[Closed] Trojan-Spy.Win32.Banker.gka

Home Forums Contact

HijackThis Members

What the Tech? It's as easy as 1,2,3! ( Log In | Register )

What the Tech > Spyware / Malware / Virus Removal > Infections Removal

Closed Topic

Start new topic

[Closed] Trojan-Spy.Win32.Banker.gka

Caderudo View Member Profile	Jun 20 2009, 10:34 AM Post #1
New Member Group: Authentic Member Posts: 6 Joined: 20-June 09 From: Brazil Member No.: 86,345 Operating System: Windows Vista Home Premium	Dear friends, I´ve just checked the topic "[Resolved] Bancos IPA alias Trojan-Spy.Win32.Banker.gka [Kaspersk" at(http://forums.whatthetech.com/Bancos_IPA_alias_Trojan_Spy_Win32_Banker_gka_Kaspersk_t93875.html) and I got the very same problem. I´ve followed the proposed actions: 1. Cleared "Hide protected operating system files." 2. Downloaded and executed ATF Cleaner (Under Main choose: Select All / Clicked the Empty Selected button). 3. Downloaded and executed combofix (I did not have it at my pc, so i just downloaded at Desktop and double clicked to execute it) I noticed that a file "CFScript.txt" was created by LDTate, that was draged to combofix.exe. Could you please generate the CFScript txt for me? Above, the combifix.txt content: (I would like to thank you in advance for your help!!! ) ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- ComboFix 09-06-19.01 - adriano 20/06/2009 12:56.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.55.1046.18.3573.2121 [GMT -3:00] Executando de: c:\users\adriano\Desktop\ComboFix.exe SP: Windows Defender enabled (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ADS - drivers: deleted 208 bytes in 1 streams. ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-2869144217-1070373754-383600519-500 c:\$recycle.bin\S-1-5-21-2869144217-1070373754-383600519-500\desktop.ini c:\users\adriano\AppData\Local\Temp\install_flash_player.exe . (((((((((((((((( Arquivos/Ficheiros criados de 2009-05-20 to 2009-06-20 )))))))))))))))))))))))))))) . 2009-06-20 16:02 . 2009-06-20 16:02 -------- d-----w- c:\users\kelen\AppData\Local\temp 2009-06-20 16:02 . 2009-06-20 16:02 -------- d-----w- c:\users\flavia\AppData\Local\temp 2009-06-19 05:00 . 2008-12-11 11:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2009-06-19 05:00 . 2009-04-03 14:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2009-06-19 05:00 . 2008-12-18 15:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2009-06-19 04:59 . 2009-06-19 05:00 -------- d-----w- c:\program files\Common Files\PC Tools 2009-06-19 04:59 . 2008-12-10 14:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys 2009-06-19 04:59 . 2009-06-20 00:37 -------- d-----w- c:\program files\Spyware Doctor 2009-06-19 04:59 . 2009-06-19 04:59 -------- d-----w- c:\users\kelen\AppData\Roaming\PC Tools 2009-06-19 04:59 . 2009-06-19 04:59 -------- d-----w- c:\programdata\PC Tools 2009-06-19 04:45 . 2009-06-19 04:45 456304 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbE034.tmp.exe 2009-06-19 04:36 . 2009-06-19 05:17 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-06-19 04:36 . 2009-06-19 05:17 -------- d-----w- c:\program files\Norton Security Scan 2009-06-19 04:35 . 2009-06-19 04:57 -------- d-----w- c:\programdata\Google Updater 2009-06-19 04:08 . 2009-06-19 04:13 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2009-06-19 04:08 . 2009-06-19 04:08 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-06-19 03:48 . 2009-06-19 03:48 -------- d-----w- c:\users\kelen\AppData\Roaming\Roxio 2009-06-12 22:03 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll 2009-06-12 22:03 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll 2009-06-12 03:47 . 2009-06-12 03:47 -------- d-----w- c:\program files\UndeleteMyFiles 2009-06-11 01:30 . 2009-06-11 01:30 -------- d-----w- c:\users\kelen\AppData\Local\Mozilla 2009-06-11 00:36 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll 2009-06-05 03:17 . 2009-06-05 03:17 -------- d-----w- c:\program files\MSECache 2009-06-03 15:26 . 2009-06-03 15:26 24390976 ----a-w- c:\programdata\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\NokiaSoftwareUpdaterSetup_1.6.13PT_BR.exe 2009-06-03 15:26 . 2009-06-03 15:26 3351812 ----a-w- c:\programdata\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\msxml6Exec.exe 2009-06-03 15:26 . 2009-06-03 15:26 36864 ----a-w- c:\programdata\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\Sleep.exe 2009-06-03 15:26 . 2009-06-03 15:26 3181612 ----a-w- c:\programdata\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\vcredistExec.exe 2009-06-02 19:34 . 2009-06-18 17:19 -------- d-----w- c:\users\flavia\Tracing 2009-06-01 02:09 . 2009-06-01 02:09 262144 ----a-w- C:\ntuser.dat 2009-06-01 02:09 . 2009-06-01 02:09 -------- d-----w- c:\programdata\Yahoo! 2009-06-01 01:55 . 2009-06-01 01:55 -------- d-----w- c:\program files\Common Files\Scanner 2009-06-01 01:55 . 2009-06-01 01:58 -------- d-----w- c:\program files\CA Yahoo! Anti-Spy 2009-05-30 05:41 . 2009-05-30 05:41 -------- d-----w- c:\users\adriano\AppData\Local\Mozilla 2009-05-28 02:04 . 2009-05-28 02:04 -------- d-----w- c:\users\adriano\AppData\Roaming\Flickr 2009-05-28 02:04 . 2009-05-28 02:04 -------- d-----w- c:\users\adriano\AppData\Local\Flickr 2009-05-28 02:03 . 2009-05-28 02:03 -------- d-----w- c:\program files\Flickr Uploadr 2009-05-21 18:54 . 2009-06-06 05:19 -------- d-----w- c:\users\adriano\AppData\Local\WinZip 2009-05-21 18:53 . 2009-05-21 18:54 -------- d-----w- c:\programdata\WinZip . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-20 15:55 . 2009-02-18 01:05 -------- d-----w- c:\users\adriano\AppData\Roaming\DNA 2009-06-20 15:31 . 2008-01-21 05:26 634222 ----a-w- c:\windows\system32\prfh0416.dat 2009-06-20 15:31 . 2008-01-21 05:26 121888 ----a-w- c:\windows\system32\prfc0416.dat 2009-06-20 02:38 . 2008-12-19 15:46 1660 ----a-w- c:\windows\bthservsdp.dat 2009-06-16 01:50 . 2008-12-26 00:01 -------- d-----w- c:\users\adriano\AppData\Roaming\Skype 2009-06-16 01:38 . 2008-12-26 00:02 -------- d-----w- c:\users\adriano\AppData\Roaming\skypePM 2009-06-12 22:05 . 2009-01-01 23:01 -------- d-----w- c:\programdata\Microsoft Help 2009-06-12 21:44 . 2008-12-19 18:00 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-06-12 02:59 . 2009-02-18 01:06 -------- d-----w- c:\users\adriano\AppData\Roaming\BitTorrent 2009-06-11 02:21 . 2008-12-19 18:18 -------- d-----w- c:\program files\Microsoft Works 2009-06-08 23:35 . 2008-12-26 02:10 -------- d-----w- c:\users\kelen\AppData\Roaming\Yahoo! 2009-06-08 17:57 . 2009-06-08 17:57 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf 2009-06-07 15:45 . 2009-01-15 22:18 -------- d-----w- c:\program files\DivX 2009-06-07 15:44 . 2009-04-15 02:23 -------- d-----w- c:\program files\Common Files\DivX Shared 2009-06-03 15:30 . 2009-01-20 00:38 -------- d-----w- c:\programdata\Installations 2009-06-03 15:28 . 2009-01-20 00:39 -------- d-----w- c:\program files\Nokia 2009-06-03 15:27 . 2009-01-20 01:04 -------- d-----w- c:\program files\Common Files\Nokia 2009-06-03 13:51 . 2008-12-26 00:32 -------- d-----w- c:\users\adriano\AppData\Roaming\Yahoo! 2009-06-02 19:40 . 2009-01-05 12:29 -------- d-----w- c:\users\flavia\AppData\Roaming\Yahoo! 2009-06-02 19:33 . 2008-12-29 21:41 101856 ----a-w- c:\users\flavia\AppData\Local\GDIPFONTCACHEV1.DAT 2009-06-01 02:09 . 2008-12-25 16:22 -------- d-----w- c:\program files\Yahoo! 2009-06-01 02:09 . 2008-12-26 00:32 -------- d-----w- c:\programdata\Yahoo! Companion 2009-05-15 02:02 . 2009-05-15 02:02 -------- d-----w- c:\program files\Unity 2009-05-14 23:18 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-05-09 05:50 . 2009-06-11 00:37 915456 ----a-w- c:\windows\system32\wininet.dll 2009-05-09 05:34 . 2009-06-11 00:37 71680 ----a-w- c:\windows\system32\iesetup.dll 2009-05-09 02:09 . 2009-02-09 01:07 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-05-09 02:09 . 2009-02-09 01:07 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-05-09 02:09 . 2009-02-09 01:07 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-05-09 02:09 . 2009-02-09 01:07 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-05-01 21:51 . 2008-12-25 05:00 101856 ----a-w- c:\users\kelen\AppData\Local\GDIPFONTCACHEV1.DAT 2009-05-01 21:42 . 2008-12-25 16:05 101856 ----a-w- c:\users\adriano\AppData\Local\GDIPFONTCACHEV1.DAT 2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx0c.dll 2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx07.dll 2009-05-01 21:02 . 2009-05-01 21:02 815104 ----a-w- c:\windows\system32\divx_xx0a.dll 2009-05-01 21:02 . 2009-05-01 21:02 811008 ----a-w- c:\windows\system32\divx_xx16.dll 2009-05-01 21:02 . 2009-05-01 21:02 802816 ----a-w- c:\windows\system32\divx_xx11.dll 2009-05-01 21:02 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\DivX.dll 2009-04-23 12:42 . 2009-06-11 00:37 636928 ----a-w- c:\windows\system32\localspl.dll 2009-04-21 11:55 . 2009-06-11 00:37 2033152 ----a-w- c:\windows\system32\win32k.sys 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll 2008-12-19 18:02 . 2008-12-19 18:02 76 --sh--r- c:\windows\CT4CET.bin 2008-12-19 23:23 . 2008-12-19 23:21 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . Nota entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408] "BitTorrent DNA"="c:\users\adriano\Program Files\DNA\btdna.exe" [2009-02-18 321344] "googletalk"="c:\users\adriano\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-05-26 24264488] "Google Update"="c:\users\adriano\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-04-16 133104] "Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856] "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-05-04 167936] "OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-28 36864] "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 405504] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656] "DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-10-27 3563520] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-12-19 30192] "PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320] "dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-09 1947928] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2008-06-05 125208] "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856] "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-06-19 68592] "ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-12-08 1173384] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-12-19 50688] QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240] WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-5-11 525640] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "c:\program files\GbPlugin\gbiehuni.dll" [2008-11-04 396192] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2008-12-19 18:22 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll c:\windows\System32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer3"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{773AF746-145C-423A-85C8-B1A150CFC25D}"= c:\program files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect "{C5D7D5F4-FD3B-4409-B8F3-9C1DFB00FB9B}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program "{B02EF930-1E57-470B-8B6D-5D041C2A39CF}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine "{BBF96C42-904B-4425-A878-C958193D4B46}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server "{380D0500-E170-40F5-AC1C-41838E03CBF5}"= c:\program files\Skype\Phone\Skype.exe:Skype "{77225A2B-F29C-4913-A5B6-D62FA33ABEC9}"= TCP:6004\|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{6C4AFC4D-902A-41D7-81CC-8CC971E158A5}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{E5497C45-169F-445F-A5D8-D74C2E20D249}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{F4A32F14-17BA-4FF4-9C48-1482F09043F6}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{7165BA5D-BB34-404F-9905-68558D47CE9F}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "TCP Query User{DCAD8096-C4FA-48F6-9F45-9FF1AEFBC220}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process "UDP Query User{08141B50-F959-440B-B1A3-03ED78461004}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process "TCP Query User{F7701ABA-C77A-496F-8C28-5248A976876F}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater "UDP Query User{E6573D1F-D6EF-46C3-AE80-E1D409CC578D}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater "TCP Query User{C723B025-4B54-44CE-B893-5BC2F6AEE908}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process "UDP Query User{C0FE67A4-CE07-4D54-B399-B51E6112E4F2}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process "TCP Query User{E1077BC1-C6FA-47D7-AB19-66505CAF444B}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater "UDP Query User{540E61FE-500B-4526-A5A2-DB50BC1F9015}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater "{0A250C5D-FAA2-42DC-98A8-E5A8FF20DBF7}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe "{DA13687D-D0E8-4132-8CD0-B74D1DCE72F0}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe "{95D206CB-EDCF-4B6A-8808-60C6B9F6083E}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe "{39C769ED-4B55-41C1-8CD1-2B7F7576390A}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In) "{33CE1F2E-4DFA-4190-807F-C3713025FC03}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In) "TCP Query User{D49A89B4-352E-44C1-A6AA-5797E106FE59}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent "UDP Query User{A358433E-CDE9-42DF-BAC6-1C03B86F7873}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent "TCP Query User{91069196-3B8A-47F7-8943-5DF5800E846A}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent "UDP Query User{6825808F-F97B-45B4-A0E6-2C442FA4BB1E}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent "TCP Query User{46EA7947-894A-4FC1-B25A-1378574B7595}c:\\program files\\java\\jre6\\bin\\javaw.exe"= UDP:c:\program files\java\jre6\bin\javaw.exe:Java™ Platform SE binary "UDP Query User{FE185843-306E-4DE6-B7A4-35901C1D9B5F}c:\\program files\\java\\jre6\\bin\\javaw.exe"= TCP:c:\program files\java\jre6\bin\javaw.exe:Java™ Platform SE binary "TCP Query User{7A02F47D-3C65-48CA-8917-506760DCB014}c:\\program files\\java\\jre6\\bin\\javaw.exe"= UDP:c:\program files\java\jre6\bin\javaw.exe:Java™ Platform SE binary "UDP Query User{CFC07E7C-577E-48F8-992A-9E902E3EC495}c:\\program files\\java\\jre6\\bin\\javaw.exe"= TCP:c:\program files\java\jre6\bin\javaw.exe:Java™ Platform SE binary "TCP Query User{059A12F5-B36C-4DD8-BF3F-DFC4FD845A32}c:\\program files\\oneeko\\oneeko.exe"= UDP:c:\program files\oneeko\oneeko.exe:ONEEKO "UDP Query User{92982878-84B4-441E-BAA3-044A9A8652F7}c:\\program files\\oneeko\\oneeko.exe"= TCP:c:\program files\oneeko\oneeko.exe:ONEEKO "TCP Query User{B3A516B5-63E9-41D5-8493-BC9564DF299E}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{ADECA9D6-A705-49F2-B646-CD166D01120C}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "DoNotAllowExceptions"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe::Enabled:BitTorrent R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [19/06/2009 02:00 130936] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [08/02/2009 22:07 325896] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [08/02/2009 22:07 108552] R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [19/12/2008 12:45 73728] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [08/02/2009 22:06 908568] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [08/02/2009 22:06 298776] R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [19/06/2009 01:59 348752] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\System32\drivers\IntcHdmi.sys [19/12/2008 20:39 111616] R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\System32\drivers\OEM02Dev.sys [10/10/2007 16:03 235648] R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\System32\drivers\OEM02Vfx.sys [19/12/2008 20:39 7424] S2 scpVista;scpVista;c:\program files\Scpad\scpVista.exe [15/02/2009 19:41 136448] S3 GoogleDesktopManager-092308-165331;Gerenciador do Google Desktop 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [19/12/2008 15:14 30192] S4 PS3 Media Server;PS3 Media Server;c:\program files\PS3 Media Server\win32\service\wrapper.exe [17/08/2008 05:40 217088] --- =Outros Serviços/Drivers Na Memória --- Deregistered* - mchInjDrv [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12 . Conteúdo da pasta 'Tarefas Agendadas' 2009-06-20 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-19 04:35] 2009-06-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2869144217-1070373754-383600519-1001.job - c:\users\adriano\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-16 02:48] 2009-06-19 c:\windows\Tasks\Norton Security Scan for kelen.job - c:\program files\Norton Security Scan\Nss.exe [2008-09-19 23:20] . . ------- Scan Suplementar ------- . uStart Page = hxxp://br.yahoo.com/?fr=fp-yie8 IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Enviar imagem para Dispositivo &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Enviar página para Dispositivo &Bluetooth ... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm LSP: c:\windows\system32\wpclsp.dll FF - ProfilePath - c:\users\adriano\AppData\Roaming\Mozilla\Firefox\Profiles\fn6il6mb.default\ FF - prefs.js: browser.search.defaulturl - hxxp://cade.search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p= FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://br.yahoo.com/?fr=fp-yie8 FF - prefs.js: keyword.URL - hxxp://cade.search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p= FF - plugin: c:\program files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: c:\users\adriano\AppData\Local\Google\Update\1.2.145.5\npGoogleOneClick8.dll FF - plugin: c:\users\adriano\Program Files\DNA\plugins\npbtdna.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-20 13:03 Windows 6.0.6001 Service Pack 1 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************ . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'lsass.exe'(700) c:\program files\Scpad\scpLIB.dll c:\program files\Scpad\scpMIB.dll c:\program files\Scpad\sshib.dll . Tempo para conclusão: 2009-06-20 13:05 ComboFix-quarantined-files.txt 2009-06-20 16:05 Pré-execução: 40.432.459.776 bytes disponíveis Pós execução: 40.785.211.392 bytes disponíveis 292 --- E O F --- 2009-06-18 20:47

Tomk View Member Profile	Jun 23 2009, 09:09 PM Post #2
Forum God Group: Classroom Teacher Posts: 11,227 Joined: 27-December 07 From: Sisters, OR Member No.: 75,503 Operating System: xp	Hi Caderudo, My name is Tomk. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research, so please be patient and I'd be grateful if you would note the following: I will be working on your Malware issues, this may or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for the issues on this machine. Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear. It's often worth reading through these instructions and printing them for ease of reference. If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry. Please reply to this thread. Do not start a new topic. It is a really bad idea to use a fix for someone elses computer. Your infection is not the same as the one you were following. It is posted about 100 places around the forum to not run ComboFix unless you are specifically instructed to by a helper. That being said, let's see what we can do now. BitTorrent You have BitTorrent, a P2P/file sharing programs installed on your computer. P2P applications like it are the largest source of malware we see. You'll be doing yourself a favor by removing it. References for the risk of these programs can be found in these links: http://www.microsoft.com/windows/ie/commun...protection.mspx http://www.techweb.com/wire/160500554 [url=http://www.internetworldstats.com/articles/art053.htm]http://www.internetworldstats.com/articles/art053.htm://http://www.techweb.com/wire/1605005...cles/art053.htm I would recommend that you uninstall BitTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs. If you wish to keep it, please do not use it until your computer is cleaned. Download Rooter.exe to your desktop Then doubleclick it to start the tool A Notepad file containing the report will open, also found at %systemdrive%\Rooter.txt. Post that here COMBOFIX-Script Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below: CODE File:: c:\programdata\Google\Google Toolbar\Update\gtbE034.tmp.exe c:\program files\GbPlugin\gbiehuni.dll Registry:: [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{E37CB5F0-51F5-4395-A808-5FA49E399008}"=- Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop. Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal. When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply. CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Caderudo View Member Profile	Jun 28 2009, 09:04 PM Post #3
New Member Group: Authentic Member Posts: 6 Joined: 20-June 09 From: Brazil Member No.: 86,345 Operating System: Windows Vista Home Premium	Dear Tomk, First of all, thank you for your support. I did exactly as you resquested. Follow the root.exe log: --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Rooter.exe (v1.0.2) by Eric_71 . SeDebugPrivilege granted successfully ... . Windows Vista Home Edition (6.0.6001) Service Pack 1 [32_bits] - x86 Family 6 Model 15 Stepping 13, GenuineIntel . [wscsvc] (Security Center) RUNNING (state:4) [MpsSvc] RUNNING (state:4) Windows Firewall -> Enabled Windows Defender -> Enabled User Account Control (UAC) -> Enabled . Internet Explorer 8.0.6001.18702 Mozilla Firefox 3.0.10 (pt-BR) . C:\ [Fixed-NTFS] .. ( Total:136 Go - Free:38 Go ) D:\ [Fixed-NTFS] .. ( Total:9 Go - Free:4 Go ) E:\ [CD_Rom] . Scan : 23:42.42 Path : C:\Users\adriano\Desktop\Rooter.exe User : adriano ( Administrator -> YES ) . ----------------------\\ Processes . Locked [System Process] (0) Locked System (4) ______ \SystemRoot\System32\smss.exe (456) ______ C:\Windows\system32\csrss.exe (524) ______ C:\Windows\system32\wininit.exe (568) ______ C:\Windows\system32\csrss.exe (576) ______ C:\Windows\system32\services.exe (612) ______ C:\Windows\system32\lsass.exe (628) ______ C:\Windows\system32\lsm.exe (636) ______ C:\Windows\system32\winlogon.exe (704) ______ C:\Windows\system32\svchost.exe (836) ______ C:\Windows\system32\svchost.exe (896) ______ C:\Windows\System32\svchost.exe (952) ______ C:\Windows\System32\svchost.exe (1024) ______ C:\Windows\System32\svchost.exe (1080) ______ C:\Windows\system32\svchost.exe (1104) Locked audiodg.exe (1204) ______ C:\Windows\system32\svchost.exe (1232) ______ C:\Windows\system32\SLsvc.exe (1252) ______ C:\Windows\system32\svchost.exe (1296) ______ C:\Windows\system32\svchost.exe (1472) ______ C:\Windows\System32\WLTRYSVC.EXE (1616) ______ C:\Windows\system32\WLANExt.exe (1624) ______ C:\Windows\System32\bcmwltry.exe (1644) ______ C:\Windows\System32\spoolsv.exe (1768) ______ C:\Windows\system32\svchost.exe (1792) ______ C:\Windows\system32\aestsrv.exe (2044) ______ C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (332) ______ C:\Windows\system32\svchost.exe (376) ______ C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (468) ______ C:\Windows\system32\svchost.exe (564) ______ C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (1140) ______ C:\Windows\system32\STacSV.exe (2072) ______ C:\PROGRA~1\AVG\AVG8\avgrsx.exe (2148) ______ C:\PROGRA~1\AVG\AVG8\avgnsx.exe (2160) ______ C:\Windows\system32\svchost.exe (2328) ______ C:\Windows\System32\svchost.exe (2360) ______ C:\Windows\system32\SearchIndexer.exe (2388) ______ C:\Windows\system32\DRIVERS\xaudio.exe (2464) ______ C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (2496) ______ C:\PROGRA~1\AVG\AVG8\avgemc.exe (2536) ______ C:\Program Files\AVG\AVG8\avgcsrvx.exe (2720) ______ C:\Windows\system32\taskeng.exe (3044) ______ C:\Windows\system32\Dwm.exe (3360) ______ C:\Windows\system32\taskeng.exe (3372) ______ C:\Program Files\DellTPad\Apoint.exe (3680) ______ C:\Windows\OEM02Mon.exe (3696) ______ C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (3712) ______ C:\Windows\System32\hkcmd.exe (3796) ______ C:\Windows\System32\igfxpers.exe (3804) ______ C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (3836) ______ C:\Windows\System32\WLTRAY.EXE (3848) ______ C:\Program Files\Dell\MediaDirect\PCMService.exe (3904) ______ C:\Program Files\Dell Support Center\bin\sprtcmd.exe (3912) ______ C:\Windows\system32\igfxsrvc.exe (3920) ______ C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (3928) ______ C:\Program Files\Java\jre6\bin\jusched.exe (3956) ______ C:\Program Files\Yahoo!\Common\YMailAdvisor.exe (3972) ______ C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (4028) ______ C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (2524) ______ C:\Program Files\DellTPad\ApMsgFwd.exe (1328) ______ C:\Windows\ehome\ehtray.exe (320) ______ C:\Program Files\DellTPad\HidFind.exe (3084) ______ C:\Program Files\DellTPad\Apntex.exe (1408) ______ C:\Users\adriano\Program Files\DNA\btdna.exe (2788) ______ C:\Users\adriano\AppData\Local\Google\Update\GoogleUpdate.exe (3292) ______ C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (3768) ______ C:\Program Files\Digital Line Detect\DLG.exe (1036) ______ C:\Program Files\Dell\QuickSet\quickset.exe (1088) ______ C:\Program Files\WinZip\WZQKPICK.EXE (980) ______ C:\Windows\ehome\ehmsas.exe (3900) ______ C:\Windows\system32\wbem\wmiprvse.exe (1044) ______ c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe (672) ______ C:\Program Files\Windows Media Player\wmpnscfg.exe (5264) ______ C:\Program Files\Windows Media Player\wmpnetwk.exe (5384) ______ C:\Program Files\Dell Support Center\bin\sprtsvc.exe (4308) ______ ?? (2384) ______ C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe (340) ______ C:\Windows\system32\conime.exe (3176) ______ C:\Windows\System32\svchost.exe (5228) ______ C:\Windows\Explorer.exe (4660) ______ C:\Windows\system32\SearchProtocolHost.exe (6032) ______ C:\Windows\system32\SearchFilterHost.exe (5960) ______ C:\Windows\system32\DllHost.exe (504) ______ C:\Windows\system32\DllHost.exe (928) ______ C:\Users\adriano\Desktop\Rooter.exe (4568) . ----------------------\\ Device\Harddisk0\ . \Device\Harddisk0 [Sectors : 63 x 512 Bytes] . \Device\Harddisk0\Partition1 (Start_Offset:32256 \| Length:82220544) \Device\Harddisk0\Partition2 (Start_Offset:82837504 \| Length:10737418240) \Device\Harddisk0\Partition3 --[ MBR ]-- (Start_Offset:10820255744 \| Length:146535346176) \Device\Harddisk0\Partition0 (Start_Offset:157355606016 \| Length:2684354560) \Device\Harddisk0\Partition4 (Start_Offset:157356654592 \| Length:2683305984) . ----------------------\\ Scheduled Tasks . C:\Windows\Tasks\Google Software Updater.job C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2869144217-1070373754-383600519-1001.job C:\Windows\Tasks\Norton Security Scan for kelen.job C:\Windows\Tasks\SA.DAT C:\Windows\Tasks\SCHEDLGU.TXT . ----------------------\\ Registry . . ----------------------\\ Files & Folders . C:\Users\adriano\Documents\softwares\garmin\City Navigator Brazil v4 NT[1]\City Navigator Brazil v4 NT\keygen.exe ==> Cracks & Keygens <== . ----------------------\\ Scan completed at 23:42.45 . C:\Rooter$\Rooter_5.txt - (28/06/2009 \| 23:42.45).c --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- And now, the combofix log: ComboFix 09-06-26.02 - adriano 28/06/2009 23:48.4 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.55.1046.18.3573.2092 [GMT -3:00] Executando de: c:\users\adriano\Desktop\ComboFix.exe Comandos utilizados :: c:\users\adriano\Desktop\CFScript.txt SP: Windows Defender enabled (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} FILE :: "c:\program files\GbPlugin\gbiehuni.dll" "c:\programdata\Google\Google Toolbar\Update\gtbE034.tmp.exe" . (((((((((((((((( Arquivos/Ficheiros criados de 2009-05-28 to 2009-06-29 )))))))))))))))))))))))))))) . 2009-06-29 02:52 . 2009-06-29 02:52 -------- d-----w- c:\users\kelen\AppData\Local\temp 2009-06-29 02:52 . 2009-06-29 02:52 -------- d-----w- c:\users\flavia\AppData\Local\temp 2009-06-29 02:23 . 2009-06-29 02:42 -------- d-----w- C:\Rooter$ 2009-06-22 01:39 . 2009-06-25 01:28 -------- d-----w- c:\users\adriano\AppData\Local\Adobe 2009-06-20 23:49 . 2009-06-20 23:49 -------- d-----w- C:\temp 2009-06-19 05:00 . 2008-12-11 11:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2009-06-19 05:00 . 2009-04-03 14:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2009-06-19 05:00 . 2008-12-18 15:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2009-06-19 04:59 . 2009-06-19 05:00 -------- d-----w- c:\program files\Common Files\PC Tools 2009-06-19 04:59 . 2008-12-10 14:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys 2009-06-19 04:59 . 2009-06-24 21:44 -------- d-----w- c:\program files\Spyware Doctor 2009-06-19 04:59 . 2009-06-19 04:59 -------- d-----w- c:\users\kelen\AppData\Roaming\PC Tools 2009-06-19 04:59 . 2009-06-19 04:59 -------- d-----w- c:\programdata\PC Tools 2009-06-19 04:36 . 2009-06-19 05:17 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-06-19 04:36 . 2009-06-19 05:17 -------- d-----w- c:\program files\Norton Security Scan 2009-06-19 04:35 . 2009-06-19 04:57 -------- d-----w- c:\programdata\Google Updater 2009-06-19 04:08 . 2009-06-19 04:13 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2009-06-19 04:08 . 2009-06-19 04:08 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-06-19 03:48 . 2009-06-19 03:48 -------- d-----w- c:\users\kelen\AppData\Roaming\Roxio 2009-06-12 22:03 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll 2009-06-12 22:03 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll 2009-06-12 03:47 . 2009-06-12 03:47 -------- d-----w- c:\program files\UndeleteMyFiles 2009-06-11 01:30 . 2009-06-11 01:30 -------- d-----w- c:\users\kelen\AppData\Local\Mozilla 2009-06-11 00:36 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll 2009-06-05 03:17 . 2009-06-05 03:17 -------- d-----w- c:\program files\MSECache 2009-06-03 15:26 . 2009-06-03 15:26 24390976 ----a-w- c:\programdata\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\NokiaSoftwareUpdaterSetup_1.6.13PT_BR.exe 2009-06-03 15:26 . 2009-06-03 15:26 3351812 ----a-w- c:\programdata\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\msxml6Exec.exe 2009-06-03 15:26 . 2009-06-03 15:26 36864 ----a-w- c:\programdata\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\Sleep.exe 2009-06-03 15:26 . 2009-06-03 15:26 3181612 ----a-w- c:\programdata\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\vcredistExec.exe 2009-06-02 19:34 . 2009-06-26 23:35 -------- d-----w- c:\users\flavia\Tracing 2009-06-01 02:09 . 2009-06-01 02:09 262144 ----a-w- C:\ntuser.dat 2009-06-01 02:09 . 2009-06-01 02:09 -------- d-----w- c:\programdata\Yahoo! 2009-06-01 01:55 . 2009-06-01 01:55 -------- d-----w- c:\program files\Common Files\Scanner 2009-06-01 01:55 . 2009-06-01 01:58 -------- d-----w- c:\program files\CA Yahoo! Anti-Spy 2009-05-30 05:41 . 2009-05-30 05:41 -------- d-----w- c:\users\adriano\AppData\Local\Mozilla . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-29 02:50 . 2009-02-18 01:05 -------- d-----w- c:\users\adriano\AppData\Roaming\DNA 2009-06-29 02:34 . 2009-01-15 17:50 -------- d-----w- c:\program files\GbPlugin 2009-06-29 00:05 . 2008-01-21 05:26 634222 ----a-w- c:\windows\system32\prfh0416.dat 2009-06-29 00:05 . 2008-01-21 05:26 121888 ----a-w- c:\windows\system32\prfc0416.dat 2009-06-28 20:23 . 2008-12-19 15:46 1660 ----a-w- c:\windows\bthservsdp.dat 2009-06-28 19:25 . 2009-01-24 20:48 -------- d-----w- c:\programdata\DVD Shrink 2009-06-25 18:51 . 2009-02-09 01:07 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-06-25 18:51 . 2009-02-09 01:07 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-06-25 18:51 . 2009-02-09 01:07 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-06-25 04:08 . 2009-02-03 01:30 -------- d-----w- c:\program files\Microsoft 2009-06-24 21:17 . 2009-01-20 00:39 -------- d-----w- c:\program files\Nokia 2009-06-22 06:48 . 2009-02-18 01:06 -------- d-----w- c:\users\adriano\AppData\Roaming\BitTorrent 2009-06-22 02:11 . 2008-12-26 00:38 -------- d-----w- c:\programdata\Roxio 2009-06-16 01:50 . 2008-12-26 00:01 -------- d-----w- c:\users\adriano\AppData\Roaming\Skype 2009-06-16 01:38 . 2008-12-26 00:02 -------- d-----w- c:\users\adriano\AppData\Roaming\skypePM 2009-06-12 22:05 . 2009-01-01 23:01 -------- d-----w- c:\programdata\Microsoft Help 2009-06-12 21:44 . 2008-12-19 18:00 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-06-11 02:21 . 2008-12-19 18:18 -------- d-----w- c:\program files\Microsoft Works 2009-06-08 23:35 . 2008-12-26 02:10 -------- d-----w- c:\users\kelen\AppData\Roaming\Yahoo! 2009-06-08 17:57 . 2009-06-08 17:57 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf 2009-06-07 15:45 . 2009-01-15 22:18 -------- d-----w- c:\program files\DivX 2009-06-07 15:44 . 2009-04-15 02:23 -------- d-----w- c:\program files\Common Files\DivX Shared 2009-06-03 15:30 . 2009-01-20 00:38 -------- d-----w- c:\programdata\Installations 2009-06-03 15:27 . 2009-01-20 01:04 -------- d-----w- c:\program files\Common Files\Nokia 2009-06-03 13:51 . 2008-12-26 00:32 -------- d-----w- c:\users\adriano\AppData\Roaming\Yahoo! 2009-06-02 19:40 . 2009-01-05 12:29 -------- d-----w- c:\users\flavia\AppData\Roaming\Yahoo! 2009-06-02 19:33 . 2008-12-29 21:41 101856 ----a-w- c:\users\flavia\AppData\Local\GDIPFONTCACHEV1.DAT 2009-06-01 02:09 . 2008-12-25 16:22 -------- d-----w- c:\program files\Yahoo! 2009-06-01 02:09 . 2008-12-26 00:32 -------- d-----w- c:\programdata\Yahoo! Companion 2009-05-28 02:04 . 2009-05-28 02:04 -------- d-----w- c:\users\adriano\AppData\Roaming\Flickr 2009-05-28 02:03 . 2009-05-28 02:03 -------- d-----w- c:\program files\Flickr Uploadr 2009-05-21 18:54 . 2009-05-21 18:53 -------- d-----w- c:\programdata\WinZip 2009-05-15 02:02 . 2009-05-15 02:02 -------- d-----w- c:\program files\Unity 2009-05-14 23:18 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-05-09 05:50 . 2009-06-11 00:37 915456 ----a-w- c:\windows\system32\wininet.dll 2009-05-09 05:34 . 2009-06-11 00:37 71680 ----a-w- c:\windows\system32\iesetup.dll 2009-05-09 02:09 . 2009-02-09 01:07 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-05-01 21:51 . 2008-12-25 05:00 101856 ----a-w- c:\users\kelen\AppData\Local\GDIPFONTCACHEV1.DAT 2009-05-01 21:42 . 2008-12-25 16:05 101856 ----a-w- c:\users\adriano\AppData\Local\GDIPFONTCACHEV1.DAT 2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx0c.dll 2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx07.dll 2009-05-01 21:02 . 2009-05-01 21:02 815104 ----a-w- c:\windows\system32\divx_xx0a.dll 2009-05-01 21:02 . 2009-05-01 21:02 811008 ----a-w- c:\windows\system32\divx_xx16.dll 2009-05-01 21:02 . 2009-05-01 21:02 802816 ----a-w- c:\windows\system32\divx_xx11.dll 2009-05-01 21:02 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\DivX.dll 2009-04-23 12:42 . 2009-06-11 00:37 636928 ----a-w- c:\windows\system32\localspl.dll 2009-04-21 11:55 . 2009-06-11 00:37 2033152 ----a-w- c:\windows\system32\win32k.sys 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll 2008-12-19 18:02 . 2008-12-19 18:02 76 --sh--r- c:\windows\CT4CET.bin 2008-12-19 23:23 . 2008-12-19 23:21 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . ((((((((((((((((((((((((((((( SnapShot@2009-06-20_16.03.26 ))))))))))))))))))))))))))))))))))))))))) . + 2008-12-25 04:58 . 2009-06-23 22:43 62594 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin + 2008-01-21 01:58 . 2009-06-29 00:01 61144 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2006-11-02 13:05 . 2009-06-29 00:01 83522 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2008-12-25 05:03 . 2009-06-20 15:46 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-12-25 05:03 . 2009-06-29 02:45 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2008-12-25 05:03 . 2009-06-20 15:46 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-12-25 05:03 . 2009-06-29 02:45 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-12-25 05:03 . 2009-06-29 02:45 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2008-12-25 05:03 . 2009-06-20 15:46 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-02-28 05:10 . 2009-06-12 15:57 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-02-28 05:10 . 2009-06-22 03:13 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-02-28 05:10 . 2009-06-12 15:57 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-02-28 05:10 . 2009-06-22 03:13 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-02-28 05:10 . 2009-06-22 03:13 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-02-28 05:10 . 2009-06-12 15:57 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-02-28 03:15 . 2009-06-12 16:37 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-02-28 03:15 . 2009-06-26 17:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-02-28 03:15 . 2009-06-26 17:03 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-02-28 03:15 . 2009-06-12 16:37 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-02-28 03:15 . 2009-06-26 17:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-02-28 03:15 . 2009-06-12 16:37 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2006-11-02 10:25 . 2009-06-03 15:35 51200 c:\windows\inf\infpub.dat + 2006-11-02 10:25 . 2009-06-25 01:42 51200 c:\windows\inf\infpub.dat + 2008-12-29 21:43 . 2009-06-26 16:56 4530 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2869144217-1070373754-383600519-1002_UserData.bin + 2008-12-26 00:31 . 2009-06-29 00:01 8030 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2869144217-1070373754-383600519-1001_UserData.bin + 2008-12-25 05:01 . 2009-06-28 15:24 6770 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2869144217-1070373754-383600519-1000_UserData.bin + 2009-03-19 16:48 . 2009-03-19 16:48 8320 c:\windows\System32\drivers\nmwcdnsuc.sys + 2009-06-28 23:59 . 2009-06-28 23:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2009-06-20 15:24 . 2009-06-20 15:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2009-06-20 15:24 . 2009-06-20 15:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2009-06-28 23:59 . 2009-06-28 23:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2009-06-23 21:11 . 2009-05-30 13:15 102912 c:\windows\winsxs\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.6001.22883_none_840ec88560132cdf\iecompat.dll + 2009-06-23 21:11 . 2009-06-02 03:27 102912 c:\windows\winsxs\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.6001.18793_none_837a5bce46fda906\iecompat.dll + 2006-11-02 10:33 . 2009-06-29 00:05 587178 c:\windows\System32\perfh009.dat - 2006-11-02 10:33 . 2009-06-20 15:31 587178 c:\windows\System32\perfh009.dat - 2006-11-02 10:33 . 2009-06-20 15:31 101250 c:\windows\System32\perfc009.dat + 2006-11-02 10:33 . 2009-06-29 00:05 101250 c:\windows\System32\perfc009.dat + 2009-03-19 16:48 . 2009-03-19 16:48 136704 c:\windows\System32\drivers\nmwcdnsu.sys + 2009-04-19 03:27 . 2009-06-25 01:31 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat - 2009-04-19 03:27 . 2009-06-11 03:11 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat - 2006-11-02 10:25 . 2009-06-03 15:35 143360 c:\windows\inf\infstrng.dat + 2006-11-02 10:25 . 2009-06-25 01:42 143360 c:\windows\inf\infstrng.dat + 2009-06-12 22:00 . 2009-06-23 21:10 5032120 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin - 2006-11-02 10:22 . 2009-06-12 22:14 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT + 2006-11-02 10:22 . 2009-06-24 11:36 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . Nota entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408] "BitTorrent DNA"="c:\users\adriano\Program Files\DNA\btdna.exe" [2009-02-18 321344] "googletalk"="c:\users\adriano\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-05-26 24264488] "Google Update"="c:\users\adriano\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-04-16 133104] "Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856] "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-05-04 167936] "OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-28 36864] "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 405504] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656] "DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-10-27 3563520] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-12-19 30192] "PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320] "dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-25 1948440] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2008-06-05 125208] "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856] "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-06-19 68592] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-12-19 50688] QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240] WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-5-11 525640] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2008-12-19 18:22 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll c:\windows\System32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer3"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{773AF746-145C-423A-85C8-B1A150CFC25D}"= c:\program files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect "{C5D7D5F4-FD3B-4409-B8F3-9C1DFB00FB9B}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program "{B02EF930-1E57-470B-8B6D-5D041C2A39CF}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine "{BBF96C42-904B-4425-A878-C958193D4B46}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server "{380D0500-E170-40F5-AC1C-41838E03CBF5}"= c:\program files\Skype\Phone\Skype.exe:Skype "{77225A2B-F29C-4913-A5B6-D62FA33ABEC9}"= TCP:6004\|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{6C4AFC4D-902A-41D7-81CC-8CC971E158A5}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{E5497C45-169F-445F-A5D8-D74C2E20D249}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{F4A32F14-17BA-4FF4-9C48-1482F09043F6}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{7165BA5D-BB34-404F-9905-68558D47CE9F}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "TCP Query User{DCAD8096-C4FA-48F6-9F45-9FF1AEFBC220}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process "UDP Query User{08141B50-F959-440B-B1A3-03ED78461004}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process "TCP Query User{F7701ABA-C77A-496F-8C28-5248A976876F}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater "UDP Query User{E6573D1F-D6EF-46C3-AE80-E1D409CC578D}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater "TCP Query User{C723B025-4B54-44CE-B893-5BC2F6AEE908}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process "UDP Query User{C0FE67A4-CE07-4D54-B399-B51E6112E4F2}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process "TCP Query User{E1077BC1-C6FA-47D7-AB19-66505CAF444B}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater "UDP Query User{540E61FE-500B-4526-A5A2-DB50BC1F9015}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater "{0A250C5D-FAA2-42DC-98A8-E5A8FF20DBF7}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe "{DA13687D-D0E8-4132-8CD0-B74D1DCE72F0}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe "{95D206CB-EDCF-4B6A-8808-60C6B9F6083E}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe "{39C769ED-4B55-41C1-8CD1-2B7F7576390A}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In) "{33CE1F2E-4DFA-4190-807F-C3713025FC03}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In) "TCP Query User{D49A89B4-352E-44C1-A6AA-5797E106FE59}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent "UDP Query User{A358433E-CDE9-42DF-BAC6-1C03B86F7873}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent "TCP Query User{91069196-3B8A-47F7-8943-5DF5800E846A}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent "UDP Query User{6825808F-F97B-45B4-A0E6-2C442FA4BB1E}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent "TCP Query User{46EA7947-894A-4FC1-B25A-1378574B7595}c:\\program files\\java\\jre6\\bin\\javaw.exe"= UDP:c:\program files\java\jre6\bin\javaw.exe:Java™ Platform SE binary "UDP Query User{FE185843-306E-4DE6-B7A4-35901C1D9B5F}c:\\program files\\java\\jre6\\bin\\javaw.exe"= TCP:c:\program files\java\jre6\bin\javaw.exe:Java™ Platform SE binary "TCP Query User{7A02F47D-3C65-48CA-8917-506760DCB014}c:\\program files\\java\\jre6\\bin\\javaw.exe"= UDP:c:\program files\java\jre6\bin\javaw.exe:Java™ Platform SE binary "UDP Query User{CFC07E7C-577E-48F8-992A-9E902E3EC495}c:\\program files\\java\\jre6\\bin\\javaw.exe"= TCP:c:\program files\java\jre6\bin\javaw.exe:Java™ Platform SE binary "TCP Query User{059A12F5-B36C-4DD8-BF3F-DFC4FD845A32}c:\\program files\\oneeko\\oneeko.exe"= UDP:c:\program files\oneeko\oneeko.exe:ONEEKO "UDP Query User{92982878-84B4-441E-BAA3-044A9A8652F7}c:\\program files\\oneeko\\oneeko.exe"= TCP:c:\program files\oneeko\oneeko.exe:ONEEKO "TCP Query User{B3A516B5-63E9-41D5-8493-BC9564DF299E}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{ADECA9D6-A705-49F2-B646-CD166D01120C}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "DoNotAllowExceptions"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe::Enabled:BitTorrent R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [19/06/2009 02:00 130936] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [08/02/2009 22:07 327688] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [08/02/2009 22:07 108552] R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [19/12/2008 12:45 73728] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [08/02/2009 22:06 906520] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [08/02/2009 22:06 298776] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\System32\drivers\IntcHdmi.sys [19/12/2008 20:39 111616] R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\System32\drivers\OEM02Dev.sys [10/10/2007 16:03 235648] R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\System32\drivers\OEM02Vfx.sys [19/12/2008 20:39 7424] S2 scpVista;scpVista;c:\program files\Scpad\scpVista.exe [15/02/2009 19:41 136448] S3 GoogleDesktopManager-092308-165331;Gerenciador do Google Desktop 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [19/12/2008 15:14 30192] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\System32\drivers\nmwcdnsu.sys [19/03/2009 13:48 136704] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\System32\drivers\nmwcdnsuc.sys [19/03/2009 13:48 8320] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [19/06/2009 01:59 348752] S4 PS3 Media Server;PS3 Media Server;c:\program files\PS3 Media Server\win32\service\wrapper.exe [17/08/2008 05:40 217088] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12 . Conteúdo da pasta 'Tarefas Agendadas' 2009-06-29 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-19 04:35] 2009-06-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2869144217-1070373754-383600519-1001.job - c:\users\adriano\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-16 02:48] 2009-06-26 c:\windows\Tasks\Norton Security Scan for kelen.job - c:\program files\Norton Security Scan\Nss.exe [2008-09-19 23:20] . . ------- Scan Suplementar ------- . uStart Page = hxxp://br.yahoo.com/?fr=fp-yie8 IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Enviar imagem para Dispositivo &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Enviar página para Dispositivo &Bluetooth ... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm LSP: c:\windows\system32\wpclsp.dll FF - ProfilePath - c:\users\adriano\AppData\Roaming\Mozilla\Firefox\Profiles\fn6il6mb.default\ FF - prefs.js: browser.search.defaulturl - hxxp://cade.search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p= FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://br.yahoo.com/?fr=fp-yie8 FF - prefs.js: keyword.URL - hxxp://cade.search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p= FF - plugin: c:\program files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: c:\users\adriano\AppData\Local\Google\Update\1.2.145.5\npGoogleOneClick8.dll FF - plugin: c:\users\adriano\Program Files\DNA\plugins\npbtdna.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); . *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-28 23:52 Windows 6.0.6001 Service Pack 1 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************ . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'lsass.exe'(628) c:\program files\Scpad\scpLIB.dll c:\program files\Scpad\scpMIB.dll c:\program files\Scpad\sshib.dll - - - - - - - > 'Explorer.exe'(3212) c:\program files\Scpad\scpLIB.dll c:\program files\Scpad\scpMIB.dll c:\program files\Scpad\sshib.dll c:\program files\Scpad\scpsssh2.dll c:\windows\system32\BtwNamespaceExt.dll c:\windows\system32\BtwNeLib.dll c:\windows\system32\btwapi.dll c:\windows\system32\btosif.dll c:\windows\system32\btwpimif.dll c:\windows\system32\btrez.dll c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_por-br.nlr c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr . Tempo para conclusão: 2009-06-29 23:54 ComboFix-quarantined-files.txt 2009-06-29 02:54 ComboFix2.txt 2009-06-29 02:36 Pré-execução: 41.587.822.592 bytes disponíveis Pós execução: 41.556.348.928 bytes disponíveis Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4 360 --- E O F --- 2009-06-25 18:51

Tomk View Member Profile	Jun 28 2009, 10:00 PM Post #4
Forum God Group: Classroom Teacher Posts: 11,227 Joined: 27-December 07 From: Sisters, OR Member No.: 75,503 Operating System: xp	Caderudo, COMBOFIX-Script Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below: CODE File:: C:\Users\adriano\Documents\softwares\garmin\City Navigator Brazil v4 NT[1]\City Navigator Brazil v4 NT\keygen.exe Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop. Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal. When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply. Please go to Kaspersky website and perform an online antivirus scan. Read through the requirements and privacy statement and click on Accept button. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run. When the downloads have finished, click on Settings. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs Archives Mail databases Click on My Computer under Scan. Once the scan is complete, it will display the results. Click on View Scan Report. You will see a list of infected items there. Click on Save Report As.... Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Please post this log in your next reply. CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Caderudo View Member Profile	Jul 1 2009, 08:30 PM Post #5
New Member Group: Authentic Member Posts: 6 Joined: 20-June 09 From: Brazil Member No.: 86,345 Operating System: Windows Vista Home Premium	Dear Tomk, Follows the Combofix log: ComboFix 09-06-26.02 - adriano 01/07/2009 23:11.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.55.1046.18.3573.2232 [GMT -3:00] Executando de: c:\users\adriano\Desktop\ComboFix.exe Comandos utilizados :: c:\users\adriano\Desktop\CFScript.txt SP: Windows Defender enabled (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((( Arquivos/Ficheiros criados de 2009-06-02 to 2009-07-02 )))))))))))))))))))))))))))) . 2009-07-02 02:16 . 2009-07-02 02:16 -------- d-----w- c:\users\kelen\AppData\Local\temp 2009-07-02 02:16 . 2009-07-02 02:16 -------- d-----w- c:\users\flavia\AppData\Local\temp 2009-06-29 02:23 . 2009-06-29 02:42 -------- d-----w- C:\Rooter$ 2009-06-22 01:39 . 2009-06-25 01:28 -------- d-----w- c:\users\adriano\AppData\Local\Adobe 2009-06-20 23:49 . 2009-06-20 23:49 -------- d-----w- C:\temp 2009-06-19 05:00 . 2008-12-11 11:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2009-06-19 05:00 . 2009-04-03 14:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2009-06-19 05:00 . 2008-12-18 15:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2009-06-19 04:59 . 2009-06-19 05:00 -------- d-----w- c:\program files\Common Files\PC Tools 2009-06-19 04:59 . 2008-12-10 14:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys 2009-06-19 04:59 . 2009-07-01 17:03 -------- d-----w- c:\program files\Spyware Doctor 2009-06-19 04:59 . 2009-06-19 04:59 -------- d-----w- c:\users\kelen\AppData\Roaming\PC Tools 2009-06-19 04:59 . 2009-06-19 04:59 -------- d-----w- c:\programdata\PC Tools 2009-06-19 04:36 . 2009-06-19 05:17 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-06-19 04:36 . 2009-06-19 05:17 -------- d-----w- c:\program files\Norton Security Scan 2009-06-19 04:35 . 2009-06-19 04:57 -------- d-----w- c:\programdata\Google Updater 2009-06-19 04:08 . 2009-06-19 04:13 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2009-06-19 04:08 . 2009-06-19 04:08 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-06-19 03:48 . 2009-06-19 03:48 -------- d-----w- c:\users\kelen\AppData\Roaming\Roxio 2009-06-12 22:03 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll 2009-06-12 22:03 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll 2009-06-12 03:47 . 2009-06-12 03:47 -------- d-----w- c:\program files\UndeleteMyFiles 2009-06-11 01:30 . 2009-06-11 01:30 -------- d-----w- c:\users\kelen\AppData\Local\Mozilla 2009-06-11 00:36 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll 2009-06-05 03:17 . 2009-06-05 03:17 -------- d-----w- c:\program files\MSECache 2009-06-03 15:26 . 2009-06-03 15:26 24390976 ----a-w- c:\programdata\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\NokiaSoftwareUpdaterSetup_1.6.13PT_BR.exe 2009-06-03 15:26 . 2009-06-03 15:26 3351812 ----a-w- c:\programdata\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\msxml6Exec.exe 2009-06-03 15:26 . 2009-06-03 15:26 36864 ----a-w- c:\programdata\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\Sleep.exe 2009-06-03 15:26 . 2009-06-03 15:26 3181612 ----a-w- c:\programdata\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\vcredistExec.exe 2009-06-02 19:34 . 2009-07-01 16:46 -------- d-----w- c:\users\flavia\Tracing . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-02 02:15 . 2009-02-18 01:05 -------- d-----w- c:\users\adriano\AppData\Roaming\DNA 2009-07-02 02:01 . 2008-01-21 05:26 634222 ----a-w- c:\windows\system32\prfh0416.dat 2009-07-02 02:01 . 2008-01-21 05:26 121888 ----a-w- c:\windows\system32\prfc0416.dat 2009-07-02 01:16 . 2008-12-19 15:46 1660 ----a-w- c:\windows\bthservsdp.dat 2009-06-29 02:34 . 2009-01-15 17:50 -------- d-----w- c:\program files\GbPlugin 2009-06-28 19:25 . 2009-01-24 20:48 -------- d-----w- c:\programdata\DVD Shrink 2009-06-25 18:51 . 2009-02-09 01:07 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-06-25 18:51 . 2009-02-09 01:07 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-06-25 18:51 . 2009-02-09 01:07 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-06-25 04:08 . 2009-02-03 01:30 -------- d-----w- c:\program files\Microsoft 2009-06-24 21:17 . 2009-01-20 00:39 -------- d-----w- c:\program files\Nokia 2009-06-22 06:48 . 2009-02-18 01:06 -------- d-----w- c:\users\adriano\AppData\Roaming\BitTorrent 2009-06-22 02:11 . 2008-12-26 00:38 -------- d-----w- c:\programdata\Roxio 2009-06-16 01:50 . 2008-12-26 00:01 -------- d-----w- c:\users\adriano\AppData\Roaming\Skype 2009-06-16 01:38 . 2008-12-26 00:02 -------- d-----w- c:\users\adriano\AppData\Roaming\skypePM 2009-06-12 22:05 . 2009-01-01 23:01 -------- d-----w- c:\programdata\Microsoft Help 2009-06-12 21:44 . 2008-12-19 18:00 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-06-11 02:21 . 2008-12-19 18:18 -------- d-----w- c:\program files\Microsoft Works 2009-06-08 23:35 . 2008-12-26 02:10 -------- d-----w- c:\users\kelen\AppData\Roaming\Yahoo! 2009-06-08 17:57 . 2009-06-08 17:57 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf 2009-06-07 15:45 . 2009-01-15 22:18 -------- d-----w- c:\program files\DivX 2009-06-07 15:44 . 2009-04-15 02:23 -------- d-----w- c:\program files\Common Files\DivX Shared 2009-06-03 15:30 . 2009-01-20 00:38 -------- d-----w- c:\programdata\Installations 2009-06-03 15:27 . 2009-01-20 01:04 -------- d-----w- c:\program files\Common Files\Nokia 2009-06-03 13:51 . 2008-12-26 00:32 -------- d-----w- c:\users\adriano\AppData\Roaming\Yahoo! 2009-06-02 19:40 . 2009-01-05 12:29 -------- d-----w- c:\users\flavia\AppData\Roaming\Yahoo! 2009-06-02 19:33 . 2008-12-29 21:41 101856 ----a-w- c:\users\flavia\AppData\Local\GDIPFONTCACHEV1.DAT 2009-06-01 02:09 . 2009-06-01 02:09 262144 ----a-w- C:\ntuser.dat 2009-06-01 02:09 . 2008-12-25 16:22 -------- d-----w- c:\program files\Yahoo! 2009-06-01 02:09 . 2009-06-01 02:09 -------- d-----w- c:\programdata\Yahoo! 2009-06-01 02:09 . 2008-12-26 00:32 -------- d-----w- c:\programdata\Yahoo! Companion 2009-06-01 01:58 . 2009-06-01 01:55 -------- d-----w- c:\program files\CA Yahoo! Anti-Spy 2009-06-01 01:55 . 2009-06-01 01:55 -------- d-----w- c:\program files\Common Files\Scanner 2009-05-28 02:04 . 2009-05-28 02:04 -------- d-----w- c:\users\adriano\AppData\Roaming\Flickr 2009-05-28 02:03 . 2009-05-28 02:03 -------- d-----w- c:\program files\Flickr Uploadr 2009-05-21 18:54 . 2009-05-21 18:53 -------- d-----w- c:\programdata\WinZip 2009-05-15 02:02 . 2009-05-15 02:02 -------- d-----w- c:\program files\Unity 2009-05-14 23:18 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-05-09 05:50 . 2009-06-11 00:37 915456 ----a-w- c:\windows\system32\wininet.dll 2009-05-09 05:34 . 2009-06-11 00:37 71680 ----a-w- c:\windows\system32\iesetup.dll 2009-05-09 02:09 . 2009-02-09 01:07 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-05-01 21:51 . 2008-12-25 05:00 101856 ----a-w- c:\users\kelen\AppData\Local\GDIPFONTCACHEV1.DAT 2009-05-01 21:42 . 2008-12-25 16:05 101856 ----a-w- c:\users\adriano\AppData\Local\GDIPFONTCACHEV1.DAT 2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx0c.dll 2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx07.dll 2009-05-01 21:02 . 2009-05-01 21:02 815104 ----a-w- c:\windows\system32\divx_xx0a.dll 2009-05-01 21:02 . 2009-05-01 21:02 811008 ----a-w- c:\windows\system32\divx_xx16.dll 2009-05-01 21:02 . 2009-05-01 21:02 802816 ----a-w- c:\windows\system32\divx_xx11.dll 2009-05-01 21:02 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\DivX.dll 2009-04-23 12:42 . 2009-06-11 00:37 636928 ----a-w- c:\windows\system32\localspl.dll 2009-04-21 11:55 . 2009-06-11 00:37 2033152 ----a-w- c:\windows\system32\win32k.sys 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll 2008-12-19 18:02 . 2008-12-19 18:02 76 --sh--r- c:\windows\CT4CET.bin 2008-12-19 23:23 . 2008-12-19 23:21 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . Nota entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408] "BitTorrent DNA"="c:\users\adriano\Program Files\DNA\btdna.exe" [2009-02-18 321344] "googletalk"="c:\users\adriano\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-05-26 24264488] "Google Update"="c:\users\adriano\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-04-16 133104] "Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856] "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-05-04 167936] "OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-28 36864] "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 405504] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656] "DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-10-27 3563520] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-12-19 30192] "PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320] "dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-25 1948440] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2008-06-05 125208] "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856] "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-06-19 68592] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-12-19 50688] QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240] WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-5-11 525640] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2008-12-19 18:22 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll c:\windows\System32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer3"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{773AF746-145C-423A-85C8-B1A150CFC25D}"= c:\program files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect "{C5D7D5F4-FD3B-4409-B8F3-9C1DFB00FB9B}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program "{B02EF930-1E57-470B-8B6D-5D041C2A39CF}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine "{BBF96C42-904B-4425-A878-C958193D4B46}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server "{380D0500-E170-40F5-AC1C-41838E03CBF5}"= c:\program files\Skype\Phone\Skype.exe:Skype "{77225A2B-F29C-4913-A5B6-D62FA33ABEC9}"= TCP:6004\|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{6C4AFC4D-902A-41D7-81CC-8CC971E158A5}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{E5497C45-169F-445F-A5D8-D74C2E20D249}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{F4A32F14-17BA-4FF4-9C48-1482F09043F6}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{7165BA5D-BB34-404F-9905-68558D47CE9F}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "TCP Query User{DCAD8096-C4FA-48F6-9F45-9FF1AEFBC220}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process "UDP Query User{08141B50-F959-440B-B1A3-03ED78461004}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process "TCP Query User{F7701ABA-C77A-496F-8C28-5248A976876F}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater "UDP Query User{E6573D1F-D6EF-46C3-AE80-E1D409CC578D}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater "TCP Query User{C723B025-4B54-44CE-B893-5BC2F6AEE908}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process "UDP Query User{C0FE67A4-CE07-4D54-B399-B51E6112E4F2}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process "TCP Query User{E1077BC1-C6FA-47D7-AB19-66505CAF444B}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater "UDP Query User{540E61FE-500B-4526-A5A2-DB50BC1F9015}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater "{0A250C5D-FAA2-42DC-98A8-E5A8FF20DBF7}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe "{DA13687D-D0E8-4132-8CD0-B74D1DCE72F0}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe "{95D206CB-EDCF-4B6A-8808-60C6B9F6083E}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe "{39C769ED-4B55-41C1-8CD1-2B7F7576390A}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In) "{33CE1F2E-4DFA-4190-807F-C3713025FC03}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In) "TCP Query User{D49A89B4-352E-44C1-A6AA-5797E106FE59}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent "UDP Query User{A358433E-CDE9-42DF-BAC6-1C03B86F7873}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent "TCP Query User{91069196-3B8A-47F7-8943-5DF5800E846A}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent "UDP Query User{6825808F-F97B-45B4-A0E6-2C442FA4BB1E}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent "TCP Query User{46EA7947-894A-4FC1-B25A-1378574B7595}c:\\program files\\java\\jre6\\bin\\javaw.exe"= UDP:c:\program files\java\jre6\bin\javaw.exe:Java™ Platform SE binary "UDP Query User{FE185843-306E-4DE6-B7A4-35901C1D9B5F}c:\\program files\\java\\jre6\\bin\\javaw.exe"= TCP:c:\program files\java\jre6\bin\javaw.exe:Java™ Platform SE binary "TCP Query User{7A02F47D-3C65-48CA-8917-506760DCB014}c:\\program files\\java\\jre6\\bin\\javaw.exe"= UDP:c:\program files\java\jre6\bin\javaw.exe:Java™ Platform SE binary "UDP Query User{CFC07E7C-577E-48F8-992A-9E902E3EC495}c:\\program files\\java\\jre6\\bin\\javaw.exe"= TCP:c:\program files\java\jre6\bin\javaw.exe:Java™ Platform SE binary "TCP Query User{059A12F5-B36C-4DD8-BF3F-DFC4FD845A32}c:\\program files\\oneeko\\oneeko.exe"= UDP:c:\program files\oneeko\oneeko.exe:ONEEKO "UDP Query User{92982878-84B4-441E-BAA3-044A9A8652F7}c:\\program files\\oneeko\\oneeko.exe"= TCP:c:\program files\oneeko\oneeko.exe:ONEEKO "TCP Query User{B3A516B5-63E9-41D5-8493-BC9564DF299E}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{ADECA9D6-A705-49F2-B646-CD166D01120C}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "DoNotAllowExceptions"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe::Enabled:BitTorrent R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [19/06/2009 02:00 130936] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [08/02/2009 22:07 327688] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [08/02/2009 22:07 108552] R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [19/12/2008 12:45 73728] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [08/02/2009 22:06 906520] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [08/02/2009 22:06 298776] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\System32\drivers\IntcHdmi.sys [19/12/2008 20:39 111616] R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\System32\drivers\OEM02Dev.sys [10/10/2007 16:03 235648] R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\System32\drivers\OEM02Vfx.sys [19/12/2008 20:39 7424] S2 scpVista;scpVista;c:\program files\Scpad\scpVista.exe [15/02/2009 19:41 136448] S3 GoogleDesktopManager-092308-165331;Gerenciador do Google Desktop 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [19/12/2008 15:14 30192] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\System32\drivers\nmwcdnsu.sys [19/03/2009 13:48 136704] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\System32\drivers\nmwcdnsuc.sys [19/03/2009 13:48 8320] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [19/06/2009 01:59 348752] S4 PS3 Media Server;PS3 Media Server;c:\program files\PS3 Media Server\win32\service\wrapper.exe [17/08/2008 05:40 217088] --- =Outros Serviços/Drivers Na Memória --- Deregistered* - mchInjDrv [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12 . Conteúdo da pasta 'Tarefas Agendadas' 2009-07-02 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-19 04:35] 2009-07-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2869144217-1070373754-383600519-1001Core.job - c:\users\adriano\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-16 02:48] 2009-07-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2869144217-1070373754-383600519-1001UA.job - c:\users\adriano\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-16 02:48] 2009-06-26 c:\windows\Tasks\Norton Security Scan for kelen.job - c:\program files\Norton Security Scan\Nss.exe [2008-09-19 23:20] . . ------- Scan Suplementar ------- . uStart Page = hxxp://br.yahoo.com/?fr=fp-yie8 IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Enviar imagem para Dispositivo &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Enviar página para Dispositivo &Bluetooth ... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm LSP: c:\windows\system32\wpclsp.dll FF - ProfilePath - c:\users\adriano\AppData\Roaming\Mozilla\Firefox\Profiles\fn6il6mb.default\ FF - prefs.js: browser.search.defaulturl - hxxp://cade.search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p= FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://br.yahoo.com/?fr=fp-yie8 FF - prefs.js: keyword.URL - hxxp://cade.search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p= FF - plugin: c:\program files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: c:\users\adriano\Program Files\DNA\plugins\npbtdna.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-01 23:16 Windows 6.0.6001 Service Pack 1 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************ . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'lsass.exe'(624) c:\program files\Scpad\scpLIB.dll c:\program files\Scpad\scpMIB.dll c:\program files\Scpad\sshib.dll - - - - - - - > 'Explorer.exe'(256) c:\program files\Scpad\scpLIB.dll c:\program files\Scpad\scpMIB.dll c:\program files\Scpad\sshib.dll . Tempo para conclusão: 2009-07-02 23:18 ComboFix-quarantined-files.txt 2009-07-02 02:18 ComboFix2.txt 2009-06-29 02:54 ComboFix3.txt 2009-06-29 02:36 Pré-execução: 40.201.363.456 bytes disponíveis Pós execução: 40.187.510.784 bytes disponíveis Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4 301 --- E O F --- 2009-06-29 21:17 (I´m downloading Kapersky at this moment...)

Tomk View Member Profile	Jul 1 2009, 08:39 PM Post #6
Forum God Group: Classroom Teacher Posts: 11,227 Joined: 27-December 07 From: Sisters, OR Member No.: 75,503 Operating System: xp

Caderudo View Member Profile	Jul 1 2009, 11:31 PM Post #7
New Member Group: Authentic Member Posts: 6 Joined: 20-June 09 From: Brazil Member No.: 86,345 Operating System: Windows Vista Home Premium	and now the Kaspersky scan report... KASPERSKY ONLINE SCANNER 7.0 REPORT Thursday, July 2, 2009 Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001) Kaspersky Online Scanner version: 7.0.26.13 Program database last update: Thursday, July 02, 2009 02:25:15 Records in database: 2413044 Scan settings Scan using the following database extended Scan archives yes Scan mail databases yes Scan area My Computer C:\ D:\ E:\ Scan statistics Files scanned 138936 Threat name 1 Infected objects 10 Suspicious objects 0 Duration of the scan 02:09:18 File name Threat name Threats count C:\Users\kelen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\01DA4QT1\fc[1].htm Infected: Trojan-Clicker.HTML.IFrame.ail 1 C:\Users\kelen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\01DA4QT1\fc[2].htm Infected: Trojan-Clicker.HTML.IFrame.ail 1 C:\Users\kelen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\01DA4QT1\launch[1].htm Infected: Trojan-Clicker.HTML.IFrame.ail 1 C:\Users\kelen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\249WP3V0\fc[1].htm Infected: Trojan-Clicker.HTML.IFrame.ail 1 C:\Users\kelen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\249WP3V0\fc[2].htm Infected: Trojan-Clicker.HTML.IFrame.ail 1 C:\Users\kelen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J06RZ4X7\launch[1].htm Infected: Trojan-Clicker.HTML.IFrame.ail 1 C:\Users\kelen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UL0T9BVL\launch[2].htm Infected: Trojan-Clicker.HTML.IFrame.ail 1 C:\Users\kelen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WPLCJ0E1\fc[1].htm Infected: Trojan-Clicker.HTML.IFrame.ail 1 C:\Users\kelen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WPLCJ0E1\fc[2].htm Infected: Trojan-Clicker.HTML.IFrame.ail 1 C:\Users\kelen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WPLCJ0E1\launch[1].htm Infected: Trojan-Clicker.HTML.IFrame.ail 1 The selected area was scanned. [color="#0000FF"][/color] But when I execute CA Antispy (from yahoo toolbar) the "bancos ipa trojan" is still found. Tks! Caderudo

Tomk View Member Profile	Jul 1 2009, 11:47 PM Post #8
Forum God Group: Classroom Teacher Posts: 11,227 Joined: 27-December 07 From: Sisters, OR Member No.: 75,503 Operating System: xp	Caderudo, Does CA say what file it is finding related to the infection? Please download Malwarebytes' Anti-Malware to your desktop. Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select Perform quick scan, then click Scan. When the scan is complete, click OK, then Show Results to view the results. Be sure that everything is checked, and click Remove Selected. When completed, a log will open in Notepad. Please save it to a convenient location and post the results. Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot (shut down your computer then restart it).

Caderudo View Member Profile	Jul 2 2009, 11:10 PM Post #9
New Member Group: Authentic Member Posts: 6 Joined: 20-June 09 From: Brazil Member No.: 86,345 Operating System: Windows Vista Home Premium	Hi, I did as you told, (the sw is in portuguese) but it find no problems... But CA AntiSpy still finds "Bancos IPA" Regards, Adriano Malwarebytes' Anti-Malware 1.38 Versão do banco de dados: 2366 Windows 6.0.6001 Service Pack 1 03/07/2009 02:06:57 mbam-log-2009-07-03 (02-06-57).txt Tipo de Verificação: Completa (C:\\|D:\\|) Objetos verificados: 258551 Tempo decorrido: 1 hour(s), 23 minute(s), 2 second(s) Processos da Memória infectados: 0 Módulos de Memória Infectados: 0 Chaves do Registro infectadas: 0 Valores do Registro infectados: 0 Ítens do Registro infectados: 0 Pastas infectadas: 0 Arquivos infectados: 0 Processos da Memória infectados: (Nenhum ítem malicioso foi detectado) Módulos de Memória Infectados: (Nenhum ítem malicioso foi detectado) Chaves do Registro infectadas: (Nenhum ítem malicioso foi detectado) Valores do Registro infectados: (Nenhum ítem malicioso foi detectado) Ítens do Registro infectados: (Nenhum ítem malicioso foi detectado) Pastas infectadas: (Nenhum ítem malicioso foi detectado) Arquivos infectados: (Nenhum ítem malicioso foi detectado)

Tomk View Member Profile	Jul 2 2009, 11:15 PM Post #10
Forum God Group: Classroom Teacher Posts: 11,227 Joined: 27-December 07 From: Sisters, OR Member No.: 75,503 Operating System: xp	Caderudo, Does CA say what file it is finding related to the infection?

Caderudo View Member Profile	Jul 3 2009, 07:10 PM Post #11
New Member Group: Authentic Member Posts: 6 Joined: 20-June 09 From: Brazil Member No.: 86,345 Operating System: Windows Vista Home Premium	When I click on Details at report list I got: Type: key hkey_current_user\software\microsoft\windows\currentversion\ext\stat\{c41a1c0e-ea6c-11d4-b1b8-444553540008}

Tomk View Member Profile	Jul 5 2009, 08:06 PM Post #12
Forum God Group: Classroom Teacher Posts: 11,227 Joined: 27-December 07 From: Sisters, OR Member No.: 75,503 Operating System: xp	Caderudo, Please download SystemLook from one of the links below and save it to your Desktop. Download Mirror #1 Download Mirror #2 Double-click SystemLook.exe to run it. Copy the content of the following codebox into the main textfield: CODE :reg hkey_current_user\software\microsoft\windows\currentversion\ext\stat /sub :file %System%\Msvbvm60.dll %System%\Winmaxy.exe Click the Look button to start the scan. When finished, a notepad window will open with the results of the scan. Please post this log in your next reply. Note: The log can also be found on your Desktop entitled SystemLook.txt

Tomk View Member Profile	Jul 12 2009, 11:35 PM Post #13
Forum God Group: Classroom Teacher Posts: 11,227 Joined: 27-December 07 From: Sisters, OR Member No.: 75,503 Operating System: xp	Due to inactivity this topic will be closed. If you need help please start a new thread and post a new HJT log

« Next Oldest · Infections Removal · Next Newest »

Closed Topic

Start new topic

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Similar Topics

Similar Topics

Similar Topics

		Topic Title	Replies	Topic Starter	Views	Last Action
		Infections Removal [Closed] IE causes crash	2	Havoc	64	Yesterday, 03:59 PM Last post by: LDTate
		Infections Removal [Closed] Google Redirection	2	Ticker	291	Yesterday, 03:59 PM Last post by: LDTate
		Infections Removal [Closed] I need help understanding my log.	2	valhuse	83	Yesterday, 03:59 PM Last post by: LDTate
		Infections Removal [Closed] Runnin like glue.	2	emmabell22	72	Yesterday, 03:59 PM Last post by: LDTate

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Time is now: 21st November 2009 - 03:14 AM

Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk.
Member site: Alliance of Security Analysis Professionals | UNITE Against Malware
Memory Forums | Auto Repair Forum
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy

Powered By IP.Board © 2009 IPS, Inc.