Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

vx2.look2me


  • Please log in to reply

#1
nuno

nuno

    New Member

  • Member
  • Pip
  • 6 posts
Logfile of HijackThis v1.99.1
Scan saved at 17:08:12, on 27-10-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\SYSTEM32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\SYSTEM32\rundll32.exe
D:\Programas\Ficheiros comuns\Autodesk Shared\Service\AdskScSrv.exe
D:\WINDOWS\system32\inetsrv\inetinfo.exe
D:\Programas\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
D:\Programas\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\snmp.exe
D:\WINDOWS\System32\svchost.exe
D:\Programas\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
D:\WINDOWS\system32\RunDll32.exe
C:\Programas\Winamp\winampa.exe
D:\Programas\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
D:\Programas\QuickTime\qttask.exe
D:\WINDOWS\system32\ezSP_Px.exe
D:\WINDOWS\system32\rmctrl.exe
D:\WINDOWS\system32\atiptaxx.exe
D:\Programas\SyncroSoft\Pos\H2O\cledx.exe
D:\Programas\Support.com\bin\tgcmd.exe
D:\WINDOWS\system32\ctfmon.exe
C:\Programas\Spyware Doctor\swdoctor.exe
D:\WINDOWS\system32\sistray.exe
C:\Programas\ProtectX\protectx.exe
D:\Programas\Panda Software\Panda Antivirus Platinum\pavProxy.exe
D:\Programas\Messenger\msmsgs.exe
D:\Programas\Trend Micro\Tmas\tmas.exe
D:\WINDOWS\System32\wbem\wmiapsrv.exe
D:\Programas\Microsoft Office\OFFICE11\WINWORD.EXE
D:\WINDOWS\System32\dllhost.exe
D:\Programas\Internet Explorer\iexplore.exe
D:\Documents and Settings\Carlinha\Ambiente de trabalho\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.publico.pt/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = HiperligaÁűes
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SiSUSBRG] D:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [WinampAgent] C:\Programas\Winamp\winampa.exe
O4 - HKLM\..\Run: [SCANINICIO] "D:\Programas\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "D:\Programas\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ezShieldProtector for Px] D:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [RemoteControl] D:\WINDOWS\system32\rmctrl.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] D:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [H2O] D:\Programas\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [hcenter] "D:\Programas\Support.com\bin\tgcmd.exe" /server /startmonitor
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programas\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: ProtectX Hacker Defence Suite.lnk = C:\Programas\ProtectX\protectx.exe
O4 - Startup: Reboot.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = D:\Programas\Trend Micro\Tmas\Tmas.exe
O4 - Global Startup: Utility Tray.lnk = D:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Programas\Hello_Pictures on Blog\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Programas\Hello_Pictures on Blog\PicasaCapture.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programas\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab34120.cab
O16 - DPF: {2A0DED63-24F3-4FD6-BEC4-58F8E1F0C205} (FileSharingCtrl Class) - http://appdirectory....sharingctrl.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/...dy.cab32846.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab32846.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1113316183655
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (ZPA_HRTZ Object) - http://zone.msn.com/...tz.cab37625.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/...xy.cab35645.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/...s/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WindowsUpdate - D:\WINDOWS\system32\ir02l5do1.dll
O23 - Service: Adobe LM Service - Unknown owner - D:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - D:\Programas\Ficheiros comuns\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - D:\WINDOWS\System32\hwclock.exe (file missing)
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - D:\Programas\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - D:\Programas\Panda Software\Panda Antivirus Platinum\pavsrv51.exe


Can someone help me? tks
  • 0

Advertisements


#2
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Download L2mfix from one of these two locations:

http://www.atribune....oads/l2mfix.exe
http://www.downloads....org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!
  • 0

#3
nuno

nuno

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
L2MFIX find log 1.04a
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WindowsUpdate]
"Asynchronous"=dword:00000000
"DllName"="D:\\WINDOWS\\system32\\ir02l5do1.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Utilizadores
(ID-IO) ALLOW Read BUILTIN\Utilizadores
(ID-NI) ALLOW Read BUILTIN\Utilizadores avanáados
(ID-IO) ALLOW Read BUILTIN\Utilizadores avanáados
(ID-NI) ALLOW Full access BUILTIN\Administradores
(ID-IO) ALLOW Full access BUILTIN\Administradores
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER


**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{57FD15E7-3F2B-437C-ADDF-CDC61E8E8795}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Folha de propriedades de ficheiros multimādia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestor de scanner ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="P†gina de seguranáa de NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="P†gina de propriedades OLE DOCFIlE"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensšes da shell para partilha"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Apresentar extens∆o de adaptador CPL"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Apresentar extens∆o de monitor CPL"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Apresentar extens∆o de panorÉmica CPL"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="P†gina de seguranáa de DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="P†gina de compatibilidade"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Rotina de tratamento de dados de fragmentos da shell"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extens∆o da cĘpia de discos"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensšes da shell para objectos de rede Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gest∆o de monitor ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gest∆o de impressora ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensšes da shell para compress∆o de ficheiros"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extens∆o da shell de impressora na Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu de contexto de encriptaá∆o"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porta-documentos"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extens∆o de °cone HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Tipos de letra"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Perfil de ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="P†gina de seguranáa de impressoras"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensšes da shell para partilha"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extens∆o PKO cripto"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extens∆o de sinal cripto"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Ligaášes de rede"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Ligaášes de rede"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners e cÉmaras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners e cÉmaras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners e cÉmaras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners e cÉmaras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners e cÉmaras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensšes da shell para script anfitri∆o do Windows"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tarefas agendadas"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barra de tarefas e menu 'Iniciar'"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Procurar"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Ajuda e suporte"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Ajuda e suporte"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Executar..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Correio electrĘnico"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Tipos de letra"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Ferramentas administrativas"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barra de ferramentas da Internet"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Estado da transferąncia"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Pasta 'Shell' aumentada"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Pasta 'Shell' 2 aumentada"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Banda de pesquisa"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Banda de multimādia"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Pesquisa no painel"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Pesquisa na Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilit†rio de opášes da †rvore de registo"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Endereáo"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Caixa de ediá∆o de endereáo"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Preenchimento autom†tico da Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Lista de preenchimento autom†tico MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Personalizar lista de preenchimento autom†tico MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Acess°vel"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barra pendente de rastreio"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analisador da barra de endereáos"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Lista de preenchimento autom†tico do histĘrico da Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Lista de conclus∆o autom†tica da pasta Shell da Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Contentor da lista de conclus∆o autom†tica m£ltipla da Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistąncia ao utilizador"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Definiášes de pasta global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="HistĘrico"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="A Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Pasta cache de ActiveX"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Pasta de subscriášes"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestor de aplicaášes da shell"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Enumerador de aplicaášes instaladas"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Fabricante da aplicaá∆o Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extractor de imagens miniatura de ficheiros GDI+"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Rotina de tratamento de miniaturas de informaášes de resumo (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Programa de extracá∆o de miniaturas de HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistente de colocaá∆o na Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Encomendar cĘpias atravās da Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objecto do assistente de publicaá∆o da Shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistente para obter passaporte"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Contas de utilizadores"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Ficheiro de canal"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Atalho para canal"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Objecto rotina de tratamento de canais"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Pasta 'Ficheiros offline'"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Pessoas..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{65756541-C65C-11CD-0000-4B656E696100}"="Panda Antivirus"
"{8FF88D21-7BD0-11D1-BFB7-00AA00262A11}"="WinAce Archiver 2.04 Context Menu Shell Extension"
"{8FF88D25-7BD0-11D1-BFB7-00AA00262A11}"="WinAce Archiver 2.04 DragDrop Shell Extension"
"{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}"="WinAce Archiver 2.04 Context Menu Shell Extension"
"{8FF88D23-7BD0-11D1-BFB7-00AA00262A11}"="WinAce Archiver 2.04 Property Sheet Shell Extension"
"{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Pastas Web"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Office Outlook Custom Icon Handler"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{36A21736-36C2-4C11-8ACB-D4136F2B57BD}"="AutoCAD Digital Signatures Icon Overlay Handler"
"{AC1DB655-4F9A-4c39-8AD2-A65324A4C446}"="Autodesk Drawing Preview"
"{6DEA92E9-8682-4b6a-97DE-354772FE5727}"="Autodesk DWF Preview"
"{5a61f7a0-cde1-11cf-9113-00aa00425c62}"="IIS Shell Extension"
"{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}"="Trend Micro Anti-Spyware Shell Extension"
"{DDD2D54B-FB36-4F9D-9337-2AEF82F30E7F}"=""
"{5C244236-CCEC-41DF-89A5-D045D673185D}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{DDD2D54B-FB36-4F9D-9337-2AEF82F30E7F}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DDD2D54B-FB36-4F9D-9337-2AEF82F30E7F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DDD2D54B-FB36-4F9D-9337-2AEF82F30E7F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DDD2D54B-FB36-4F9D-9337-2AEF82F30E7F}\InprocServer32]
@="D:\\WINDOWS\\system32\\iqnathlp.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{5C244236-CCEC-41DF-89A5-D045D673185D}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5C244236-CCEC-41DF-89A5-D045D673185D}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5C244236-CCEC-41DF-89A5-D045D673185D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5C244236-CCEC-41DF-89A5-D045D673185D}\InprocServer32]
@="D:\\WINDOWS\\system32\\mhxoci.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

D:\WINDOWS\SYSTEM32\
avsnds.dll Thu 20 Oct 2005 20:56:24 ..S.R 235.869 230,34 K
browseui.dll Sat 3 Sep 2005 1:06:10 A.... 1.020.416 996,50 K
cdfview.dll Sat 3 Sep 2005 1:06:10 A.... 151.552 148,00 K
cdosys.dll Sat 10 Sep 2005 2:55:02 A.... 2.067.968 1,97 M
cmdlin~1.dll Mon 17 Oct 2005 18:42:30 A.... 43.520 42,50 K
danim.dll Sat 3 Sep 2005 1:06:10 A.... 1.056.256 1,00 M
dnlo01~1.dll Thu 20 Oct 2005 13:51:40 ..S.R 236.165 230,63 K
dwvx_x~1.dll Thu 20 Oct 2005 22:16:22 ..S.R 234.460 228,96 K
dxtrans.dll Sat 3 Sep 2005 1:06:10 A.... 205.312 200,50 K
extmgr.dll Sat 3 Sep 2005 1:06:10 ..... 55.808 54,50 K
i424le~1.dll Wed 19 Oct 2005 14:32:16 ..S.R 235.696 230,17 K
iepeers.dll Sat 3 Sep 2005 1:06:10 A.... 251.392 245,50 K
inseng.dll Sat 3 Sep 2005 1:06:10 A.... 96.768 94,50 K
iqnathlp.dll Thu 27 Oct 2005 11:22:50 ..S.R 235.047 229,54 K
ir02l5~1.dll Wed 26 Oct 2005 18:31:08 ..S.R 235.047 229,54 K
k080la~1.dll Thu 20 Oct 2005 21:45:36 ..S.R 235.464 229,95 K
kgdsw.dll Thu 20 Oct 2005 21:33:32 ..... 235.463 229,94 K
krdcan.dll Thu 20 Oct 2005 20:58:58 ..... 237.278 231,71 K
linkinfo.dll Thu 1 Sep 2005 2:43:34 A.... 19.968 19,50 K
mhxoci.dll Thu 20 Oct 2005 21:50:04 ..S.R 234.384 228,89 K
mqxml3a.dll Thu 20 Oct 2005 21:35:06 ..S.R 233.960 228,48 K
mshtml.dll Tue 4 Oct 2005 17:26:04 A.... 3.013.120 2,87 M
mshtmled.dll Sat 3 Sep 2005 1:06:10 A.... 448.512 438,00 K
msrating.dll Sat 3 Sep 2005 1:06:10 A.... 146.432 143,00 K
mstime.dll Sat 3 Sep 2005 1:06:10 A.... 530.432 518,00 K
mtisam11.dll Thu 20 Oct 2005 21:00:32 ..S.R 233.960 228,48 K
n0p4la~1.dll Thu 27 Oct 2005 3:37:08 ..S.R 233.842 228,36 K
netman.dll Mon 22 Aug 2005 19:34:58 A.... 197.632 193,00 K
nwwks.dll Thu 11 Aug 2005 16:11:20 A.... 65.024 63,50 K
pngfilt.dll Sat 3 Sep 2005 1:06:10 A.... 39.424 38,50 K
quartz.dll Tue 30 Aug 2005 4:54:28 A.... 1.293.824 1,23 M
shdocvw.dll Sat 3 Sep 2005 1:06:10 A.... 1.483.776 1,41 M
shell32.dll Fri 23 Sep 2005 4:06:56 A.... 8.491.520 8,10 M
shlwapi.dll Sat 3 Sep 2005 1:06:10 A.... 474.112 463,00 K
sirenacm.dll Mon 19 Sep 2005 7:00:34 A.... 119.856 117,05 K
umpnpmgr.dll Tue 23 Aug 2005 4:39:04 A.... 124.416 121,50 K
urlmon.dll Sat 3 Sep 2005 1:06:12 A.... 605.184 591,00 K
wininet.dll Sat 3 Sep 2005 1:06:12 A.... 661.504 646,00 K
winsrv.dll Thu 1 Sep 2005 2:43:34 A.... 292.352 285,50 K

39 items found: 39 files (11 H/S), 0 directories.
Total of file sizes: 26.012.715 bytes 24,80 M
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
O volume na unidade D n∆o tem nome
O n£mero de sārie do volume ā 2443-2AC7

DirectĘrio de D:\WINDOWS\System32

27-10-2005 11:22 235.047 iqnathlp.dll
27-10-2005 03:37 233.842 n0p4la7q1d.dll
27-10-2005 01:50 10.380 KGyGaAvL.sys
26-10-2005 18:31 235.047 ir02l5do1.dll
20-10-2005 22:16 234.460 dwvx_xx07.dll
20-10-2005 21:50 234.384 mhxoci.dll
20-10-2005 21:45 235.464 k080lalm1dqa.dll
20-10-2005 21:35 233.960 mqxml3a.dll
20-10-2005 21:00 233.960 mtisam11.dll
20-10-2005 20:56 235.869 avsnds.dll
20-10-2005 15:21 <DIR> dllcache
20-10-2005 13:51 236.165 dnlo0133e.dll
19-10-2005 14:32 235.696 i424lefq1h2e.dll
03-06-2005 00:36 56 E7452468E4.sys
23-04-2005 16:56 <DIR> Microsoft
13 ficheiro(s) 2.594.330 bytes
2 Dir(s) 6.453.571.584 bytes livres
  • 0

#4
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Close any programs you have open since this step requires a reboot.

From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log, and we'll clean up what's left. :tazz:

IMPORTANT: Do NOT run any other files in the l2mfix folder unless you are asked to do so!
  • 0

#5
nuno

nuno

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I do what you said, but no log of l2mfix apears on the reboot...hereīs the log of hijack after the reboot..


Logfile of HijackThis v1.99.1
Scan saved at 19:23:10, on 27-10-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\SYSTEM32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Programas\Ficheiros comuns\Autodesk Shared\Service\AdskScSrv.exe
D:\WINDOWS\system32\inetsrv\inetinfo.exe
D:\Programas\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
D:\WINDOWS\system32\rundll32.exe
D:\Programas\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
D:\WINDOWS\System32\snmp.exe
D:\WINDOWS\System32\svchost.exe
D:\Programas\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
D:\WINDOWS\system32\RunDll32.exe
C:\Programas\Winamp\winampa.exe
D:\Programas\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
D:\Programas\QuickTime\qttask.exe
D:\WINDOWS\system32\ezSP_Px.exe
D:\WINDOWS\system32\rmctrl.exe
D:\WINDOWS\system32\atiptaxx.exe
D:\Programas\SyncroSoft\Pos\H2O\cledx.exe
D:\Programas\Support.com\bin\tgcmd.exe
D:\WINDOWS\system32\ctfmon.exe
C:\Programas\Spyware Doctor\swdoctor.exe
C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
D:\Programas\Trend Micro\Tmas\Tmas.exe
D:\WINDOWS\system32\sistray.exe
C:\Programas\ProtectX\protectx.exe
D:\Programas\Panda Software\Panda Antivirus Platinum\pavProxy.exe
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\System32\wbem\wmiapsrv.exe
D:\Programas\Internet Explorer\iexplore.exe
D:\Documents and Settings\Carlinha\Ambiente de trabalho\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.publico.pt/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = HiperligaÁűes
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SiSUSBRG] D:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [WinampAgent] C:\Programas\Winamp\winampa.exe
O4 - HKLM\..\Run: [SCANINICIO] "D:\Programas\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "D:\Programas\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ezShieldProtector for Px] D:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [RemoteControl] D:\WINDOWS\system32\rmctrl.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] D:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [H2O] D:\Programas\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [hcenter] "D:\Programas\Support.com\bin\tgcmd.exe" /server /startmonitor
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programas\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: ProtectX Hacker Defence Suite.lnk = C:\Programas\ProtectX\protectx.exe
O4 - Startup: Reboot.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = D:\Programas\Trend Micro\Tmas\Tmas.exe
O4 - Global Startup: Utility Tray.lnk = D:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Programas\Hello_Pictures on Blog\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Programas\Hello_Pictures on Blog\PicasaCapture.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programas\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab34120.cab
O16 - DPF: {2A0DED63-24F3-4FD6-BEC4-58F8E1F0C205} (FileSharingCtrl Class) - http://appdirectory....sharingctrl.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/...dy.cab32846.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab32846.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1113316183655
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (ZPA_HRTZ Object) - http://zone.msn.com/...tz.cab37625.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/...xy.cab35645.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/...s/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown owner - D:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - D:\Programas\Ficheiros comuns\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - D:\WINDOWS\System32\hwclock.exe (file missing)
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - D:\Programas\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - D:\Programas\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
  • 0

#6
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi,

Can you run l2mfix again and do the Option #1 and post the log generated again please??
  • 0

#7
nuno

nuno

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi,

after i did the option 2 in l2mfix like you told me, i run cwshredder and the program don't identify the l2m anymore, but the problems of the pop-ups remain...

tks for the help...



L2MFIX find log 1.04a
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
"DLLName"="wzcdlg.dll"
"Logon"="WZCEventLogon"
"Logoff"="WZCEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000000


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C------- BUILTIN\Administradores
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Utilizadores
(ID-IO) ALLOW Read BUILTIN\Utilizadores
(ID-NI) ALLOW Read BUILTIN\Utilizadores avanáados
(ID-IO) ALLOW Read BUILTIN\Utilizadores avanáados
(ID-NI) ALLOW Full access BUILTIN\Administradores
(ID-IO) ALLOW Full access BUILTIN\Administradores
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER


**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{57FD15E7-3F2B-437C-ADDF-CDC61E8E8795}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Folha de propriedades de ficheiros multimādia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestor de scanner ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="P†gina de seguranáa de NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="P†gina de propriedades OLE DOCFIlE"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensšes da shell para partilha"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Apresentar extens∆o de adaptador CPL"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Apresentar extens∆o de monitor CPL"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Apresentar extens∆o de panorÉmica CPL"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="P†gina de seguranáa de DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="P†gina de compatibilidade"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Rotina de tratamento de dados de fragmentos da shell"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extens∆o da cĘpia de discos"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensšes da shell para objectos de rede Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gest∆o de monitor ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gest∆o de impressora ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensšes da shell para compress∆o de ficheiros"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extens∆o da shell de impressora na Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu de contexto de encriptaá∆o"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porta-documentos"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extens∆o de °cone HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Tipos de letra"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Perfil de ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="P†gina de seguranáa de impressoras"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensšes da shell para partilha"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extens∆o PKO cripto"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extens∆o de sinal cripto"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Ligaášes de rede"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Ligaášes de rede"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners e cÉmaras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners e cÉmaras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners e cÉmaras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners e cÉmaras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners e cÉmaras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensšes da shell para script anfitri∆o do Windows"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tarefas agendadas"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barra de tarefas e menu 'Iniciar'"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Procurar"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Ajuda e suporte"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Ajuda e suporte"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Executar..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Correio electrĘnico"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Tipos de letra"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Ferramentas administrativas"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barra de ferramentas da Internet"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Estado da transferąncia"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Pasta 'Shell' aumentada"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Pasta 'Shell' 2 aumentada"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Banda de pesquisa"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Banda de multimādia"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Pesquisa no painel"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Pesquisa na Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilit†rio de opášes da †rvore de registo"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Endereáo"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Caixa de ediá∆o de endereáo"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Preenchimento autom†tico da Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Lista de preenchimento autom†tico MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Personalizar lista de preenchimento autom†tico MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Acess°vel"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barra pendente de rastreio"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analisador da barra de endereáos"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Lista de preenchimento autom†tico do histĘrico da Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Lista de conclus∆o autom†tica da pasta Shell da Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Contentor da lista de conclus∆o autom†tica m£ltipla da Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistąncia ao utilizador"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Definiášes de pasta global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="HistĘrico"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="A Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Pasta cache de ActiveX"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Pasta de subscriášes"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestor de aplicaášes da shell"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Enumerador de aplicaášes instaladas"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Fabricante da aplicaá∆o Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extractor de imagens miniatura de ficheiros GDI+"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Rotina de tratamento de miniaturas de informaášes de resumo (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Programa de extracá∆o de miniaturas de HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistente de colocaá∆o na Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Encomendar cĘpias atravās da Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objecto do assistente de publicaá∆o da Shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistente para obter passaporte"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Contas de utilizadores"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Ficheiro de canal"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Atalho para canal"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Objecto rotina de tratamento de canais"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Pasta 'Ficheiros offline'"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Pessoas..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{65756541-C65C-11CD-0000-4B656E696100}"="Panda Antivirus"
"{8FF88D21-7BD0-11D1-BFB7-00AA00262A11}"="WinAce Archiver 2.04 Context Menu Shell Extension"
"{8FF88D25-7BD0-11D1-BFB7-00AA00262A11}"="WinAce Archiver 2.04 DragDrop Shell Extension"
"{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}"="WinAce Archiver 2.04 Context Menu Shell Extension"
"{8FF88D23-7BD0-11D1-BFB7-00AA00262A11}"="WinAce Archiver 2.04 Property Sheet Shell Extension"
"{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Pastas Web"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Office Outlook Custom Icon Handler"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{36A21736-36C2-4C11-8ACB-D4136F2B57BD}"="AutoCAD Digital Signatures Icon Overlay Handler"
"{AC1DB655-4F9A-4c39-8AD2-A65324A4C446}"="Autodesk Drawing Preview"
"{6DEA92E9-8682-4b6a-97DE-354772FE5727}"="Autodesk DWF Preview"
"{5a61f7a0-cde1-11cf-9113-00aa00425c62}"="IIS Shell Extension"
"{DDD2D54B-FB36-4F9D-9337-2AEF82F30E7F}"=""
"{5C244236-CCEC-41DF-89A5-D045D673185D}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{DDD2D54B-FB36-4F9D-9337-2AEF82F30E7F}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DDD2D54B-FB36-4F9D-9337-2AEF82F30E7F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DDD2D54B-FB36-4F9D-9337-2AEF82F30E7F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DDD2D54B-FB36-4F9D-9337-2AEF82F30E7F}\InprocServer32]
@="D:\\WINDOWS\\system32\\iqnathlp.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{5C244236-CCEC-41DF-89A5-D045D673185D}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5C244236-CCEC-41DF-89A5-D045D673185D}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5C244236-CCEC-41DF-89A5-D045D673185D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5C244236-CCEC-41DF-89A5-D045D673185D}\InprocServer32]
@="D:\\WINDOWS\\system32\\mhxoci.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

D:\WINDOWS\SYSTEM32\
avsnds.dll Thu 20 Oct 2005 20:56:24 ..S.R 235.869 230,34 K
browseui.dll Sat 3 Sep 2005 1:06:10 A.... 1.020.416 996,50 K
ccetcfg.dll Thu 27 Oct 2005 23:18:20 ..S.R 235.047 229,54 K
cdfview.dll Sat 3 Sep 2005 1:06:10 A.... 151.552 148,00 K
cdosys.dll Sat 10 Sep 2005 2:55:02 A.... 2.067.968 1,97 M
cmdlin~1.dll Mon 17 Oct 2005 18:42:30 A.... 43.520 42,50 K
danim.dll Sat 3 Sep 2005 1:06:10 A.... 1.056.256 1,00 M
dnlo01~1.dll Thu 20 Oct 2005 13:51:40 ..S.R 236.165 230,63 K
dwvx_x~1.dll Thu 20 Oct 2005 22:16:22 ..S.R 234.460 228,96 K
dxtrans.dll Sat 3 Sep 2005 1:06:10 A.... 205.312 200,50 K
extmgr.dll Sat 3 Sep 2005 1:06:10 ..... 55.808 54,50 K
i424le~1.dll Wed 19 Oct 2005 14:32:16 ..S.R 235.696 230,17 K
iepeers.dll Sat 3 Sep 2005 1:06:10 A.... 251.392 245,50 K
inseng.dll Sat 3 Sep 2005 1:06:10 A.... 96.768 94,50 K
iqnathlp.dll Thu 27 Oct 2005 11:22:50 ..S.R 235.047 229,54 K
k080la~1.dll Thu 20 Oct 2005 21:45:36 ..S.R 235.464 229,95 K
kgdsw.dll Thu 20 Oct 2005 21:33:32 ..... 235.463 229,94 K
krdcan.dll Thu 20 Oct 2005 20:58:58 ..... 237.278 231,71 K
linkinfo.dll Thu 1 Sep 2005 2:43:34 A.... 19.968 19,50 K
mhxoci.dll Thu 20 Oct 2005 21:50:04 ..S.R 234.384 228,89 K
mqxml3a.dll Thu 20 Oct 2005 21:35:06 ..S.R 233.960 228,48 K
mshtml.dll Tue 4 Oct 2005 17:26:04 A.... 3.013.120 2,87 M
mshtmled.dll Sat 3 Sep 2005 1:06:10 A.... 448.512 438,00 K
msrating.dll Sat 3 Sep 2005 1:06:10 A.... 146.432 143,00 K
mstime.dll Sat 3 Sep 2005 1:06:10 A.... 530.432 518,00 K
mtisam11.dll Thu 20 Oct 2005 21:00:32 ..S.R 233.960 228,48 K
n0p4la~1.dll Thu 27 Oct 2005 3:37:08 ..S.R 233.842 228,36 K
netman.dll Mon 22 Aug 2005 19:34:58 A.... 197.632 193,00 K
nwwks.dll Thu 11 Aug 2005 16:11:20 A.... 65.024 63,50 K
pngfilt.dll Sat 3 Sep 2005 1:06:10 A.... 39.424 38,50 K
quartz.dll Tue 30 Aug 2005 4:54:28 A.... 1.293.824 1,23 M
shdocvw.dll Sat 3 Sep 2005 1:06:10 A.... 1.483.776 1,41 M
shell32.dll Fri 23 Sep 2005 4:06:56 A.... 8.491.520 8,10 M
shlwapi.dll Sat 3 Sep 2005 1:06:10 A.... 474.112 463,00 K
sirenacm.dll Mon 19 Sep 2005 7:00:34 A.... 119.856 117,05 K
umpnpmgr.dll Tue 23 Aug 2005 4:39:04 A.... 124.416 121,50 K
urlmon.dll Sat 3 Sep 2005 1:06:12 A.... 605.184 591,00 K
wininet.dll Sat 3 Sep 2005 1:06:12 A.... 661.504 646,00 K
winsrv.dll Thu 1 Sep 2005 2:43:34 A.... 292.352 285,50 K

39 items found: 39 files (11 H/S), 0 directories.
Total of file sizes: 26.012.715 bytes 24,80 M
Locate .tmp files:

D:\WINDOWS\SYSTEM32\
guard.tmp Thu 27 Oct 2005 19:18:52 ..S.R 235.047 229,54 K

1 item found: 1 file (1 H/S), 0 directories.
Total of file sizes: 235.047 bytes 229,54 K
**********************************************************************************
Directory Listing of system files:
O volume na unidade D n∆o tem nome
O n£mero de sārie do volume ā 2443-2AC7

DirectĘrio de D:\WINDOWS\System32

27-10-2005 23:18 235.047 ccetcfg.dll
27-10-2005 19:18 235.047 guard.tmp
27-10-2005 11:22 235.047 iqnathlp.dll
27-10-2005 03:37 233.842 n0p4la7q1d.dll
27-10-2005 01:50 10.380 KGyGaAvL.sys
20-10-2005 22:16 234.460 dwvx_xx07.dll
20-10-2005 21:50 234.384 mhxoci.dll
20-10-2005 21:45 235.464 k080lalm1dqa.dll
20-10-2005 21:35 233.960 mqxml3a.dll
20-10-2005 21:00 233.960 mtisam11.dll
20-10-2005 20:56 235.869 avsnds.dll
20-10-2005 15:21 <DIR> dllcache
20-10-2005 13:51 236.165 dnlo0133e.dll
19-10-2005 14:32 235.696 i424lefq1h2e.dll
03-06-2005 00:36 56 E7452468E4.sys
23-04-2005 16:56 <DIR> Microsoft
14 ficheiro(s) 2.829.377 bytes
2 Dir(s) 6.406.414.336 bytes livres
  • 0

#8
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Please download WebRoot SpySweeper from here:
http://www.webroot.c...6d6f87b866d2848
(It's a 2 week trial)

Click the "Free Trial" link on the right - next to "SpySweeper for Home Computers".
On the next page, click the "Free Trial" button.
Download it and install it.
When you open the program, it will prompt you to update to the latest definitions.
Please do so, then click "Sweep Now"
Then click the "Start" button.
When it's done scanning, click the "Next" button.
Remove everything it finds, then save the log - copy the log and paste it here for me.
  • 0

#9
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
After going through with the SpySweeper scan, please also post a fresh l2mfix option #1 log please.
  • 0

#10
nuno

nuno

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
hi,

I couldnīt save the web spy sweeper log because the machine reboot, but after that I think itīs running smooth. No More Pop-Ups till know. I think spy sweeper is blocking them.
Hereīs a log of l2mfix after the reboot...

tks for the help...


L2MFIX find log 1.04a
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
"DLLName"="wzcdlg.dll"
"Logon"="WZCEventLogon"
"Logoff"="WZCEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000000


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C------- BUILTIN\Administradores
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Utilizadores
(ID-IO) ALLOW Read BUILTIN\Utilizadores
(ID-NI) ALLOW Read BUILTIN\Utilizadores avanáados
(ID-IO) ALLOW Read BUILTIN\Utilizadores avanáados
(ID-NI) ALLOW Full access BUILTIN\Administradores
(ID-IO) ALLOW Full access BUILTIN\Administradores
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER


**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{57FD15E7-3F2B-437C-ADDF-CDC61E8E8795}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Folha de propriedades de ficheiros multimādia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestor de scanner ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="P†gina de seguranáa de NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="P†gina de propriedades OLE DOCFIlE"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensšes da shell para partilha"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Apresentar extens∆o de adaptador CPL"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Apresentar extens∆o de monitor CPL"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Apresentar extens∆o de panorÉmica CPL"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="P†gina de seguranáa de DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="P†gina de compatibilidade"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Rotina de tratamento de dados de fragmentos da shell"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extens∆o da cĘpia de discos"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensšes da shell para objectos de rede Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gest∆o de monitor ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gest∆o de impressora ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensšes da shell para compress∆o de ficheiros"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extens∆o da shell de impressora na Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu de contexto de encriptaá∆o"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porta-documentos"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extens∆o de °cone HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Tipos de letra"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Perfil de ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="P†gina de seguranáa de impressoras"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensšes da shell para partilha"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extens∆o PKO cripto"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extens∆o de sinal cripto"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Ligaášes de rede"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Ligaášes de rede"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners e cÉmaras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners e cÉmaras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners e cÉmaras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners e cÉmaras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners e cÉmaras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensšes da shell para script anfitri∆o do Windows"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tarefas agendadas"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barra de tarefas e menu 'Iniciar'"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Procurar"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Ajuda e suporte"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Ajuda e suporte"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Executar..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Correio electrĘnico"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Tipos de letra"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Ferramentas administrativas"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barra de ferramentas da Internet"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Estado da transferąncia"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Pasta 'Shell' aumentada"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Pasta 'Shell' 2 aumentada"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Banda de pesquisa"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Banda de multimādia"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Pesquisa no painel"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Pesquisa na Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilit†rio de opášes da †rvore de registo"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Endereáo"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Caixa de ediá∆o de endereáo"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Preenchimento autom†tico da Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Lista de preenchimento autom†tico MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Personalizar lista de preenchimento autom†tico MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Acess°vel"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barra pendente de rastreio"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analisador da barra de endereáos"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Lista de preenchimento autom†tico do histĘrico da Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Lista de conclus∆o autom†tica da pasta Shell da Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Contentor da lista de conclus∆o autom†tica m£ltipla da Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistąncia ao utilizador"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Definiášes de pasta global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="HistĘrico"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="A Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Pasta cache de ActiveX"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Pasta de subscriášes"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestor de aplicaášes da shell"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Enumerador de aplicaášes instaladas"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Fabricante da aplicaá∆o Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extractor de imagens miniatura de ficheiros GDI+"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Rotina de tratamento de miniaturas de informaášes de resumo (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Programa de extracá∆o de miniaturas de HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistente de colocaá∆o na Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Encomendar cĘpias atravās da Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objecto do assistente de publicaá∆o da Shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistente para obter passaporte"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Contas de utilizadores"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Ficheiro de canal"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Atalho para canal"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Objecto rotina de tratamento de canais"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Pasta 'Ficheiros offline'"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Pessoas..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{65756541-C65C-11CD-0000-4B656E696100}"="Panda Antivirus"
"{8FF88D21-7BD0-11D1-BFB7-00AA00262A11}"="WinAce Archiver 2.04 Context Menu Shell Extension"
"{8FF88D25-7BD0-11D1-BFB7-00AA00262A11}"="WinAce Archiver 2.04 DragDrop Shell Extension"
"{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}"="WinAce Archiver 2.04 Context Menu Shell Extension"
"{8FF88D23-7BD0-11D1-BFB7-00AA00262A11}"="WinAce Archiver 2.04 Property Sheet Shell Extension"
"{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Pastas Web"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Office Outlook Custom Icon Handler"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{36A21736-36C2-4C11-8ACB-D4136F2B57BD}"="AutoCAD Digital Signatures Icon Overlay Handler"
"{AC1DB655-4F9A-4c39-8AD2-A65324A4C446}"="Autodesk Drawing Preview"
"{6DEA92E9-8682-4b6a-97DE-354772FE5727}"="Autodesk DWF Preview"
"{5a61f7a0-cde1-11cf-9113-00aa00425c62}"="IIS Shell Extension"
"{DDD2D54B-FB36-4F9D-9337-2AEF82F30E7F}"=""
"{5C244236-CCEC-41DF-89A5-D045D673185D}"=""
"{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"="Webroot Spy Sweeper Context Menu Integration"

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{5C244236-CCEC-41DF-89A5-D045D673185D}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5C244236-CCEC-41DF-89A5-D045D673185D}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5C244236-CCEC-41DF-89A5-D045D673185D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5C244236-CCEC-41DF-89A5-D045D673185D}\InprocServer32]
@="D:\\WINDOWS\\system32\\mhxoci.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

D:\WINDOWS\SYSTEM32\
avsnds.dll Thu 20 Oct 2005 20:56:24 ..... 235.869 230,34 K
browseui.dll Sat 3 Sep 2005 1:06:10 A.... 1.020.416 996,50 K
cdfview.dll Sat 3 Sep 2005 1:06:10 A.... 151.552 148,00 K
cdosys.dll Sat 10 Sep 2005 2:55:02 A.... 2.067.968 1,97 M
cmdlin~1.dll Mon 17 Oct 2005 18:42:30 A.... 43.520 42,50 K
danim.dll Sat 3 Sep 2005 1:06:10 A.... 1.056.256 1,00 M
dnlo01~1.dll Thu 20 Oct 2005 13:51:40 ..... 236.165 230,63 K
dwvx_x~1.dll Thu 20 Oct 2005 22:16:22 ..... 234.460 228,96 K
dxtrans.dll Sat 3 Sep 2005 1:06:10 A.... 205.312 200,50 K
extmgr.dll Sat 3 Sep 2005 1:06:10 ..... 55.808 54,50 K
i424le~1.dll Wed 19 Oct 2005 14:32:16 ..... 235.696 230,17 K
iepeers.dll Sat 3 Sep 2005 1:06:10 A.... 251.392 245,50 K
inseng.dll Sat 3 Sep 2005 1:06:10 A.... 96.768 94,50 K
islzma.dll Fri 21 Oct 2005 15:50:14 A.... 102.912 100,50 K
k080la~1.dll Thu 20 Oct 2005 21:45:36 ..... 235.464 229,95 K
kgdsw.dll Thu 20 Oct 2005 21:33:32 ..... 235.463 229,94 K
krdcan.dll Thu 20 Oct 2005 20:58:58 ..... 237.278 231,71 K
kwdno.dll Fri 28 Oct 2005 14:27:58 A.... 56 0,05 K
linkinfo.dll Thu 1 Sep 2005 2:43:34 A.... 19.968 19,50 K
mhxoci.dll Thu 20 Oct 2005 21:50:04 ..... 234.384 228,89 K
mqxml3a.dll Fri 28 Oct 2005 14:28:46 A.... 56 0,05 K
mshtml.dll Tue 4 Oct 2005 17:26:04 A.... 3.013.120 2,87 M
mshtmled.dll Sat 3 Sep 2005 1:06:10 A.... 448.512 438,00 K
msrating.dll Sat 3 Sep 2005 1:06:10 A.... 146.432 143,00 K
mstime.dll Sat 3 Sep 2005 1:06:10 A.... 530.432 518,00 K
mtisam11.dll Fri 28 Oct 2005 14:29:14 A.... 56 0,05 K
n0p4la~1.dll Fri 28 Oct 2005 14:29:24 A.... 56 0,05 K
netman.dll Mon 22 Aug 2005 19:34:58 A.... 197.632 193,00 K
nwwks.dll Thu 11 Aug 2005 16:11:20 A.... 65.024 63,50 K
pngfilt.dll Sat 3 Sep 2005 1:06:10 A.... 39.424 38,50 K
quartz.dll Tue 30 Aug 2005 4:54:28 A.... 1.293.824 1,23 M
shdocvw.dll Sat 3 Sep 2005 1:06:10 A.... 1.483.776 1,41 M
shell32.dll Fri 23 Sep 2005 4:06:56 A.... 8.491.520 8,10 M
shlwapi.dll Sat 3 Sep 2005 1:06:10 A.... 474.112 463,00 K
sirenacm.dll Mon 19 Sep 2005 7:00:34 A.... 119.856 117,05 K
umpnpmgr.dll Tue 23 Aug 2005 4:39:04 A.... 124.416 121,50 K
urlmon.dll Sat 3 Sep 2005 1:06:12 A.... 605.184 591,00 K
wininet.dll Sat 3 Sep 2005 1:06:12 A.... 661.504 646,00 K
winsrv.dll Thu 1 Sep 2005 2:43:34 A.... 292.352 285,50 K
wrlogo~1.dll Mon 24 Oct 2005 12:20:36 A.... 492.544 481,00 K
wrlzma.dll Mon 24 Oct 2005 12:20:32 A.... 17.920 17,50 K

41 items found: 41 files, 0 directories.
Total of file sizes: 25.454.459 bytes 24,27 M
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
O volume na unidade D n∆o tem nome
O n£mero de sārie do volume ā 2443-2AC7

DirectĘrio de D:\WINDOWS\System32

27-10-2005 01:50 10.380 KGyGaAvL.sys
20-10-2005 15:21 <DIR> dllcache
03-06-2005 00:36 56 E7452468E4.sys
23-04-2005 16:56 <DIR> Microsoft
2 ficheiro(s) 10.436 bytes
2 Dir(s) 6.264.885.248 bytes livres
  • 0

#11
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi,

We still need to do some work !!! You still have the infection on your PC. Unfortunately SpySweeper you have installed is a trial product and the trial period will expire shortly. SpySweeper has fixed some of the bad files but not all of them.


Click Here to download TheKillbox. Extract TheKillBox.exe from the zip file.

Copy the part in bold below into notepad and save it as fix.reg
Save as type:All files (The first line in the file should be REGEDIT4)

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{DDD2D54B-FB36-4F9D-9337-2AEF82F30E7F}"=-
"{5C244236-CCEC-41DF-89A5-D045D673185D}"=-

[-HKEY_CLASSES_ROOT\CLSID\{DDD2D54B-FB36-4F9D-9337-2AEF82F30E7F}]

[-HKEY_CLASSES_ROOT\CLSID\{5C244236-CCEC-41DF-89A5-D045D673185D}]


Reboot the PC in Safe Mode.

Run Killbox. In the 'Enter Full Path and Filename to Delete' box, copy and paste these entries one by one, clicking the button that has the red circle with a white X in it, after each one:

D:\WINDOWS\SYSTEM32\avsnds.dll
D:\WINDOWS\SYSTEM32\gurad.tmp
D:\WINDOWS\SYSTEM32\dnlo01~1.dll
D:\WINDOWS\SYSTEM32\dwvx_x~1.dll
D:\WINDOWS\SYSTEM32\i424le~1.dll
D:\WINDOWS\SYSTEM32\k080la~1.dll
D:\WINDOWS\SYSTEM32\kgdsw.dll
D:\WINDOWS\SYSTEM32\krdcan.dll
D:\WINDOWS\SYSTEM32\mhxoci.dll
D:\WINDOWS\SYSTEM32\mqxml3a.dll
D:\WINDOWS\SYSTEM32\mtisam11.dll
D:\WINDOWS\SYSTEM32\n0p4la~1.dll


Click 'Exit' when done.

If the program says that the file was not found, then click try the option Delete on Reboot and then clicking on the X button.

Note: If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, download and run: http://www.javacools...ngfilesetup.exe. Then try TheKillbox again.


Dpuble click on fix.reg and let the file merge with your registry.

Run a full scan with SpySweeper again.

Reboot the PC in Normal Mode.

Post a fresh l2mfix option #1 log please.

Edited by tampabelle, 29 October 2005 - 04:22 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP