas\Mozilla Firefox\firefox.exe
c:\PROGRA~1\mcafee\msc\mcupdui.exe
C:\Documents and Settings\Proprietário\Ambiente de trabalho\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee\MSC\Updates\Installs\1\msk\mcinst.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Propriet rio


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Propriet rio\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\PROPRI~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Programas


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: VIA Compatable Fast Ethernet Adapter - Miniport do agendador de pacotes
DNS Server Search Order: 213.190.195.79
DNS Server Search Order: 213.190.195.80
DNS Server Search Order: 213.190.195.81

HKLM\SYSTEM\CCS\Services\Tcpip\..\{74E5712A-F677-4B0C-B128-C3182A32F528}: DhcpNameServer=213.190.195.79 213.190.195.80 213.190.195.81
HKLM\SYSTEM\CS1\Services\Tcpip\..\{74E5712A-F677-4B0C-B128-C3182A32F528}: DhcpNameServer=213.190.195.79 213.190.195.80 213.190.195.81
HKLM\SYSTEM\CS2\Services\Tcpip\..\{74E5712A-F677-4B0C-B128-C3182A32F528}: DhcpNameServer=213.190.195.79 213.190.195.80 213.190.195.81
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=213.190.195.79 213.190.195.80 213.190.195.81
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=213.190.195.79 213.190.195.80 213.190.195.81
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=213.190.195.79 213.190.195.80 213.190.195.81


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End






And here's my runscanner log:


Runscanner logfile http://www.runscanner.net

* = signed file
- = file not found

000 General info
----------------
Computer name : HIGHSCRE-964DEA
Creation time : 26-07-2008 18:57:03
Hosts <> 127.0.0.1 : 0
Hosts file location : %SystemRoot%\System32\drivers\etc
IE version : 7.0.5730.11
OS : Microsoft Windows XP
OS Build : 2600
OS SP : Service Pack 2
RunScanner Version : 1.6.3.0
User Language : Português (Portugal)
User rights : Administrator
Windows folder : C:\WINDOWS

001 Running processes
---------------------
c:\windows\system32\winlogon.exe (Microsoft Corporation)
c:\windows\system32\winlogon.exe (Microsoft Corporation)
* c:\windows\system32\services.exe (Microsoft Corporation)
c:\programas\ficheiros comuns\apple\mobile device support\bin\applemobiledeviceservice.exe (Apple, Inc.)
* c:\windows\system32\alg.exe (Microsoft Corporation)
* c:\windows\notepad.exe (Microsoft Corporation)
* c:\windows\system32\csrss.exe (Microsoft Corporation)
* c:\windows\system32\csrss.exe (Microsoft Corporation)
c:\windows\system32\ctsvccda.exe (Creative Technology Ltd)
* c:\windows\system32\ctfmon.exe (Microsoft Corporation)
* c:\windows\system32\ctfmon.exe (Microsoft Corporation)
c:\programas\ficheiros comuns\pcsuite\datalayer\datalayer.exe (Nokia Mobile Phones Ltd.)
c:\programas\ficheiros comuns\pcsuite\datalayer\datalayer.exe (Nokia Mobile Phones Ltd.)
* c:\windows\system32\rundll32.exe (Microsoft Corporation)
* c:\windows\system32\rundll32.exe (Microsoft Corporation)
* c:\windows\explorer.exe (Microsoft Corporation)
* c:\windows\explorer.exe (Microsoft Corporation)
* c:\programas\mozilla firefox\firefox.exe (Mozilla Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
c:\programas\logitech\video\logitray.exe (Logitech Inc.)
c:\programas\logitech\video\logitray.exe (Logitech Inc.)
* c:\programas\internet explorer\iexplore.exe (Microsoft Corporation)
* c:\programas\internet explorer\iexplore.exe (Microsoft Corporation)
* c:\programas\ipod\bin\ipodservice.exe (Apple Inc.)
* c:\programas\itunes\ituneshelper.exe (Apple Inc.)
* c:\programas\itunes\ituneshelper.exe (Apple Inc.)
* c:\programas\java\jre1.6.0_03\bin\jusched.exe (Sun Microsystems, Inc.)
c:\programas\nokia\nokia pc suite 6\launchapplication.exe (Nokia)
c:\programas\nokia\nokia pc suite 6\launchapplication.exe (Nokia)
c:\windows\system32\lphc1jtj0ep8v.exe
* c:\windows\system32\lsass.exe (Microsoft Corporation)
c:\programas\ficheiros comuns\lightscribe\lssrvc.exe (Hewlett-Packard Company)
c:\windows\system32\lvcomsx.exe (Logitech Inc.)
c:\windows\system32\lvcomsx.exe (Logitech Inc.)
* c:\programas\mcafee\msk\msksrver.exe (McAfee, Inc.)
* c:\progra~1\mcafee.com\agent\mcagent.exe (McAfee, Inc.)
* c:\progra~1\mcafee.com\agent\mcagent.exe (McAfee, Inc.)
* c:\progra~1\fichei~1\mcafee\mna\mcnasvc.exe (McAfee, Inc.)
* c:\programas\mcafee\mpf\mpfsrv.exe (McAfee, Inc.)
* c:\progra~1\fichei~1\mcafee\mcproxy\mcproxy.exe (McAfee, Inc.)
* c:\progra~1\mcafee\msc\mcmscsvc.exe (McAfee, Inc.)
* c:\progra~1\mcafee\viruss~1\mcsysmon.exe (McAfee, Inc.)
* c:\progra~1\mcafee\msc\mcupdmgr.exe (McAfee, Inc.)
* c:\programas\mozy\mozybackup.exe
* c:\programas\mozy\mozybackup.exe
* c:\programas\mozy\mozybackup.exe
* c:\programas\mozy\mozybackup.exe
c:\progra~1\mywebs~1\bar\9.bin\mwsoemon.exe (MyWebSearch.com)
c:\progra~1\mywebs~1\bar\9.bin\mwsoemon.exe (MyWebSearch.com)
c:\progra~1\mywebs~1\bar\9.bin\m3srchmn.exe (MyWebSearch.com)
c:\progra~1\mywebs~1\bar\9.bin\m3srchmn.exe (MyWebSearch.com)
* c:\programas\nero\nero8\nero backitup\nbkeyscan.exe (Nero AG)
* c:\programas\nero\nero8\nero backitup\nbservice.exe (Nero AG)
* c:\programas\ficheiros comuns\nero\lib\nmindexstoresvr.exe (Nero AG)
* c:\programas\ficheiros comuns\nero\lib\nmindexingservice.exe (Nero AG)
* c:\programas\ficheiros comuns\nero\lib\nmbgmonitor.exe (Nero AG)
c:\programas\nokia\nokia software launcher\nslauncher.exe
* c:\windows\system32\psiservice.exe
* c:\progra~1\mcafee\viruss~1\mcshield.exe (McAfee, Inc.)
* c:\windows\system32\pnkbstra.exe
* c:\windows\system32\pnkbstrb.exe
c:\programas\cyberlink\powerdvd\pdvdserv.exe (Cyberlink Corp.)
c:\programas\cyberlink\powerdvd\pdvdserv.exe (Cyberlink Corp.)
* c:\programas\ficheiros comuns\protexis\license service\psiservice_2.exe (Protexis Inc.)
c:\programas\logitech\video\fxsvr2.exe (Logitech Inc.)
c:\programas\logitech\video\fxsvr2.exe (Logitech Inc.)
c:\programas\quicktime\qttask.exe (Apple Inc.)
c:\programas\quicktime\qttask.exe (Apple Inc.)
* c:\windows\soundman.exe (Realtek Semiconductor Corp.)
* c:\windows\soundman.exe (Realtek Semiconductor Corp.)
* c:\documents and settings\proprietário\ambiente de trabalho\runscanner.exe (Runscanner.net)
c:\programas\pc connectivity solution\servicelayer.exe (Nokia.)
* c:\windows\system32\wbem\wmiapsrv.exe (Microsoft Corporation)
c:\programas\simplecenter\bin\win\sclauncher.exe (Universal Electronics Inc.)
c:\programas\simplecenter\bin\win\sclauncher.exe (Universal Electronics Inc.)
* c:\windows\system32\spoolsv.exe (Microsoft Corporation)
c:\programas\creative\sync manager unicode\ctsyncu.exe
* c:\programas\windows live\messenger\msnmsgr.exe (Microsoft Corporation)
* c:\programas\messenger\msmsgs.exe (Microsoft Corporation)
* c:\windows\system32\smss.exe (Microsoft Corporation)
* c:\windows\system32\wscntfy.exe (Microsoft Corporation)
* c:\windows\system32\wscntfy.exe (Microsoft Corporation)
c:\programas\yahoo!\widgets\yahoowidgets.exe (Yahoo! Inc.)
c:\programas\yahoo!\widgets\yahoowidgets.exe (Yahoo! Inc.)

002 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (+subkeys)
-----------------------------------------------------------------
c:\windows\system32\xhqopmja.dll
c:\programas\ficheiros comuns\pcsuite\datalayer\datalayer.exe (Nokia Mobile Phones Ltd.)
c:\documents and settings\all users\application data\phone store flag loud\anti proc.exe
* c:\programas\itunes\ituneshelper.exe (Apple Inc.)
c:\programas\logitech\video\isstart.exe (Logitech Inc.)
c:\programas\logitech\video\logitray.exe (Logitech Inc.)
c:\windows\system32\lphc1jtj0ep8v.exe
c:\windows\system32\lvcomsx.exe (Logitech Inc.)
* c:\programas\mcafee.com\agent\mcagent.exe (McAfee, Inc.)
* c:\progra~1\mcafee\mhn\mcenui.exe (McAfee, Inc.)
c:\progra~1\mywebs~1\bar\9.bin\m3srchmn.exe (MyWebSearch.com)
c:\progra~1\mywebs~1\bar\9.bin\mwsoemon.exe (MyWebSearch.com)
* c:\programas\nero\nero8\nero backitup\nbkeyscan.exe (Nero AG)
c:\programas\nokia\nokia software launcher\nslauncher.exe
c:\programas\nokia\nokia pc suite 6\launchapplication.exe (Nokia)
c:\programas\quicktime\qttask.exe (Apple Inc.)
c:\programas\cyberlink\powerdvd\pdvdserv.exe (Cyberlink Corp.)
c:\programas\simplecenter\bin\win\sclauncher.exe (Universal Electronics Inc.)

003 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (+subkeys)
-----------------------------------------------------------------
c:\programas\logitech\video\manifestengine.exe (Logitech Inc.)
- c:\programas\ficheiros comuns\real\update_ob\realonemessagecenter.exe

004 C:\Documents and Settings\Proprietário\Menu Iniciar\Programas\Arranque
--------------------------------------------------------------------------
c:\progra~1\yahoo!\widgets\yahoow~1.exe (Yahoo! Inc.)

010 HKLM\SYSTEM\CurrentControlSet\Services (Services)
-----------------------------------------------------
c:\programas\ficheiros comuns\apple\mobile device support\bin\applemobiledeviceservice.exe (Apple Mobile Device)
c:\programas\ares\chatserver.exe (Ares Chatroom server)
c:\windows\system32\ctsvccda.exe (Creative Service for CDROM Access)
c:\programas\ficheiros comuns\installshield\driver\11\intel 32\idrivert.exe (InstallDriver Table Manager)
c:\programas\ficheiros comuns\lightscribe\lssrvc.exe (LightScribeService Direct Disc Labeling Service)
* c:\programas\mcafee\msk\msksrver.exe (McAfee Anti-Spam Service)
* c:\windows\temp\022850~1.exe (McAfee Application Installer Cleanup (0228501217094670))
* c:\progra~1\fichei~1\mcafee\mna\mcnasvc.exe (McAfee Network Agent)
* c:\programas\mcafee\mpf\mpfsrv.exe (McAfee Personal Firewall Service)
* c:\progra~1\fichei~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service)
* c:\progra~1\mcafee\viruss~1\mcshield.exe (McAfee Real-time Scanner)
* c:\progra~1\mcafee\viruss~1\mcods.exe (McAfee Scanner)
* c:\progra~1\mcafee\msc\mcmscsvc.exe (McAfee Services)
* c:\progra~1\mcafee\viruss~1\mcsysmon.exe (McAfee SystemGuards)
* c:\programas\mozy\mozybackup.exe (Mozy Backup Service)
* c:\programas\nero\nero8\nero backitup\nbservice.exe (Nero BackItUp Scheduler 3)
* c:\programas\ficheiros comuns\nero\lib\nmindexingservice.exe (NMIndexingService)
* c:\windows\system32\pnkbstra.exe (PnkBstrA)
* c:\windows\system32\pnkbstrb.exe (PnkBstrB)
* c:\programas\ficheiros comuns\protexis\license service\psiservice_2.exe (Protexis Licensing V2)
* c:\windows\system32\psiservice.exe (ProtexisLicensing)
c:\programas\pc connectivity solution\servicelayer.exe (ServiceLayer)
* c:\programas\ipod\bin\ipodservice.exe (Serviço iPod)
c:\windows\microsoft.net\framework\v3.0\windows communication foundation\infocard.exe (Windows CardSpace)

011 HKLM\SYSTEM\CurrentControlSet\Services (drivers)
----------------------------------------------------
- c:\windows\system32\drivers\ahecd1xz.sys (ahecd1xz)
c:\windows\system32\drivers\aspi32.sys (Aspi32)
c:\windows\system32\drivers\avgclean.sys (AVG Clean Driver)
- c:\windows\system32\drivers\changer.sys (Changer)
* C:\WINDOWS\system32\drivers\gearaspiwdm.sys (GEARAspiWDM)
- d:\install\gmsipci.sys (GMSIPCI)
- c:\windows\system32\drivers\i2omgmt.sys (i2omgmt)
- c:\windows\system32\drivers\lbrtfdc.sys (lbrtfdc)
* C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee Inc. mfeavfk)
* C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee Inc. mfebopk)
* C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee Inc. mfehidk)
* C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee Inc. mferkdk)
* C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee Inc. mfesmfk)
* C:\WINDOWS\system32\drivers\mozy.sys (mozyFilter)
* C:\WINDOWS\system32\drivers\mpfp.sys (MPFP)
- d:\ntaccess.sys (NTACCESS)
- c:\windows\system32\drivers\pcidump.sys (PCIDump)
- c:\windows\system32\drivers\pdcomp.sys (PDCOMP)
- c:\windows\system32\drivers\pdframe.sys (PDFRAME)
- c:\windows\system32\drivers\pdreli.sys (PDRELI)
- c:\windows\system32\drivers\pdrframe.sys (PDRFRAME)
* c:\windows\system32\drivers\pnkbstrk.sys (PnkBstrK)
C:\WINDOWS\system32\drivers\pxhelp20.sys (PxHelp20)
- d:\ntglm7x.sys (SetupNTGLM7X)
C:\WINDOWS\system32\drivers\sptd.sys (sptd)
C:\WINDOWS\system32\drivers\sfdrv01.sys (StarForce Protection Environment Driver (version 1.x))
C:\WINDOWS\system32\drivers\sfhlp02.sys (StarForce Protection Helper Driver (version 2.x))
C:\WINDOWS\system32\drivers\sfvfs02.sys (StarForce Protection VFS Driver (version 2.x))
- c:\windows\system32\drivers\wdica.sys (WDICA)

040 HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks
------------------------------------------------------------
c:\programas\mywebsearch\srchastt\9.bin\mwssrcas.dll (MyWebSearch.com) {00A6FAF6-072E-44cf-8957-5838F569A31D}

041 HKLM-HKCU\Software\Microsoft\Internet Explorer\Toolbar
----------------------------------------------------------
c:\programas\mywebsearch\bar\9.bin\mwsbar.dll (MyWebSearch.com) {07B18EA9-A523-4961-B6BB-170DE4475CCA}

045 HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
----------------------------------------------------------------
c:\programas\mywebsearch\bar\9.bin\mwsbar.dll (MyWebSearch.com) {07B18EA9-A523-4961-B6BB-170DE4475CCA}

050 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
-----------------------------------------------------------------------------
c:\windows\system32\vtumfcsj.dll {6230596F-3A44-4CDF-815B-372FA03C75D6}

052 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
----------------------------------------------------------------------------------
GUID / CLSID not found {00A6FAF1-072E-44cf-8957-5838F569A31D}
c:\windows\system32\iifeecrl.dll {213AD3F9-287E-42D0-92DE-F817ABC4C313}
c:\windows\system32\qzyojy.dll {af6c5bc1-5833-4120-a569-2996cbcaeb78}
c:\windows\system32\vtumfcsj.dll {6230596F-3A44-4CDF-815B-372FA03C75D6}

061 HKLM-HCKU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
---------------------------------------------------------------------------------
c:\progra~1\getdata\burnmy~1\burnmy~1.dll (GetData Pty Ltd) {329E4C0E-9B95-4EA9-83AF-5B6FBD190477}
- deskpan.dll {42071714-76d4-11d1-8b24-00a0c9068ff3}
* c:\programas\ficheiros comuns\corel\shared\shell extension\shellxp.dll (Corel Corporation) {DE902992-61FC-4A01-8091-53E1895C9775}
* c:\programas\ficheiros comuns\corel\shared\shell extension\shellxp.dll (Corel Corporation) {F9633464-9E18-4C06-9D3A-E131C036A9FA}
* c:\programas\ficheiros comuns\corel\shared\shell extension\shellxp.dll (Corel Corporation) {7DDDBFE0-09C4-4680-9E13-8CE7D00EDE57}
* c:\programas\ficheiros comuns\corel\shared\shell extension\shellxp.dll (Corel Corporation) {1462EBAA-96E7-4D93-9A66-0E4068DE4FCF}
* c:\programas\ficheiros comuns\corel\shared\shell extension\shellxp.dll (Corel Corporation) {DE902994-61FC-4A01-8091-53E1895C9775}
* c:\programas\ficheiros comuns\corel\shared\shell extension\shellxp.dll (Corel Corporation) {7DDDBFE2-09C4-4680-9E13-8CE7D00EDE57}
* c:\programas\ficheiros comuns\corel\shared\shell extension\shellxp.dll (Corel Corporation) {1462EBAC-96E7-4D93-9A66-0E4068DE4FCF}
c:\programas\nokia\nokia pc suite 6\contactview.dll (Nokia) {FBFE7864-D495-41f0-B7DC-4BB601CC295E}
* c:\programas\ficheiros comuns\corel\shared\shell extension\shellxp.dll (Corel Corporation) {DE902993-61FC-4A01-8091-53E1895C9775}
* c:\programas\ficheiros comuns\corel\shared\shell extension\shellxp.dll (Corel Corporation) {F9633465-9E18-4C06-9D3A-E131C036A9FA}
* c:\programas\ficheiros comuns\corel\shared\shell extension\shellxp.dll (Corel Corporation) {7DDDBFE1-09C4-4680-9E13-8CE7D00EDE57}
* c:\programas\ficheiros comuns\corel\shared\shell extension\shellxp.dll (Corel Corporation) {1462EBAB-96E7-4D93-9A66-0E4068DE4FCF}
c:\programas\deskshare\digital media converter\dsshellexthandler.dll (DeskShare) {2C537739-793D-4214-9CF6-1371C4F1B1EB}
- c:\windows\system32\hticons.dll {88895560-9AA2-1069-930E-00AA0030EBC8}
c:\programas\haali\matroskasplitter\mmfinfo.dll {0561EC90-CE54-4f0c-9C55-E226110A740C}
* c:\programas\itunes\itunesminiplayer.dll (Apple Inc.) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}
c:\programas\nokia\nokia pc suite 6\messageview.dll (Nokia) {C0C4375A-5B72-4efe-929D-3B848C3A1E91}
* c:\programas\mozy\mozyshell.dll {B32A6748-F273-4546-B60A-3C5ADC239DE5}
* c:\programas\mozy\mozyshell.dll {747E722C-CB46-4A9D-BDFE-192AAD5099B1}
* c:\programas\mozy\mozyshell.dll {EE6F5A00-7898-40F7-AB77-51FF9D6DEB20}
* c:\programas\mozy\mozyshell.dll {B6B69199-ACA1-4CC4-A7E3-3DC9AEC7B947}
c:\programas\logitech\video\namespc2.dll (Logitech Inc.) {400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}
* c:\programas\nero\nero8\nero coverdesigner\coveredextension.dll (Nero AG) {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}
c:\programas\openoffice.org 2.2\program\shlxthdl.dll (Sun Microsystems, Inc.) {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}
c:\programas\openoffice.org 2.2\program\shlxthdl.dll (Sun Microsystems, Inc.) {087B3AE3-E237-4467-B8DB-5A38AB959AC9}
c:\programas\openoffice.org 2.2\program\shlxthdl.dll (Sun Microsystems, Inc.) {63542C48-9552-494A-84F7-73AA6A7C99C1}
c:\programas\openoffice.org 2.2\program\shlxthdl.dll (Sun Microsystems, Inc.) {3B092F0C-7696-40E3-A80F-68D74DA84210}
c:\programas\nokia\nokia pc suite 6\phonebrowser.dll (Nokia) {416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}
c:\windows\system32\b4fm.dll {1C311AAA-D8B1-4A0A-BEE5-2387FEC583DA}
* c:\programas\smartftp client\sfshelltools.dll (SmartSoft Ltd) {F87DED31-303F-4ED1-9BCE-D360FBC74E0A}
* c:\programas\smartftp client\smarthook.dll (SmartSoft Ltd.) {B8323370-FF27-11D2-97B6-204C4F4F5020}
* c:\programas\smartftp client\sfshelltools.dll (SmartSoft Ltd) {EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD}
* c:\programas\smartftp client\sffavoritesshellextension.dll (SmartSoft Ltd.) {39DD67E0-73B6-4a11-AF55-49E1EBBF72BE}
* c:\programas\smartftp client\sfshelltools.dll (SmartSoft Ltd) {40FDFA48-5F4E-4627-A78E-6A49A3D4492F}
c:\progra~1\coreco~1\thecor~1\system\coresh~1.cll {516EC4D3-4AD9-11D5-AA6A-00E0189008B3}
c:\programas\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
c:\programas\creative\creative zen v series (r2)\zen v series media explorer\shctmtp.dll (Creative Technology Ltd) {24849E2F-0A86-40CD-A62A-B12F161882DB}

062 HKLM-HKCU\Software\Classes\Folder\Shellex\ColumnHandlers
------------------------------------------------------------
c:\programas\haali\matroskasplitter\mmfinfo.dll {0561EC90-CE54-4f0c-9C55-E226110A740C}
c:\programas\ficheiros comuns\adobe\acrobat\activex\pdfshell.dll (Adobe Systems, Inc.) {F9DB5320-233E-11D1-9F84-707F02C10627}
c:\programas\openoffice.org 2.2\program\shlxthdl.dll (Sun Microsystems, Inc.) {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}
* c:\programas\ficheiros comuns\corel\shared\shell extension\shellxp.dll (Corel Corporation) {8EF5DC20-419C-4E43-A088-DE5B5625CA47}

067 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
---------------------------------------------------------------------
C:\WINDOWS\system32\vtumfcsj.dll

070 HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages
---------------------------------------------------------------------
c:\windows\system32\iifeecrl.dll

073 %windir%\Tasks
------------------
A5722C349195A36C.job : c:\docume~1\laidinha\applic~1\thirdone\ace admin four.exe
AppleSoftwareUpdate.job : c:\programas\apple software update\softwareupdate.exe (Apple Inc.)
McAfee AntiSpyware.job : c:\progra~1\mcafee\mcafee~1\mascon.exe
McDefragTask.job : c:\progra~1\mcafee\mqc\qcconsol.exe (McAfee, Inc.)
McQcTask.job : c:\progra~1\mcafee\mqc\qcconsol.exe (McAfee, Inc.)

100 Internet Explorer settings
------------------------------
SearchUrl HKCU : http://home.microsof...search.asp?p=%s

104 HKLM\Software\Microsoft\Code Store Database\Distribution Units
------------------------------------------------------------------
* c:\windows\system32\mcinsctl.dll (McAfee, Inc) {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
c:\windows\system32\online~1.ocx (Eset) {56762DEC-6B0D-4AB4-A8AD-989993B5D08B}
c:\windows\downloaded program files\ksoloclientie.ocx (kSolo.com) {F2D35D99-63B1-46D3-970C-6E22320D5DCB}

105 HKCU\Software\Microsoft\Internet Explorer\MenuExt
-----------------------------------------------------
&Search : http://edits.mywebse...html?p=ZNfox000
&Windows Live Search : res://C:\Programas\Windows Live Toolbar\msntb.dll/search.htm
Add to Windows &Live Favorites : http://favorites.liv...m/quickadd.aspx
E&xportar para o Microsoft Excel : res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
Translate with &Babylon : res://C:\Programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm

170 HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
------------------------------------------------------------------------
{b634ba90-dfb9-11dc-be37-0019db6ad791} : RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise.exe
{bd1ab6ca-2b0d-11dc-9f78-0019db6ad791} : E:\LaunchU3.exe -a

171 HKCU\Control Panel\Desktop\SCRNSAVE.EXE
-------------------------------------------
- c:\windows\system32\blphc1jtj0ep8v.scr

173 HKCR\*\shellex\ContextMenuHandlers
--------------------------------------
* c:\programas\nero\nero8\nero coverdesigner\coveredextension.dll (Nero AG) {73FCA462-9BD5-4065-A73F-A8E5F6904EF7}
c:\progra~1\creative\shared~1\ctcmectx.dll (Creative Technology Ltd) {7895F317-A125-42CC-BD3E-5830765CE577}
* c:\progra~1\mcafee\viruss~1\mcctxmnu.dll (McAfee, Inc.) {01576F39-90DE-4D6E-A068-5B20C22BAAEE}
* c:\programas\nero\nero8\nero backitup\nbshell.dll (Nero AG)
* c:\programas\smartftp client\sfshelltools.dll (SmartSoft Ltd) {F87DED31-303F-4ED1-9BCE-D360FBC74E0A}
c:\programas\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}

221 HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers
-------------------------------------------------------
* c:\programas\nero\nero8\nero coverdesigner\coveredextension.dll (Nero AG) {73FCA462-9BD5-4065-A73F-A8E5F6904EF7}
c:\progra~1\creative\shared~1\ctcmectx.dll (Creative Technology Ltd) {7895F317-A125-42CC-BD3E-5830765CE577}
* c:\progra~1\mcafee\viruss~1\mcctxmnu.dll (McAfee, Inc.) {01576F39-90DE-4D6E-A068-5B20C22BAAEE}
* c:\programas\nero\nero8\nero backitup\nbshell.dll (Nero AG)
* c:\programas\smartftp client\sfshelltools.dll (SmartSoft Ltd) {F87DED31-303F-4ED1-9BCE-D360FBC74E0A}
c:\programas\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}

223 HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers
--------------------------------------------------------------------------
c:\progra~1\getdata\burnmy~1\burnmy~1.dll (GetData Pty Ltd) {329E4C0E-9B95-4EA9-83AF-5B6FBD190477}
* c:\programas\mozy\mozyshell.dll {B32A6748-F273-4546-B60A-3C5ADC239DE5}
c:\windows\system32\b4fm.dll {1C311AAA-D8B1-4A0A-BEE5-2387FEC583DA}

225 HKCU\Software\Classes\Folder\ShellEx\ContextMenuHandlers
------------------------------------------------------------
GUID / CLSID not found {967B2D40-8B7D-4127-9049-61EA0C2C6DCE}
GUID / CLSID not found {967B2D40-8B7D-4127-9049-61EA0C2C6DCE}
c:\progra~1\creative\shared~1\ctcmectx.dll (Creative Technology Ltd) {7895F317-A125-42CC-BD3E-5830765CE577}
c:\progra~1\creative\shared~1\ctcmectx.dll (Creative Technology Ltd) {7895F317-A125-42CC-BD3E-5830765CE577}
* c:\progra~1\mcafee\viruss~1\mcctxmnu.dll (McAfee, Inc.) {01576F39-90DE-4D6E-A068-5B20C22BAAEE}
* c:\progra~1\mcafee\viruss~1\mcctxmnu.dll (McAfee, Inc.) {01576F39-90DE-4D6E-A068-5B20C22BAAEE}
* c:\programas\mozy\mozyshell.dll {B32A6748-F273-4546-B60A-3C5ADC239DE5}
* c:\programas\mozy\mozyshell.dll {B32A6748-F273-4546-B60A-3C5ADC239DE5}
* c:\programas\nero\nero8\nero backitup\nbshell.dll (Nero AG)
* c:\programas\nero\nero8\nero backitup\nbshell.dll (Nero AG)
c:\programas\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
c:\programas\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}

227 HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers
---------------------------------------------------------------
GUID / CLSID not found {967B2D40-8B7D-4127-9049-61EA0C2C6DCE}
c:\progra~1\coreco~1\thecor~1\system\coresh~1.cll {516EC4D3-4AD9-11D5-AA6A-00E0189008B3}
* c:\programas\mozy\mozyshell.dll {B32A6748-F273-4546-B60A-3C5ADC239DE5}
* c:\programas\smartftp client\sfshelltools.dll (SmartSoft Ltd) {F87DED31-303F-4ED1-9BCE-D360FBC74E0A}
c:\programas\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}

229 HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers
--------------------------------------------------------------------------
* c:\programas\mozy\mozyshell.dll {B32A6748-F273-4546-B60A-3C5ADC239DE5}

231 HKLM\Software\Classes\Folder\Shellex\ColumnHandlers
-------------------------------------------------------
* c:\programas\ficheiros comuns\corel\shared\shell extension\shellxp.dll (Corel Corporation) CDR Column Info
c:\programas\haali\matroskasplitter\mmfinfo.dll Haali Column Provider
c:\programas\openoffice.org 2.2\program\shlxthdl.dll (Sun Microsystems, Inc.) OpenOffice.org Column Handler
c:\programas\ficheiros comuns\adobe\acrobat\activex\pdfshell.dll (Adobe Systems, Inc.) PDF Column Info

241 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers
---------------------------------------------------------------------------------------
* c:\programas\mozy\mozyshell.dll {B32A6748-F273-4546-B60A-3C5ADC239DE5}
* c:\programas\mozy\mozyshell.dll {747E722C-CB46-4A9D-BDFE-192AAD5099B1}
* c:\programas\mozy\mozyshell.dll {EE6F5A00-7898-40F7-AB77-51FF9D6DEB20}
* c:\programas\smartftp client\sfshelltools.dll (SmartSoft Ltd) {EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD}

Attached Files

  • Attached File  logs.zip   9.73KB   168 downloads

  • 0

#4
Rorschach112
Posted 27 July 2008 - 05:02 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Can you attach the .run file please, you will need to zip it
  • 0

#5
valent5
Posted 27 July 2008 - 07:04 AM

valent5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
sorry, here it is

Attached Files

  • Attached File  log.zip   133.96KB   243 downloads

  • 0

#6
Rorschach112
Posted 27 July 2008 - 11:08 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Download the attachment at the end of this post (this will be your runscanner file fixed by me)

  • Unzip it to your desktop then double click the runscanner icon this will run the program.
  • You will notice several entries in red and in blue.
  • Click the button at the top called Fix selected items
  • Accept the warning(s) and repeat until they are all gone.
  • Reboot your PC



Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#7
valent5
Posted 27 July 2008 - 11:38 AM

valent5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Thanks once again.

Here are the .txt files:

main.txt:

Deckard's System Scanner v20071014.68
Run by Proprietário on 2008-07-27 18:27:33
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
6: 2008-07-27 17:27:42 UTC - RP184 - Deckard's System Scanner Restore Point
5: 2008-07-27 16:45:19 UTC - RP183 - Ponto de verificação do sistema
4: 2008-07-26 15:59:19 UTC - RP182 - Ponto de verificação do sistema
3: 2008-07-25 10:07:51 UTC - RP181 - Ponto de verificação do sistema
2: 2008-07-23 19:36:19 UTC - RP180 - Last known good configuration


-- First Restore Point --
1: 2008-07-23 19:36:10 UTC - RP179 - Ponto de verificação do sistema


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 6.31 GiB (less than 15%) free.


-- HijackThis (run as Proprietário.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:31:27, on 27-07-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\FICHEI~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\FICHEI~1\mcafee\mcproxy\mcproxy.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Programas\Mozy\mozybackup.exe
C:\Programas\McAfee\MPF\MPFSrv.exe
C:\Programas\McAfee\MSK\MskSrver.exe
C:\Programas\Nero\Nero8\Nero BackItUp\NBService.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PSIService.exe
c:\Programas\Ficheiros comuns\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programas\CyberLink\PowerDVD\PDVDServ.exe
C:\Programas\Ficheiros comuns\PCSuite\DataLayer\DataLayer.exe
C:\Programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programas\Logitech\Video\LogiTray.exe
C:\Programas\PC Connectivity Solution\ServiceLayer.exe
C:\Programas\Java\jre1.6.0_03\bin\jusched.exe
C:\Programas\SimpleCenter\bin\win\sclauncher.exe
C:\Programas\QuickTime\QTTask.exe
C:\Programas\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\Internet Explorer\IEXPLORE.EXE
C:\Programas\Logitech\Video\FxSvr2.exe
C:\Programas\Yahoo!\Widgets\YahooWidgets.exe
C:\Programas\iPod\bin\iPodService.exe
C:\Programas\Yahoo!\Widgets\YahooWidgets.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Documents and Settings\Proprietário\Ambiente de trabalho\dss.exe
C:\Programas\Chessmaster Challenge\chess.exe
C:\Programas\Chessmaster Challenge\chess.RWG
C:\Programas\Chessmaster Challenge\ReflexiveArcade\RAW_003.wdt
C:\PROGRA~1\CHESSM~1\engine\TheKing.exe
C:\DOCUME~1\PROPRI~1\AMBIEN~1\Proprietário.exe
C:\PROGRA~1\CHESSM~1\engine\TheKing.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.imesh....ar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
R3 - URLSearchHook: (no name) - {ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
O2 - BHO: {02dc1d91-7e2f-70a8-6324-72233af51931} - {13915fa3-3227-4236-8a07-f2e719d1cd20} - C:\WINDOWS\system32\kmwdoe.dll
O2 - BHO: (no name) - {6230596F-3A44-4CDF-815B-372FA03C75D6} - C:\WINDOWS\system32\vtUMfCSj.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7C97D7A4-786F-480E-8B12-697A3F8D7A13} - C:\WINDOWS\system32\iifeeCRL.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programas\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programas\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] C:\Programas\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [DataLayer] C:\Programas\Ficheiros comuns\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programas\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programas\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Programas\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [NSLauncher] C:\Programas\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [sclauncher] C:\Programas\SimpleCenter\bin\win\sclauncher.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programas\Ficheiros comuns\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programas\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [flag loud mp3 bore] C:\Documents and Settings\All Users\Application Data\Phone store flag loud\Anti proc.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programas\Logitech\Video\ManifestEngine.exe boot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Yahoo! Widgets.lnk = C:\Programas\Yahoo!\Widgets\YahooWidgets.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programas\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://C:\Programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Programas\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/b...lineScanner.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zon...wn.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1183658465531
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {F2D35D99-63B1-46D3-970C-6E22320D5DCB} (kSoloCntrlIE Class) - http://www.ksolo.com...kSoloIEHDSD.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHEI~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: vtUMfCSj - C:\WINDOWS\SYSTEM32\vtUMfCSj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Programas\Ares\chatServer.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Programas\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FICHEI~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHEI~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: Mozy Backup Service (mozybackup) - Unknown owner - C:\Programas\Mozy\mozybackup.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Programas\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Programas\McAfee\MSK\MskSrver.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programas\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programas\Ficheiros comuns\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Programas\Ficheiros comuns\Protexis\License Service\PsiService_2.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programas\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 11274 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - c:\windows\system32\drivers\sfvfs02.sys <Not Verified; Protection Technology; StarForce Protection System>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\programas\ficheiros comuns\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Nero BackItUp Scheduler 3 - c:\programas\nero\nero8\nero backitup\nbservice.exe
R3 ServiceLayer - "c:\programas\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>

S3 AresChatServer (Ares Chatroom server) - c:\programas\ares\chatserver.exe <Not Verified; Ares Development Group; Ares Chat Server>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Controladores multimédia de vídeo
Device ID: PCI\VEN_109E&DEV_036E&SUBSYS_00000000&REV_11\3&13C0B0C5&0&30
Manufacturer:
Name: Controladores multimédia de vídeo
PNP Device ID: PCI\VEN_109E&DEV_036E&SUBSYS_00000000&REV_11\3&13C0B0C5&0&30
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Controladores multimédia
Device ID: PCI\VEN_109E&DEV_0878&SUBSYS_00000000&REV_11\3&13C0B0C5&0&31
Manufacturer:
Name: Controladores multimédia
PNP Device ID: PCI\VEN_109E&DEV_0878&SUBSYS_00000000&REV_11\3&13C0B0C5&0&31
Service:

Class GUID:
Description: Thomson USB CDC Device
Device ID: USB\VID_069B&PID_0704\0011E3D92E8A
Manufacturer:
Name: Thomson USB CDC Device
PNP Device ID: USB\VID_069B&PID_0704\0011E3D92E8A
Service:

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia Windows Portable Device Driver
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia N81
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia 6630
Device ID: ROOT\WPD\0001
Manufacturer: Nokia
Name: Nokia 6630
PNP Device ID: ROOT\WPD\0001
Service: WUDFRd


-- Scheduled Tasks -------------------------------------------------------------

2008-07-27 17:50:01 252 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2008-07-07 12:06:01 276 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-05-15 01:00:20 354 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2007-12-23 17:59:34 346 --a------ C:\WINDOWS\Tasks\McQcTask.job


-- Files created between 2008-06-27 and 2008-07-27 -----------------------------

2008-07-27 16:42:01 95360 --a------ C:\WINDOWS\system32\qkejsqut.dll
2008-07-27 16:39:43 116352 --a------ C:\WINDOWS\system32\nenwkvsb.dll
2008-07-27 16:39:43 116352 --a------ C:\WINDOWS\system32\kmwdoe.dll
2008-07-27 16:39:01 370312 --ahs---- C:\WINDOWS\system32\AHOYxGgh.ini2
2008-07-27 16:38:55 323584 --a------ C:\WINDOWS\system32\hgGxYOHA.dll
2008-07-27 16:15:52 116352 --a------ C:\WINDOWS\system32\yixxyb.dll
2008-07-27 16:15:51 116352 --a------ C:\WINDOWS\system32\wghicqhr.dll
2008-07-27 14:01:20 116352 --a------ C:\WINDOWS\system32\obpmlfvw.dll
2008-07-27 14:01:20 116352 --a------ C:\WINDOWS\system32\bmvvbb.dll
2008-07-26 19:34:18 116864 --a------ C:\WINDOWS\system32\vbvmgs.dll
2008-07-26 19:34:18 116864 --a------ C:\WINDOWS\system32\tfguetvg.dll
2008-07-26 18:54:25 116864 --a------ C:\WINDOWS\system32\qzyojy.dll
2008-07-26 18:54:24 116864 --a------ C:\WINDOWS\system32\afdtedjr.dll
2008-07-26 15:59:16 81920 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
2008-07-25 22:33:57 116352 --a------ C:\WINDOWS\system32\eqrlyo.dll
2008-07-25 22:33:56 116352 --a------ C:\WINDOWS\system32\ltdvbcgu.dll
2008-07-25 00:25:03 0 d-------- C:\Programas\Monopoly
2008-07-25 00:13:42 0 dr-h----- C:\Documents and Settings\Proprietário\Application Data\SecuROM
2008-07-24 14:03:15 116352 --a------ C:\WINDOWS\system32\rmldbb.dll
2008-07-24 14:03:13 116352 --a------ C:\WINDOWS\system32\jfwmdthy.dll
2008-07-23 20:39:00 0 --a------ C:\WINDOWS\system32\tmztin.dll
2008-07-23 20:39:00 0 --a------ C:\WINDOWS\system32\metghlfg.dll
2008-07-23 20:35:59 371846 --ahs---- C:\WINDOWS\system32\LRCeefii.ini2
2008-07-23 20:35:53 323584 --a------ C:\WINDOWS\system32\iifeeCRL.dll
2008-07-23 20:30:50 33152 --a------ C:\WINDOWS\system32\vtUMfCSj.dll
2008-07-23 20:30:50 33152 --a------ C:\WINDOWS\system32\ddcCTkiJ.dll
2008-07-23 20:26:49 110080 --a------ C:\WINDOWS\system32\lphc1jtj0ep8v.exe
2008-07-23 19:23:26 0 d-------- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
2008-07-23 19:23:14 0 d-------- C:\Documents and Settings\Proprietário\Application Data\GameHouse
2008-07-23 19:23:11 0 d-------- C:\Programas\GameHouse
2008-07-23 19:08:02 0 d-------- C:\Documents and Settings\Proprietário\Application Data\Chessmaster Challenge
2008-07-23 19:06:47 0 d-------- C:\Programas\Chessmaster Challenge
2008-07-23 18:57:47 0 d-------- C:\Programas\War Chess
2008-07-09 19:40:50 0 d-------- C:\Documents and Settings\Highscreen\Application Data\NCH Software
2008-07-09 19:38:52 0 d-------- C:\Documents and Settings\All Users\Application Data\NCH Software
2008-07-09 19:38:50 0 d-------- C:\Documents and Settings\Highscreen\Application Data\Program Files
2008-07-04 14:25:05 0 d-------- C:\Programas\Acoustica Mixcraft 4
2008-07-04 14:22:40 34308 --a------ C:\WINDOWS\system32\Chip.dll
2008-07-04 00:41:54 0 d-------- C:\Programas\Acoustica Mixcraft
2008-06-30 13:23:04 0 d-------- C:\Documents and Settings\Proprietário\Application Data\Skype


-- Find3M Report ---------------------------------------------------------------

2008-07-27 18:19:51 0 d-------- C:\Documents and Settings\Proprietário\Application Data\uTorrent
2008-07-27 13:45:53 0 d-------- C:\Programas\McAfee
2008-07-26 21:52:20 0 d-------- C:\Programas\NCH Swift Sound
2008-07-26 19:28:48 0 d-------- C:\Documents and Settings\Proprietário\Application Data\LimeWire
2008-07-26 18:51:32 4420 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-09 20:58:44 0 d--h----- C:\Documents and Settings\Proprietário\Application Data\FDBTemp
2008-07-04 14:28:02 0 d-------- C:\Programas\Acoustica Mixcraft 3
2008-07-04 14:25:36 0 d-------- C:\Programas\Acoustica Shared Effects
2008-06-21 10:27:13 0 d-------- C:\Programas\Windows Live
2008-06-13 16:27:46 0 d-------- C:\Programas\LimeWire
2008-06-12 14:19:10 0 d-------- C:\Programas\Ares
2008-06-12 14:14:25 0 d-------- C:\Programas\Thirdone
2008-06-12 14:14:12 0 d-------- C:\Programas\Circle Developement
2008-06-12 14:14:11 0 d-------- C:\Programas\Messenger Plus! Live
2008-06-09 18:07:53 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-06-08 23:25:06 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-06-08 23:22:57 0 d-------- C:\Programas\Skype
2008-06-08 23:22:50 0 d-------- C:\Programas\Ficheiros comuns
2008-06-08 23:22:50 0 d-------- C:\Programas\Ficheiros comuns\Skype
2008-06-08 16:55:06 0 d-------- C:\Programas\Picasa2
2008-06-05 20:20:20 0 d-------- C:\Programas\Ficheiros comuns\Adobe
2008-06-02 20:20:10 0 d-------- C:\Programas\Paint.NET
2008-05-31 20:37:48 0 d-------- C:\Programas\Apple Software Update
2008-05-31 15:31:12 0 d-------- C:\Programas\iTunes
2008-05-31 15:30:57 0 d-------- C:\Programas\iPod
2008-05-31 15:28:40 0 d-------- C:\Programas\QuickTime
2008-05-27 22:11:19 2828 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-05-27 22:11:10 88 -r-hs---- C:\WINDOWS\system32\36F7743EB6.sys


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{13915fa3-3227-4236-8a07-f2e719d1cd20}]
27-07-2008 16:39 116352 --a------ C:\WINDOWS\system32\kmwdoe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6230596F-3A44-4CDF-815B-372FA03C75D6}]
23-07-2008 20:30 33152 --a------ C:\WINDOWS\system32\vtUMfCSj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C97D7A4-786F-480E-8B12-697A3F8D7A13}]
23-07-2008 20:35 323584 --a------ C:\WINDOWS\system32\iifeeCRL.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [02-08-2006 22:12 C:\WINDOWS\soundman.exe]
"RemoteControl"="C:\Programas\CyberLink\PowerDVD\PDVDServ.exe" [02-11-2004 20:24]
"DataLayer"="C:\Programas\Ficheiros comuns\PCSuite\DataLayer\DataLayer.exe" [07-06-2005 11:31]
"PCSuiteTrayApplication"="C:\Programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [29-06-2005 15:29]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [19-07-2005 17:32]
"LogitechVideoRepair"="C:\Programas\Logitech\Video\ISStart.exe" [08-06-2005 15:24]
"LogitechVideoTray"="C:\Programas\Logitech\Video\LogiTray.exe" [08-06-2005 15:14]
"SunJavaUpdateSched"="C:\Programas\Java\jre1.6.0_03\bin\jusched.exe" [25-09-2007 02:11]
"mcagent_exe"="C:\Programas\McAfee.com\Agent\mcagent.exe" [03-08-2007 23:33]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [30-11-2007 05:42]
"NSLauncher"="C:\Programas\Nokia\Nokia Software Launcher\NSLauncher.exe" [07-09-2007 15:44]
"sclauncher"="C:\Programas\SimpleCenter\bin\win\sclauncher.exe" [30-01-2007 11:43]
"NeroFilterCheck"="C:\Programas\Ficheiros comuns\Nero\Lib\NeroCheck.exe" [01-03-2007 14:57]
"NBKeyScan"="C:\Programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [20-09-2007 08:51]
"QuickTime Task"="C:\Programas\QuickTime\QTTask.exe" [28-03-2008 23:37]
"iTunesHelper"="C:\Programas\iTunes\iTunesHelper.exe" [30-03-2008 10:36]
"Adobe Reader Speed Launcher"="C:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11-01-2008 22:16]
"flag loud mp3 bore"="C:\Documents and Settings\All Users\Application Data\Phone store flag loud\Anti proc.exe" [27-07-2008 18:26]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04-08-2004 13:00]
"LogitechSoftwareUpdate"="C:\Programas\Logitech\Video\ManifestEngine.exe" [08-06-2005 14:44]

C:\Documents and Settings\Propriet rio\Menu Iniciar\Programas\Arranque\
Yahoo! Widgets.lnk - C:\Programas\Yahoo!\Widgets\YahooWidgets.exe [11-12-2007 23:34:48]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=1 (0x1)
"NoDispScrSavPage"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{6230596F-3A44-4CDF-815B-372FA03C75D6}"= C:\WINDOWS\system32\vtUMfCSj.dll [23-07-2008 20:30 33152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtUMfCSj]
vtUMfCSj.dll 23-07-2008 20:30 33152 C:\WINDOWS\system32\vtUMfCSj.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\iifeeCRL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""




-- End of Deckard's System Scanner: finished at 2008-07-27 18:33:48 ------------


extra.txt:


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: Portuguese

CPU 0: Intel® Pentium® 4 CPU 3.20GHz
CPU 1: Intel® Pentium® 4 CPU 3.20GHz
Percentage of Memory in Use: 59%
Physical Memory (total/avail): 1022.48 MiB / 412.38 MiB
Pagefile Memory (total/avail): 1212.46 MiB / 665.09 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1925.37 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 111.78 GiB total, 6.31 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST3120022A - 111.79 GiB - 1 partition
\PARTITION0 (bootable) - Sistema de ficheiros instalável - 111.78 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: McAfee Personal Firewall v (McAfee)
AV: McAfee VirusScan v (McAfee)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Programas\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programas\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Programas\\Windows Live\\Messenger\\livecall.exe"="C:\\Programas\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Programas\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Programas\\LimeWire\\LimeWire.exe"="C:\\Programas\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Programas\\uTorrent\\uTorrent.exe"="C:\\Programas\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Documents and Settings\\Proprietário\\Ambiente de trabalho\\Luís\\jogos\\Age of empires (1-3)\\Age of Empires 2\\age2_x1.exe"="C:\\Documents and Settings\\Proprietário\\Ambiente de trabalho\\Luís\\jogos\\Age of empires (1-3)\\Age of Empires 2\\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"C:\\Programas\\Activision\\Call of Duty 2\\CoD2MP_s.exe"="C:\\Programas\\Activision\\Call of Duty 2\\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\\Programas\\Pando Networks\\Pando\\pando.exe"="C:\\Programas\\Pando Networks\\Pando\\pando.exe:*:Disabled:pando"
"C:\\Programas\\Morpheus\\Morpheus.exe"="C:\\Programas\\Morpheus\\Morpheus.exe:*:Enabled:Morpheus"
"C:\\Programas\\SmartFTP Client\\SmartFTP.exe"="C:\\Programas\\SmartFTP Client\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.5"
"C:\\Programas\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programas\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Programas\\Windows Live\\Messenger\\livecall.exe"="C:\\Programas\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Assistência Remota - Windows Messenger e Voz"
"C:\\Programas\\Ficheiros comuns\\McAfee\\MNA\\McNASvc.exe"="C:\\Programas\\Ficheiros comuns\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\\Programas\\iTunes\\iTunes.exe"="C:\\Programas\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Programas\\Skype\\Phone\\Skype.exe"="C:\\Programas\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Propriet rio\Application Data
CLASSPATH=.;C:\Programas\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Programas\Ficheiros comuns
COMPUTERNAME=HIGHSCRE-964DEA
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Propriet rio
LOGONSERVER=\\HIGHSCRE-964DEA
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Programas\Mozilla Firefox;C:\Programas\PC Connectivity Solution\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Programas\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0304
ProgramFiles=C:\Programas
PROMPT=$P$G
QTJAVA=C:\Programas\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\PROPRI~1\DEFINI~1\Temp
TMP=C:\DOCUME~1\PROPRI~1\DEFINI~1\Temp
USERDOMAIN=HIGHSCRE-964DEA
USERNAME=Propriet rio
USERPROFILE=C:\Documents and Settings\Propriet rio
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Proprietário (admin)
Highscreen
Laidinha (admin)
Ana


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Programas\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /l0x0009
--> "C:\Programas\Creative Installation Information\E-CENTER_NET_CONTENT_U\Setup.exe" /remove /l0x0009
--> "C:\Programas\Creative Installation Information\E-CENTER_PLUGIN_CDBURNER_U\Setup.exe" /remove /l0x0009
--> "C:\Programas\Creative Installation Information\E-CENTER_PLUGIN_MTP_U\Setup.exe" /remove /l0x0009
--> "C:\Programas\Creative Installation Information\E-CENTER_PLUGIN_ONLINESTORE_U\Setup.exe" /remove /l0x0009
--> "C:\Programas\Creative Installation Information\MEDIASOURCE_PLAYER_SKINPACK_U\Setup.exe" /remove /l0x0009
--> C:\Programas\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{19822917-61F6-4221-B1D0-1C3B8A06BE60}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{19822917-61F6-4221-B1D0-1C3B8A06BE60}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{7C9F6AF4-E9D9-47FE-BE4B-E637C2FCB410}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{7C9F6AF4-E9D9-47FE-BE4B-E637C2FCB410}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{C029DB0E-C59F-417A-90F8-88FD5B2C4AE7}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3wPlayer version 1.0.0.3 --> "C:\Programas\3wPlayer\unins000.exe"
Acoustica Beatcraft --> C:\PROGRA~1\ACOUST~3\UNWISE.EXE C:\PROGRA~1\ACOUST~3\INSTALL.LOG
Acoustica Effects Pack --> C:\PROGRA~1\ACOUST~2\UNWISE.EXE C:\PROGRA~1\ACOUST~2\INSTALL.LOG
Acoustica Mixcraft 4.1 --> C:\PROGRA~1\ACE8FB~1\Unwise.exe
Actualização de segurança para Windows XP (KB921503) --> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB923789) --> C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Actualização de segurança para Windows XP (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB938829) --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB941568) --> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Actualização de Segurança para Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB941644) --> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB941693) --> "C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB943055) --> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB943485) --> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB944653) --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB945553) --> "C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB946026) --> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB948590) --> "C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB948881) --> "C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB950749) --> "C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB950760) --> "C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB950762) --> "C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB951376-v2) --> "C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB951376) --> "C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB951698) --> "C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB951748) --> "C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Actualização para Windows XP (KB925720) --> "C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Actualização para Windows XP (KB932823-v3) --> "C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Actualização para Windows XP (KB933360) --> "C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Actualização para Windows XP (KB936357) --> "C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Actualização para Windows XP (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Actualização para Windows XP (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Allok AVI to DVD SVCD VCD Converter 3.4.1210 --> "C:\Programas\Allok AVI to DVD SVCD VCD Converter\unins000.exe"
Allok Video Joiner 3.4.1210 --> "C:\Programas\Allok Video Joiner\unins000.exe"
AoA Audio Extractor 1.0 --> "C:\Programas\AoA Audio Extractor\unins000.exe"
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Aqua Bubble 2 --> "C:\Programas\Aqua Bubble 2\ReflexiveArcade\unins000.exe"
Ares 2.0.9 --> "C:\Programas\Ares\uninstall.exe"
µTorrent --> "C:\Programas\uTorrent\uTorrent.exe" /UNINSTALL
Audacity 1.2.6 --> "C:\Programas\Audacity\unins000.exe"
AudibleManager --> C:\Programas\Audible\Bin\Upgrade.exe /Uninstall
AudiMovie --> "C:\Programas\AudiMovie\uninstall.exe"
AviSynth 2.5 --> "C:\Programas\AviSynth 2.5\Uninstall.exe"
Burger Island --> "C:\Programas\Burger Island\ReflexiveArcade\unins000.exe"
Burn My Files --> "C:\Programas\GetData\Burn My Files\unins000.exe"
Burn4Free CD and DVD --> "C:\Programas\Burn4Free\uninstall.exe"
Cake Mania --> "C:\Programas\Cake Mania\ReflexiveArcade\unins000.exe"
Call of Duty® 2 --> C:\PROGRA~1\FICHEI~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D0A05794-48C2-4424-A15A-9F20FCFDD374} /l2057
CD To iPod Solution v6.4.2 --> "C:\Programas\CD To iPod Solution\unins000.exe"
Chessmaster Challenge --> "C:\Programas\Chessmaster Challenge\ReflexiveArcade\unins000.exe"
Cinematize 2.0 Demo --> MsiExec.exe /I{4756E8D4-4280-4E04-9A2E-39C5BFCF41EF}
Corel Paint Shop Pro Photo X2 --> MsiExec.exe /X{64E72FB1-2343-4977-B4A8-262CD53D0BD3}
CorelDRAW Graphics Suite X4 --> MsiExec.exe /I{44A27085-0616-4181-A0C3-81C7ECA17F73}
CorelDRAW Graphics Suite X4 - Capture --> MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF012}
CorelDRAW Graphics Suite X4 - Content --> MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF016}
CorelDRAW Graphics Suite X4 - Draw --> MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF013}
CorelDRAW Graphics Suite X4 - Filters --> MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF017}
CorelDRAW Graphics Suite X4 - FontNav --> MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF019}
CorelDRAW Graphics SUite X4 - ICA --> MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF010}
CorelDRAW Graphics Suite X4 - IPM --> MsiExec.exe /I{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}
CorelDRAW Graphics Suite X4 - Lang EN --> MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF100}
CorelDRAW Graphics Suite X4 - PP --> MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF014}
CorelDRAW Graphics Suite X4 - VBA --> MsiExec.exe /I{BF439B41-0252-48DE-8B8B-0430CB26A181}
CorelDRAW® Graphics Suite X4 --> c:\Programas\Corel\CorelDRAW Graphics Suite X4\Setup\SetupARP.exe /arp
CorelDRAW® Graphics Suite X4 - Windows Shell Extension --> c:\Programas\Ficheiros comuns\Corel\Shared\Shell Extension\Uninst.exe
CorelDRAW® Graphics Suite X4 - Windows Shell Extension --> MsiExec.exe /X{CE2DA11A-917F-4CF5-AB55-755EC115DD10}
Counter Strike 1.6 Reloaded released by -RJ- --> "C:\Programas\Counter Strike 1.6\unins000.exe"
Creative MediaSource 5 --> RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\SETUP.EXE" -l0x9 /remove
Creative Removable Disk Manager --> RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9 /remove
Creative System Information --> RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Creative ZEN V Series (R2) --> RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{9862E0CB-4727-4FFC-963A-E22A9E9EC10C}\SETUP.EXE" -l0x9 /remove
Crimsonland --> "C:\Programas\Crimsonland\ReflexiveArcade\unins000.exe"
Delta Force 2 --> C:\WINDOWS\IsUninst.exe -f"C:\Programas\NovaLogic\Delta Force 2\Uninst.isu"
Digital Media Converter 2.62 --> "C:\Programas\Deskshare\Digital Media Converter\unins000.exe"
Driver da Logitech® Camera --> "C:\Programas\Ficheiros comuns\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
EA SPORTS online 2006 --> C:\Programas\EA SPORTS\EA SPORTS online\EASOUNInstaller.exe
Easy DVD Creator 1.4.5 --> "C:\Programas\Easy DVD Creator\unins000.exe"
eDATA Unerase --> C:\PROGRA~1\EDATAU~1\UNWISE.EXE C:\PROGRA~1\EDATAU~1\INSTALL.LOG
EphPod --> C:\PROGRA~1\EphPod\UNWISE.EXE C:\PROGRA~1\EphPod\INSTALL.LOG
ESET Online Scanner --> C:\WINDOWS\system32\OnlineScannerUninstaller.exe
Express Burn --> C:\Programas\NCH Swift Sound\ExpressBurn\uninst.exe
FILE and MP3 Renamer 2006 --> C:\Programas\L.C. Enterprises\FILE and MP3 Renamer 2006\uninstall-fren.exe
Flash Demo Builder 1.2(remove only) --> "C:\Programas\Flash Demo Builder 1.2\uninst.exe"
FLV Player 2.0, build 23 --> C:\Programas\FLV Player\uninst.exe
free-downloads.net Toolbar --> C:\PROGRA~1\FREE-D~1.NET\UNWISE.EXE C:\PROGRA~1\FREE-D~1.NET\INSTALL.LOG
Free Video to Mp3 Converter version 2.9 --> "C:\Programas\DVDVideoSoft\Free Video to Mp3 Converter\unins000.exe"
Free YouTube to iPod Converter version 2.9 --> "C:\Programas\DVDVideoSoft\Free YouTube to iPod Converter\unins000.exe"
Free YouTube to Mp3 Converter version 2.5 --> "C:\Programas\DVDVideoSoft\Free YouTube to Mp3 Converter\unins000.exe"
FSX_Screensaver --> C:\Programas\FSX_Screensaver\Uninstall.exe
Fx Movie Joiner --> C:\PROGRA~1\FXJOIN~1\UNWISE.EXE C:\PROGRA~1\FXJOIN~1\INSTALL.LOG
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Haali Media Splitter --> "C:\Programas\Haali\MatroskaSplitter\uninstall.exe"
Hi5Robot --> MsiExec.exe /I{0BB6EA77-FE76-4A45-88C2-BF5F3AAEBF31}
Highlight Viewer (Windows Live Toolbar) --> MsiExec.exe /X{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}
HijackThis 2.0.2 --> "C:\Documents and Settings\Proprietário\Ambiente de trabalho\HijackThis.exe" /uninstall
Home Media Server 4.1.4.0067 --> C:\Programas\SimpleCenter\uninstall.exe
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
ICatch (VI) PC Camera --> RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{F48C6EA5-3B43-11D6-86A6-0050BA0259A2}\setup.exe"
Instalador de Emoticons --> C:\Programas\Instalador de Emoticons\uninstal.exe
iPod for Windows 2005-09-23 --> C:\Programas\Ficheiros comuns\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC} /l1033
iPod Software 1.3 Updater --> C:\PROGRA~1\FICHEI~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{3B04A1DD-EEE4-46B1-88C0-E8024C47DA24} /l1033
iSnooker --> C:\Games\iSnooker\Uninstall.exe
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
KeyExtender 3.96 --> "C:\Programas\KeyExtender\unins000.exe"
LimeWire 4.16.6 --> "C:\Programas\LimeWire\uninstall.exe"
LockerSync 3.141 Beta --> MsiExec.exe /I{8DE151A4-6692-41C2-94DA-2CEA1DE003B8}
Logitech QuickCam Software --> RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}\setup.exe" -l0x9
Macromedia Flash Player 8 --> MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46}
Map Button (Windows Live Toolbar) --> MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
McAfee SecurityCenter --> C:\Programas\McAfee\MSC\mcuninst.exe
Messenger Plus! 3 --> "C:\Documents and Settings\Ana\Os meus documentos\MsgPlus.exe" /Remove
Messenger Plus! Live & Sponsor (CiD) --> "C:\Programas\Messenger Plus! Live\Uninstall.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Excel MUI (Portuguese (Portugal)) 2007 --> MsiExec.exe /X{90120000-0016-0816-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Portuguese (Portugal)) 2007 --> MsiExec.exe /X{90120000-001A-0816-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Portuguese (Portugal)) 2007 --> MsiExec.exe /X{90120000-0018-0816-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Portuguese (Portugal)) 2007 --> MsiExec.exe /X{90120000-001F-0816-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (Portuguese (Portugal)) 2007 --> MsiExec.exe /X{90120000-002C-0816-0000-0000000FF1CE}
Microsoft Office Shared MUI (Portuguese (Portugal)) 2007 --> MsiExec.exe /X{90120000-006E-0816-0000-0000000FF1CE}
Microsoft Office Standard 2007 --> "C:\Programas\Ficheiros comuns\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall STANDARD /dll OSETUP.DLL
Microsoft Office Standard 2007 --> MsiExec.exe /X{90120000-0012-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (Portuguese (Portugal)) 2007 --> MsiExec.exe /X{90120000-001B-0816-0000-0000000FF1CE}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWudf01005$\spuninst�
  • 0

#8
Rorschach112
Posted 27 July 2008 - 11:45 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
C:\WINDOWS\system32\qkejsqut.dll
C:\WINDOWS\system32\nenwkvsb.dll
C:\WINDOWS\system32\kmwdoe.dll
C:\WINDOWS\system32\AHOYxGgh.ini2
C:\WINDOWS\system32\hgGxYOHA.dll
C:\WINDOWS\system32\yixxyb.dll
C:\WINDOWS\system32\wghicqhr.dll
C:\WINDOWS\system32\obpmlfvw.dll
C:\WINDOWS\system32\bmvvbb.dll
C:\WINDOWS\system32\vbvmgs.dll
C:\WINDOWS\system32\tfguetvg.dll
C:\WINDOWS\system32\qzyojy.dll
C:\WINDOWS\system32\afdtedjr.dll
C:\WINDOWS\system32\404Fix.exe 
C:\WINDOWS\system32\eqrlyo.dll
C:\WINDOWS\system32\ltdvbcgu.dll
C:\WINDOWS\system32\rmldbb.dll
C:\WINDOWS\system32\jfwmdthy.dll
C:\WINDOWS\system32\tmztin.dll
C:\WINDOWS\system32\metghlfg.dll
C:\WINDOWS\system32\LRCeefii.ini2
C:\WINDOWS\system32\iifeeCRL.dll
C:\WINDOWS\system32\vtUMfCSj.dll
C:\WINDOWS\system32\ddcCTkiJ.dll
C:\WINDOWS\system32\lphc1jtj0ep8v.exe
C:\Documents and Settings\All Users\Application Data\Phone store flag loud
purity 
EmptyTemp
[start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Also post a new DSS Log
  • 0

#9
valent5
Posted 27 July 2008 - 12:42 PM

valent5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Thanks Rorschach.


OTMoveIt log:

Explorer killed successfully
DllUnregisterServer procedure not found in C:\WINDOWS\system32\qkejsqut.dll
C:\WINDOWS\system32\qkejsqut.dll NOT unregistered.
C:\WINDOWS\system32\qkejsqut.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\nenwkvsb.dll
C:\WINDOWS\system32\nenwkvsb.dll NOT unregistered.
C:\WINDOWS\system32\nenwkvsb.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\kmwdoe.dll
C:\WINDOWS\system32\kmwdoe.dll NOT unregistered.
C:\WINDOWS\system32\kmwdoe.dll moved successfully.
C:\WINDOWS\system32\AHOYxGgh.ini2 moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\hgGxYOHA.dll
C:\WINDOWS\system32\hgGxYOHA.dll NOT unregistered.
C:\WINDOWS\system32\hgGxYOHA.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\yixxyb.dll
C:\WINDOWS\system32\yixxyb.dll NOT unregistered.
C:\WINDOWS\system32\yixxyb.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\wghicqhr.dll
C:\WINDOWS\system32\wghicqhr.dll NOT unregistered.
C:\WINDOWS\system32\wghicqhr.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\obpmlfvw.dll
C:\WINDOWS\system32\obpmlfvw.dll NOT unregistered.
C:\WINDOWS\system32\obpmlfvw.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\bmvvbb.dll
C:\WINDOWS\system32\bmvvbb.dll NOT unregistered.
C:\WINDOWS\system32\bmvvbb.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\vbvmgs.dll
C:\WINDOWS\system32\vbvmgs.dll NOT unregistered.
C:\WINDOWS\system32\vbvmgs.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\tfguetvg.dll
C:\WINDOWS\system32\tfguetvg.dll NOT unregistered.
C:\WINDOWS\system32\tfguetvg.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\qzyojy.dll
C:\WINDOWS\system32\qzyojy.dll NOT unregistered.
C:\WINDOWS\system32\qzyojy.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\afdtedjr.dll
C:\WINDOWS\system32\afdtedjr.dll NOT unregistered.
C:\WINDOWS\system32\afdtedjr.dll moved successfully.
C:\WINDOWS\system32\404Fix.exe moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\eqrlyo.dll
C:\WINDOWS\system32\eqrlyo.dll NOT unregistered.
C:\WINDOWS\system32\eqrlyo.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ltdvbcgu.dll
C:\WINDOWS\system32\ltdvbcgu.dll NOT unregistered.
C:\WINDOWS\system32\ltdvbcgu.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\rmldbb.dll
C:\WINDOWS\system32\rmldbb.dll NOT unregistered.
C:\WINDOWS\system32\rmldbb.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\jfwmdthy.dll
C:\WINDOWS\system32\jfwmdthy.dll NOT unregistered.
C:\WINDOWS\system32\jfwmdthy.dll moved successfully.
File/Folder C:\WINDOWS\system32\tmztin.dll not found.
File/Folder C:\WINDOWS\system32\metghlfg.dll not found.
C:\WINDOWS\system32\LRCeefii.ini2 moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\iifeeCRL.dll
C:\WINDOWS\system32\iifeeCRL.dll NOT unregistered.
C:\WINDOWS\system32\iifeeCRL.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\vtUMfCSj.dll
C:\WINDOWS\system32\vtUMfCSj.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\vtUMfCSj.dll scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ddcCTkiJ.dll
C:\WINDOWS\system32\ddcCTkiJ.dll NOT unregistered.
C:\WINDOWS\system32\ddcCTkiJ.dll moved successfully.
C:\WINDOWS\system32\lphc1jtj0ep8v.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\Phone store flag loud moved successfully.
< purity >
< EmptyTemp >
File delete failed. C:\DOCUME~1\PROPRI~1\DEFINI~1\Temp\~DFC585.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_45aQWeJjmlWhsxP scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_BEJPReSghCeyMcF scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_BEJPReSghCeyMcF-journal scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_gfZrmdjngzAgsB7 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_IMM8duYmh4Z5vTp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_2a4.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_FsiiPAq1Q2XWLn1 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_W2e4SQXRNrS8bPd scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07272008_192716

Files moved on Reboot...
DllUnregisterServer procedure not found in C:\WINDOWS\system32\vtUMfCSj.dll
C:\WINDOWS\system32\vtUMfCSj.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\vtUMfCSj.dll scheduled to be moved on reboot.
File C:\DOCUME~1\PROPRI~1\DEFINI~1\Temp\~DFC585.tmp not found!
File C:\WINDOWS\temp\mcmsc_45aQWeJjmlWhsxP not found!
File C:\WINDOWS\temp\mcmsc_BEJPReSghCeyMcF not found!
File C:\WINDOWS\temp\mcmsc_BEJPReSghCeyMcF-journal not found!
File C:\WINDOWS\temp\mcmsc_gfZrmdjngzAgsB7 not found!
File C:\WINDOWS\temp\mcmsc_IMM8duYmh4Z5vTp not found!
C:\WINDOWS\temp\Perflib_Perfdata_2a4.dat moved successfully.
C:\WINDOWS\temp\sqlite_FsiiPAq1Q2XWLn1 moved successfully.
C:\WINDOWS\temp\sqlite_W2e4SQXRNrS8bPd moved successfully.


New DSS log:


Deckard's System Scanner v20071014.68
Run by Proprietário on 2008-07-27 19:39:54
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 6.31 GiB (less than 15%) free.


-- HijackThis (run as Proprietário.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:40:04, on 27-07-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\FICHEI~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\FICHEI~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Programas\Mozy\mozybackup.exe
C:\Programas\McAfee\MPF\MPFSrv.exe
C:\Programas\McAfee\MSK\MskSrver.exe
C:\Programas\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PSIService.exe
c:\Programas\Ficheiros comuns\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Programas\Mozy\mozybackup.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programas\CyberLink\PowerDVD\PDVDServ.exe
C:\Programas\Ficheiros comuns\PCSuite\DataLayer\DataLayer.exe
C:\Programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programas\Logitech\Video\LogiTray.exe
C:\Programas\Java\jre1.6.0_03\bin\jusched.exe
C:\Programas\SimpleCenter\bin\win\sclauncher.exe
C:\Programas\QuickTime\QTTask.exe
C:\Programas\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\PC Connectivity Solution\ServiceLayer.exe
C:\Programas\Logitech\Video\FxSvr2.exe
C:\Programas\Yahoo!\Widgets\YahooWidgets.exe
C:\Programas\iPod\bin\iPodService.exe
C:\Programas\Yahoo!\Widgets\YahooWidgets.exe
C:\Programas\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Proprietário\Ambiente de trabalho\dss.exe
C:\DOCUME~1\PROPRI~1\AMBIEN~1\PROPRI~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.imesh....ar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
R3 - URLSearchHook: (no name) - {ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
O2 - BHO: (no name) - {6230596F-3A44-4CDF-815B-372FA03C75D6} - C:\WINDOWS\system32\vtUMfCSj.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7C97D7A4-786F-480E-8B12-697A3F8D7A13} - C:\WINDOWS\system32\iifeeCRL.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {99c5910d-5778-375b-46c4-70e80e2d103b} - {b301d2e0-8e07-4c64-b573-8775d0195c99} - C:\WINDOWS\system32\dsygvc.dll
O2 - BHO: (no name) - {B6E12583-A4D2-4900-9F87-8EE448DC9337} - C:\WINDOWS\system32\xxyvsrrS.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programas\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programas\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] C:\Programas\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [DataLayer] C:\Programas\Ficheiros comuns\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programas\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programas\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Programas\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [NSLauncher] C:\Programas\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [sclauncher] C:\Programas\SimpleCenter\bin\win\sclauncher.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programas\Ficheiros comuns\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programas\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [flag loud mp3 bore] C:\Documents and Settings\All Users\Application Data\Phone store flag loud\Anti proc.exe
O4 - HKLM\..\Run: [7c7c398e] rundll32.exe "C:\WINDOWS\system32\xlbehsjb.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programas\Logitech\Video\ManifestEngine.exe boot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Yahoo! Widgets.lnk = C:\Programas\Yahoo!\Widgets\YahooWidgets.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programas\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://C:\Programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Programas\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/b...lineScanner.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zon...wn.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1183658465531
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {F2D35D99-63B1-46D3-970C-6E22320D5DCB} (kSoloCntrlIE Class) - http://www.ksolo.com...kSoloIEHDSD.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHEI~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: vtUMfCSj - C:\WINDOWS\SYSTEM32\vtUMfCSj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Programas\Ares\chatServer.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Programas\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FICHEI~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHEI~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: Mozy Backup Service (mozybackup) - Unknown owner - C:\Programas\Mozy\mozybackup.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Programas\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Programas\McAfee\MSK\MskSrver.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programas\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programas\Ficheiros comuns\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Programas\Ficheiros comuns\Protexis\License Service\PsiService_2.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programas\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 11347 bytes

-- Files created between 2008-06-27 and 2008-07-27 -----------------------------

2008-07-27 19:39:24 95360 --a------ C:\WINDOWS\system32\xlbehsjb.dll
2008-07-27 19:39:20 116352 --a------ C:\WINDOWS\system32\dsygvc.dll
2008-07-27 19:39:20 116352 --a------ C:\WINDOWS\system32\dfpealfx.dll
2008-07-27 19:38:39 347 --ahs---- C:\WINDOWS\system32\Srrsvyxx.ini2
2008-07-27 19:38:33 323584 --a------ C:\WINDOWS\system32\xxyvsrrS.dll
2008-07-25 00:25:03 0 d-------- C:\Programas\Monopoly
2008-07-25 00:13:42 0 dr-h----- C:\Documents and Settings\Proprietário\Application Data\SecuROM
2008-07-23 20:30:50 33152 --a------ C:\WINDOWS\system32\vtUMfCSj.dll
2008-07-23 19:23:26 0 d-------- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
2008-07-23 19:23:14 0 d-------- C:\Documents and Settings\Proprietário\Application Data\GameHouse
2008-07-23 19:23:11 0 d-------- C:\Programas\GameHouse
2008-07-23 19:08:02 0 d-------- C:\Documents and Settings\Proprietário\Application Data\Chessmaster Challenge
2008-07-23 19:06:47 0 d-------- C:\Programas\Chessmaster Challenge
2008-07-23 18:57:47 0 d-------- C:\Programas\War Chess
2008-07-09 19:40:50 0 d-------- C:\Documents and Settings\Highscreen\Application Data\NCH Software
2008-07-09 19:38:52 0 d-------- C:\Documents and Settings\All Users\Application Data\NCH Software
2008-07-09 19:38:50 0 d-------- C:\Documents and Settings\Highscreen\Application Data\Program Files
2008-07-04 14:25:05 0 d-------- C:\Programas\Acoustica Mixcraft 4
2008-07-04 14:22:40 34308 --a------ C:\WINDOWS\system32\Chip.dll
2008-07-04 00:41:54 0 d-------- C:\Programas\Acoustica Mixcraft
2008-06-30 13:23:04 0 d-------- C:\Documents and Settings\Proprietário\Application Data\Skype


-- Find3M Report ---------------------------------------------------------------

2008-07-27 18:19:51 0 d-------- C:\Documents and Settings\Proprietário\Application Data\uTorrent
2008-07-27 13:45:53 0 d-------- C:\Programas\McAfee
2008-07-26 21:52:20 0 d-------- C:\Programas\NCH Swift Sound
2008-07-26 19:28:48 0 d-------- C:\Documents and Settings\Proprietário\Application Data\LimeWire
2008-07-26 18:51:32 4420 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-09 20:58:44 0 d--h----- C:\Documents and Settings\Proprietário\Application Data\FDBTemp
2008-07-04 14:28:02 0 d-------- C:\Programas\Acoustica Mixcraft 3
2008-07-04 14:25:36 0 d-------- C:\Programas\Acoustica Shared Effects
2008-06-21 10:27:13 0 d-------- C:\Programas\Windows Live
2008-06-13 16:27:46 0 d-------- C:\Programas\LimeWire
2008-06-12 14:19:10 0 d-------- C:\Programas\Ares
2008-06-12 14:14:25 0 d-------- C:\Programas\Thirdone
2008-06-12 14:14:12 0 d-------- C:\Programas\Circle Developement
2008-06-12 14:14:11 0 d-------- C:\Programas\Messenger Plus! Live
2008-06-09 18:07:53 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-06-08 23:25:06 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-06-08 23:22:57 0 d-------- C:\Programas\Skype
2008-06-08 23:22:50 0 d-------- C:\Programas\Ficheiros comuns
2008-06-08 23:22:50 0 d-------- C:\Programas\Ficheiros comuns\Skype
2008-06-08 16:55:06 0 d-------- C:\Programas\Picasa2
2008-06-05 20:20:20 0 d-------- C:\Programas\Ficheiros comuns\Adobe
2008-06-02 20:20:10 0 d-------- C:\Programas\Paint.NET
2008-05-31 20:37:48 0 d-------- C:\Programas\Apple Software Update
2008-05-31 15:31:12 0 d-------- C:\Programas\iTunes
2008-05-31 15:30:57 0 d-------- C:\Programas\iPod
2008-05-31 15:28:40 0 d-------- C:\Programas\QuickTime
2008-05-27 22:11:19 2828 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-05-27 22:11:10 88 -r-hs---- C:\WINDOWS\system32\36F7743EB6.sys


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6230596F-3A44-4CDF-815B-372FA03C75D6}]
23-07-2008 20:30 33152 --a------ C:\WINDOWS\system32\vtUMfCSj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C97D7A4-786F-480E-8B12-697A3F8D7A13}]
C:\WINDOWS\system32\iifeeCRL.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b301d2e0-8e07-4c64-b573-8775d0195c99}]
27-07-2008 19:39 116352 --a------ C:\WINDOWS\system32\dsygvc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B6E12583-A4D2-4900-9F87-8EE448DC9337}]
27-07-2008 19:38 323584 --a------ C:\WINDOWS\system32\xxyvsrrS.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [02-08-2006 22:12 C:\WINDOWS\soundman.exe]
"RemoteControl"="C:\Programas\CyberLink\PowerDVD\PDVDServ.exe" [02-11-2004 20:24]
"DataLayer"="C:\Programas\Ficheiros comuns\PCSuite\DataLayer\DataLayer.exe" [07-06-2005 11:31]
"PCSuiteTrayApplication"="C:\Programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [29-06-2005 15:29]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [19-07-2005 17:32]
"LogitechVideoRepair"="C:\Programas\Logitech\Video\ISStart.exe" [08-06-2005 15:24]
"LogitechVideoTray"="C:\Programas\Logitech\Video\LogiTray.exe" [08-06-2005 15:14]
"SunJavaUpdateSched"="C:\Programas\Java\jre1.6.0_03\bin\jusched.exe" [25-09-2007 02:11]
"mcagent_exe"="C:\Programas\McAfee.com\Agent\mcagent.exe" [03-08-2007 23:33]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [30-11-2007 05:42]
"NSLauncher"="C:\Programas\Nokia\Nokia Software Launcher\NSLauncher.exe" [07-09-2007 15:44]
"sclauncher"="C:\Programas\SimpleCenter\bin\win\sclauncher.exe" [30-01-2007 11:43]
"NeroFilterCheck"="C:\Programas\Ficheiros comuns\Nero\Lib\NeroCheck.exe" [01-03-2007 14:57]
"NBKeyScan"="C:\Programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [20-09-2007 08:51]
"QuickTime Task"="C:\Programas\QuickTime\QTTask.exe" [28-03-2008 23:37]
"iTunesHelper"="C:\Programas\iTunes\iTunesHelper.exe" [30-03-2008 10:36]
"Adobe Reader Speed Launcher"="C:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11-01-2008 22:16]
"flag loud mp3 bore"="C:\Documents and Settings\All Users\Application Data\Phone store flag loud\Anti proc.exe" []
"7c7c398e"="C:\WINDOWS\system32\xlbehsjb.dll" [27-07-2008 19:39]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04-08-2004 13:00]
"LogitechSoftwareUpdate"="C:\Programas\Logitech\Video\ManifestEngine.exe" [08-06-2005 14:44]

C:\Documents and Settings\Propriet rio\Menu Iniciar\Programas\Arranque\
Yahoo! Widgets.lnk - C:\Programas\Yahoo!\Widgets\YahooWidgets.exe [11-12-2007 23:34:48]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=1 (0x1)
"NoDispScrSavPage"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{6230596F-3A44-4CDF-815B-372FA03C75D6}"= C:\WINDOWS\system32\vtUMfCSj.dll [23-07-2008 20:30 33152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtUMfCSj]
vtUMfCSj.dll 23-07-2008 20:30 33152 C:\WINDOWS\system32\vtUMfCSj.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\xxyvsrrS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""




-- End of Deckard's System Scanner: finished at 2008-07-27 19:41:07 ------------
  • 0

#10
Rorschach112
Posted 27 July 2008 - 02:16 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
  • 0

#11
valent5
Posted 27 July 2008 - 04:07 PM

valent5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Cheers,

here's the ComboFix log:


ComboFix 08-07-27.3 - Proprietário 2008-07-27 22:25:21.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.2070.18.538 [GMT 1:00]
Executando de: C:\Documents and Settings\Proprietário\Ambiente de trabalho\ComboFix.exe
* Criado um novo ponto de restauro
* Resident AV is active


ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Ana\Application Data\macromedia\Flash Player\#SharedObjects\QDT2VMMV\interclick.com
C:\Documents and Settings\Ana\Application Data\macromedia\Flash Player\#SharedObjects\QDT2VMMV\interclick.com\ud.sol
C:\Documents and Settings\Ana\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Ana\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Ana\Favoritos\Error Cleaner.url
C:\Documents and Settings\Ana\Favoritos\Privacy Protector.url
C:\Documents and Settings\Ana\Favoritos\Spyware&Malware Protection.url
C:\Documents and Settings\Ana\Os meus documentos\Spyware&Malware Protection.url
C:\Documents and Settings\Highscreen\Application Data\macromedia\Flash Player\#SharedObjects\NWDF4ASF\interclick.com
C:\Documents and Settings\Highscreen\Application Data\macromedia\Flash Player\#SharedObjects\NWDF4ASF\interclick.com\ud.sol
C:\Documents and Settings\Highscreen\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Highscreen\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Highscreen\Favoritos\Error Cleaner.url
C:\Documents and Settings\Highscreen\Favoritos\Privacy Protector.url
C:\Documents and Settings\Highscreen\Favoritos\Spyware&Malware Protection.url
C:\Documents and Settings\Proprietário\Application Data\macromedia\Flash Player\#SharedObjects\DGM5B354\interclick.com
C:\Documents and Settings\Proprietário\Application Data\macromedia\Flash Player\#SharedObjects\DGM5B354\interclick.com\ud.sol
C:\Documents and Settings\Proprietário\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Proprietário\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Programas\FunWebProducts
C:\Programas\FunWebProducts\Shared\000AA325.dat
C:\Programas\FunWebProducts\Shared\0041260A.dat
C:\Programas\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Programas\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
C:\Programas\internet explorer\msimg32.dll
C:\Programas\MediaVideoCodec
C:\Programas\MyWebSearch
C:\Programas\MyWebSearch\bar\9.bin\F3BKGERR.JPG
C:\Programas\MyWebSearch\bar\9.bin\F3BROVLY.DLL
C:\Programas\MyWebSearch\bar\9.bin\F3CJPEG.DLL
C:\Programas\MyWebSearch\bar\9.bin\F3DTACTL.DLL
C:\Programas\MyWebSearch\bar\9.bin\F3HISTSW.DLL
C:\Programas\MyWebSearch\bar\9.bin\F3HTMLMU.DLL
C:\Programas\MyWebSearch\bar\9.bin\F3HTTPCT.DLL
C:\Programas\MyWebSearch\bar\9.bin\F3IMSTUB.DLL
C:\Programas\MyWebSearch\bar\9.bin\F3POPSWT.DLL
C:\Programas\MyWebSearch\bar\9.bin\F3PSSAVR.SCR
C:\Programas\MyWebSearch\bar\9.bin\F3REPROX.DLL
C:\Programas\MyWebSearch\bar\9.bin\F3RESTUB.DLL
C:\Programas\MyWebSearch\bar\9.bin\F3SCHMON.EXE
C:\Programas\MyWebSearch\bar\9.bin\F3SCRCTR.DLL
C:\Programas\MyWebSearch\bar\9.bin\F3SHLLVW.DLL
C:\Programas\MyWebSearch\bar\9.bin\F3SPACER.WMV
C:\Programas\MyWebSearch\bar\9.bin\F3WALLPP.DAT
C:\Programas\MyWebSearch\bar\9.bin\F3WPHOOK.DLL
C:\Programas\MyWebSearch\bar\9.bin\M3FFXTBR.JAR
C:\Programas\MyWebSearch\bar\9.bin\M3FFXTBR.MANIFEST
C:\Programas\MyWebSearch\bar\9.bin\M3HTML.DLL
C:\Programas\MyWebSearch\bar\9.bin\M3IDLE.DLL
C:\Programas\MyWebSearch\bar\9.bin\M3IMPIPE.EXE
C:\Programas\MyWebSearch\bar\9.bin\M3MSG.DLL
C:\Programas\MyWebSearch\bar\9.bin\M3NTSTBR.JAR
C:\Programas\MyWebSearch\bar\9.bin\M3NTSTBR.MANIFEST
C:\Programas\MyWebSearch\bar\9.bin\M3OUTLCN.DLL
C:\Programas\MyWebSearch\bar\9.bin\M3PLUGIN.DLL
C:\Programas\MyWebSearch\bar\9.bin\M3SKIN.DLL
C:\Programas\MyWebSearch\bar\9.bin\M3SKPLAY.EXE
C:\Programas\MyWebSearch\bar\9.bin\M3SLSRCH.EXE
C:\Programas\MyWebSearch\bar\9.bin\M3SRCHMN.EXE
C:\Programas\MyWebSearch\bar\9.bin\MWSBAR.DLL
C:\Programas\MyWebSearch\bar\9.bin\MWSOEMON.EXE
C:\Programas\MyWebSearch\bar\9.bin\MWSOEPLG.DLL
C:\Programas\MyWebSearch\bar\9.bin\MWSOESTB.DLL
C:\Programas\MyWebSearch\bar\9.bin\NPMYWEBS.DLL
C:\Programas\MyWebSearch\bar\Avatar\COMMON.F3S
C:\Programas\MyWebSearch\bar\Cache\000AFF9C
C:\Programas\MyWebSearch\bar\Cache\000B071E
C:\Programas\MyWebSearch\bar\Cache\000B0A5A.bin
C:\Programas\MyWebSearch\bar\Cache\000B0C6E.bin
C:\Programas\MyWebSearch\bar\Cache\000B0E42.bin
C:\Programas\MyWebSearch\bar\Cache\000B1036.bin
C:\Programas\MyWebSearch\bar\Cache\files.ini
C:\Programas\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Programas\MyWebSearch\bar\Game\CHESS.F3S
C:\Programas\MyWebSearch\bar\Game\REVERSI.F3S
C:\Programas\MyWebSearch\bar\History\search2
C:\Programas\MyWebSearch\bar\icons\CM.ICO
C:\Programas\MyWebSearch\bar\icons\MFC.ICO
C:\Programas\MyWebSearch\bar\icons\PSS.ICO
C:\Programas\MyWebSearch\bar\icons\SMILEY.ICO
C:\Programas\MyWebSearch\bar\icons\WB.ICO
C:\Programas\MyWebSearch\bar\icons\ZWINKY.ICO
C:\Programas\MyWebSearch\bar\Message\COMMON.F3S
C:\Programas\MyWebSearch\bar\Message\COMMON\ask_logo.gif
C:\Programas\MyWebSearch\bar\Message\COMMON\autoup.gif
C:\Programas\MyWebSearch\bar\Message\COMMON\autoup.htm
C:\Programas\MyWebSearch\bar\Message\COMMON\center.htm
C:\Programas\MyWebSearch\bar\Message\COMMON\index.htm
C:\Programas\MyWebSearch\bar\Message\COMMON\mid_dots.gif
C:\Programas\MyWebSearch\bar\Message\COMMON\mws_logo.gif
C:\Programas\MyWebSearch\bar\Message\COMMON\protect.htm
C:\Programas\MyWebSearch\bar\Message\COMMON\shocked.gif
C:\Programas\MyWebSearch\bar\Message\COMMON\stop.gif
C:\Programas\MyWebSearch\bar\Message\COMMON\systray.htm
C:\Programas\MyWebSearch\bar\Message\COMMON\systrayp.htm
C:\Programas\MyWebSearch\bar\Message\COMMON\tp_grad.gif
C:\Programas\MyWebSearch\bar\Message\COMMON\warn.gif
C:\Programas\MyWebSearch\bar\Notifier\COMMON.F3S
C:\Programas\MyWebSearch\bar\Notifier\DOG.F3S
C:\Programas\MyWebSearch\bar\Notifier\FISH.F3S
C:\Programas\MyWebSearch\bar\Notifier\KUNGFU.F3S
C:\Programas\MyWebSearch\bar\Notifier\LIFEGARD.F3S
C:\Programas\MyWebSearch\bar\Notifier\MAID.F3S
C:\Programas\MyWebSearch\bar\Notifier\MAILBOX.F3S
C:\Programas\MyWebSearch\bar\Notifier\OPERA.F3S
C:\Programas\MyWebSearch\bar\Notifier\ROBOT.F3S
C:\Programas\MyWebSearch\bar\Notifier\SEDUCT.F3S
C:\Programas\MyWebSearch\bar\Notifier\SURFER.F3S
C:\Programas\MyWebSearch\bar\Settings\prevcfg2.htm
C:\Programas\MyWebSearch\bar\Settings\s_pid.dat
C:\Programas\MyWebSearch\SrchAstt\9.bin\MWSSRCAS.DLL
C:\WINDOWS\dat.txt
C:\WINDOWS\rs.txt
C:\WINDOWS\search_res.txt
C:\WINDOWS\system32\AHOYxGgh.ini
C:\WINDOWS\system32\ajmpoqhx.ini
C:\WINDOWS\system32\bjsheblx.ini
C:\WINDOWS\system32\clbdll.dll
C:\WINDOWS\system32\clbdll.old
C:\WINDOWS\system32\clbinit.dll
C:\WINDOWS\system32\dfpealfx.dll
C:\WINDOWS\system32\drivers\clbdriver.sys
C:\WINDOWS\system32\dsygvc.dll
C:\WINDOWS\system32\egghuwrd.ini
C:\WINDOWS\system32\f3PSSavr.scr
C:\WINDOWS\system32\hsnimvxs.ini
C:\WINDOWS\system32\itcmbfkc.ini
C:\WINDOWS\system32\lbtnsoeg.ini
C:\WINDOWS\system32\LRCeefii.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\phc1jtj0ep8v.bmp
C:\WINDOWS\system32\pkkrwpdu.ini
C:\WINDOWS\system32\Srrsvyxx.ini
C:\WINDOWS\system32\Srrsvyxx.ini2
C:\WINDOWS\system32\tuqsjekq.ini
C:\WINDOWS\system32\vtUMfCSj.dll
C:\WINDOWS\system32\wbqiwsky.ini
C:\WINDOWS\system32\xxyvsrrS.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CLBDRIVER


((((((((((((((((((((((( Ficheiros criados de 2008-06-27 to 2008-07-27 ))))))))))))))))))))))))))))))))
.

2008-07-27 19:39 . 2008-07-27 19:39 95,360 --a------ C:\WINDOWS\system32\xlbehsjb.dll
2008-07-27 19:27 . 2008-07-27 19:27 <DIR> d-------- C:\_OTMoveIt
2008-07-27 18:27 . 2008-07-27 18:27 <DIR> d-------- C:\Deckard
2008-07-26 15:59 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-07-25 00:25 . 2008-07-25 00:25 <DIR> d-------- C:\Programas\Monopoly
2008-07-25 00:13 . 2008-07-25 00:13 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-07-23 20:30 . 2004-08-04 13:00 4,224 --a------ C:\WINDOWS\system32\beep.sys
2008-07-23 19:23 . 2008-07-23 19:23 <DIR> d-------- C:\Programas\GameHouse
2008-07-23 19:23 . 2008-07-23 19:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
2008-07-23 19:06 . 2008-07-23 19:07 <DIR> d-------- C:\Programas\Chessmaster Challenge
2008-07-23 18:57 . 2008-07-23 19:02 <DIR> d-------- C:\Programas\War Chess
2008-07-09 19:40 . 2008-07-09 19:40 <DIR> d-------- C:\Documents and Settings\Highscreen\Application Data\NCH Software
2008-07-09 19:38 . 2008-07-09 19:38 <DIR> d-------- C:\Documents and Settings\Highscreen\Application Data\Program Files
2008-07-09 19:38 . 2008-07-09 19:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Software
2008-07-04 14:25 . 2008-07-04 14:25 <DIR> d-------- C:\Programas\Acoustica Mixcraft 4
2008-07-04 14:22 . 2008-07-04 14:22 34,308 --a------ C:\WINDOWS\system32\Chip.dll
2008-07-04 14:22 . 2008-07-04 14:22 22,004 --a------ C:\WINDOWS\system32\Pvt.tmp
2008-07-04 00:41 . 2008-07-04 00:45 <DIR> d-------- C:\Programas\Acoustica Mixcraft

.
((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-27 19:28 --------- d-----w C:\Programas\Acoustica Shared Effects
2008-07-27 12:45 --------- d-----w C:\Programas\McAfee
2008-07-26 20:52 --------- d-----w C:\Programas\NCH Swift Sound
2008-07-26 20:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-07-26 19:25 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-07-18 12:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-09 22:27 --------- d-----w C:\Documents and Settings\Highscreen\Application Data\OpenOffice.org2
2008-07-08 19:52 --------- d-----w C:\Documents and Settings\Highscreen\Application Data\LimeWire
2008-07-04 13:28 --------- d-----w C:\Programas\Acoustica Mixcraft 3
2008-06-21 14:00 --------- d-----w C:\Documents and Settings\Highscreen\Application Data\Apple Computer
2008-06-21 09:27 --------- d-----w C:\Programas\Windows Live
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 17:59 272,640 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 19:08 --------- d-----w C:\Documents and Settings\Highscreen\Application Data\Skype
2008-06-13 18:08 --------- d-----w C:\Documents and Settings\Highscreen\Application Data\skypePM
2008-06-13 15:27 --------- d-----w C:\Programas\LimeWire
2008-06-12 13:19 --------- d-----w C:\Programas\Ares
2008-06-12 13:14 --------- d-----w C:\Programas\Thirdone
2008-06-12 13:14 --------- d-----w C:\Programas\Messenger Plus! Live
2008-06-12 13:14 --------- d-----w C:\Programas\Circle Developement
2008-06-08 22:22 --------- d-----w C:\Programas\Skype
2008-06-08 22:22 --------- d-----w C:\Programas\Ficheiros comuns\Skype
2008-06-08 22:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-06-08 15:55 --------- d-----w C:\Programas\Picasa2
2008-06-05 19:20 --------- d-----w C:\Programas\Ficheiros comuns\Adobe
2008-06-02 19:20 --------- d-----w C:\Programas\Paint.NET
2008-05-31 19:37 --------- d-----w C:\Programas\Apple Software Update
2008-05-31 14:31 --------- d-----w C:\Programas\iTunes
2008-05-31 14:30 --------- d-----w C:\Programas\iPod
2008-05-31 14:28 --------- d-----w C:\Programas\QuickTime
2008-02-23 11:13 88 --sh--r C:\Documents and Settings\All Users\Application Data\36F7743EB6.sys
2008-02-23 11:13 2,828 --sha-w C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
.

------- Sigcheck -------

2007-07-05 16:51 505344 410f13a4657b9c1f096b474e4031c293 C:\WINDOWS\system32\winlogon.exe
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4A9D-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4A9D-BDFE-192AAD5099B1}]
2007-07-02 23:17 2274608 --a------ C:\Programas\Mozy\mozyshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40F7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40F7-AB77-51FF9D6DEB20}]
2007-07-02 23:17 2274608 --a------ C:\Programas\Mozy\mozyshell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
"LogitechSoftwareUpdate"="C:\Programas\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="C:\Programas\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"DataLayer"="C:\Programas\Ficheiros comuns\PCSuite\DataLayer\DataLayer.exe" [2005-06-07 11:31 819712]
"PCSuiteTrayApplication"="C:\Programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-06-29 15:29 176128]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
"LogitechVideoRepair"="C:\Programas\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752]
"LogitechVideoTray"="C:\Programas\Logitech\Video\LogiTray.exe" [2005-06-08 15:14 217088]
"SunJavaUpdateSched"="C:\Programas\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"mcagent_exe"="C:\Programas\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007-11-30 05:42 1164576]
"NSLauncher"="C:\Programas\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-09-07 15:44 3100672]
"sclauncher"="C:\Programas\SimpleCenter\bin\win\sclauncher.exe" [2007-01-30 11:43 94208]
"NeroFilterCheck"="C:\Programas\Ficheiros comuns\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NBKeyScan"="C:\Programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 08:51 1836328]
"QuickTime Task"="C:\Programas\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Programas\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"Adobe Reader Speed Launcher"="C:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"7c7c398e"="C:\WINDOWS\system32\xlbehsjb.dll" [2008-07-27 19:39 95360]
"SoundMan"="SOUNDMAN.EXE" [2006-08-02 22:12 577536 C:\WINDOWS\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

C:\Documents and Settings\Highscreen\Menu Iniciar\Programas\Arranque\
OpenOffice.org 2.2.lnk - C:\Programas\OpenOffice.org 2.2\program\quickstart.exe [2007-05-12 18:48:20 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Programas\\LimeWire\\LimeWire.exe"=
"C:\\Programas\\uTorrent\\uTorrent.exe"=
"C:\\Programas\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"C:\\Programas\\SmartFTP Client\\SmartFTP.exe"=
"C:\\Programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programas\\Windows Live\\Messenger\\livecall.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Programas\\Ficheiros comuns\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Programas\\iTunes\\iTunes.exe"=
"C:\\Programas\\Skype\\Phone\\Skype.exe"=

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 04:38]
R1 mozyFilter;mozyFilter;C:\WINDOWS\system32\DRIVERS\mozy.sys [2007-07-02 23:17]
R2 PSI_SVC_2;Protexis Licensing V2;c:\Programas\Ficheiros comuns\Protexis\License Service\PsiService_2.exe [2007-07-24 12:15]
S3 USBSTOR;Controlador de armazenamento de massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
.
Conte£do da pasta 'Tarefas Agendadas'

2008-07-07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Programas\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2008-07-27 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
- C:\Programas\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]

2008-05-15 C:\WINDOWS\Tasks\McDefragTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2007-12-23 C:\WINDOWS\Tasks\McQcTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
.
- - - - ORFAOS REMOVIDOS - - - -

URLSearchHooks-{ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
BHO-{7C97D7A4-786F-480E-8B12-697A3F8D7A13} - C:\WINDOWS\system32\iifeeCRL.dll
Toolbar-{ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
HKLM-Run-flag loud mp3 bore - C:\Documents and Settings\All Users\Application Data\Phone store flag loud\Anti proc.exe


.
------- Ccan Suplementar -------
.
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
O8 -: &Windows Live Search - C:\Programas\Windows Live Toolbar\msntb.dll/search.htm
O8 -: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 -: E&xportar para o Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 -: Translate with &Babylon - C:\Programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm

O16 -: {F2D35D99-63B1-46D3-970C-6E22320D5DCB} - hxxp://www.ksolo.com/playerBase/kSoloIEHDSD.cab
C:\WINDOWS\Downloaded Program Files\kSoloClientIE.inf
C:\WINDOWS\system32\lame_enc.dll
C:\WINDOWS\Downloaded Program Files\kSoloClientIE.ocx


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-27 22:45:58
Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializ veis ocultas ...

Procurando ficheiros ocultos ...


C:\WINDOWS\system32\bjsheblx.ini 294 bytes

Varredura completada com sucesso
Ficheiros ocultos: 1

**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execu‡ao ---------------------

PROCESSOS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\xlbehsjb.dll
-> C:\Programas\Mozy\mozyshell.dll
.
------------------------ Outros Processos em Execu‡Æo ------------------------
.
C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\FICHEI~1\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\FICHEI~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Programas\Mozy\mozybackup.exe
C:\Programas\McAfee\MPF\MpfSrv.exe
C:\Programas\McAfee\MSK\msksrver.exe
C:\Programas\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PSIService.exe
C:\Programas\Mozy\mozybackup.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programas\PC Connectivity Solution\ServiceLayer.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programas\Logitech\Video\FxSvr2.exe
C:\Programas\Yahoo!\Widgets\YahooWidgets.exe
C:\Programas\iPod\bin\iPodService.exe
C:\Programas\Yahoo!\Widgets\YahooWidgets.exe
.
**************************************************************************
.
Tempo para conclusÆo: 2008-07-27 23:02:39 - Maquina reiniciou
ComboFix-quarantined-files.txt 2008-07-27 22:02:34

Pre-Run: 6,631,714,816 bytes livres
Post-Run: 6,988,304,384 bytes livres

356 --- E O F --- 2008-07-18 12:42:52





New Hijack log:




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:05:13, on 27-07-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\FICHEI~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\FICHEI~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Programas\Mozy\mozybackup.exe
C:\Programas\McAfee\MPF\MPFSrv.exe
C:\Programas\McAfee\MSK\MskSrver.exe
C:\Programas\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PSIService.exe
c:\Programas\Ficheiros comuns\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\Programas\Mozy\mozybackup.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programas\CyberLink\PowerDVD\PDVDServ.exe
C:\Programas\Ficheiros comuns\PCSuite\DataLayer\DataLayer.exe
C:\Programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programas\Logitech\Video\LogiTray.exe
C:\Programas\Java\jre1.6.0_03\bin\jusched.exe
C:\Programas\SimpleCenter\bin\win\sclauncher.exe
C:\Programas\PC Connectivity Solution\ServiceLayer.exe
C:\Programas\QuickTime\QTTask.exe
C:\Programas\iTunes\iTunesHelper.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programas\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\Yahoo!\Widgets\YahooWidgets.exe
C:\Programas\iPod\bin\iPodService.exe
C:\Programas\Yahoo!\Widgets\YahooWidgets.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Programas\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Proprietário\Ambiente de trabalho\HiJackThis(2).exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programas\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programas\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] C:\Programas\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [DataLayer] C:\Programas\Ficheiros comuns\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programas\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programas\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Programas\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [NSLauncher] C:\Programas\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [sclauncher] C:\Programas\SimpleCenter\bin\win\sclauncher.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programas\Ficheiros comuns\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programas\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [7c7c398e] rundll32.exe "C:\WINDOWS\system32\xlbehsjb.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programas\Logitech\Video\ManifestEngine.exe boot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Yahoo! Widgets.lnk = C:\Programas\Yahoo!\Widgets\YahooWidgets.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programas\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://C:\Programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Programas\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/b...lineScanner.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zon...wn.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1183658465531
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {F2D35D99-63B1-46D3-970C-6E22320D5DCB} (kSoloCntrlIE Class) - http://www.ksolo.com...kSoloIEHDSD.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHEI~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Programas\Ares\chatServer.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Programas\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FICHEI~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHEI~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: Mozy Backup Service (mozybackup) - Unknown owner - C:\Programas\Mozy\mozybackup.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Programas\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Programas\McAfee\MSK\MskSrver.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programas\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programas\Ficheiros comuns\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Programas\Ficheiros comuns\Protexis\License Service\PsiService_2.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programas\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 10698 bytes
  • 0

#12
Rorschach112
Posted 28 July 2008 - 05:19 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\system32\xlbehsjb.dll

Rootkit::
C:\WINDOWS\system32\bjsheblx.ini

Registry::

Driver::


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall





Please do an online scan with Kaspersky WebScanner

Make sure you are using Internet Explorer for this. Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#13
valent5
Posted 29 July 2008 - 04:11 PM

valent5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Thanks for all your help Rorshach.

My friend is familiar with the rest of the procedure so I won't bother you anymore.

Goodbye

and thanks again :)
  • 0

#14
Rorschach112
Posted 29 July 2008 - 04:50 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP