Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected PC-cant go on msn, net is way more slow and windows keep poping up


  • This topic is locked This topic is locked
13 replies to this topic

#1 fpnc

fpnc

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:16 AM

Posted 05 April 2009 - 10:55 AM

Hello friends

in day 2 of this month my pc got attacked with some kind of virus...i cant go on msn cause it starts sending those links to all of my contacts and is always freezing my screen, net got slower and i keep getting windowns poping up..i used spybot then mcafee and all seemed alright..next day when i turn my pc on all comes back at same...except that sometimes those windows keep poping up but must of time i get an error message saying ie found a problem and will be closed

mcafee found this files:

asapagov.tmp
ohotureh.in
ohutureh_tmp

in the description also said it was a vundo trojan and stuff..but not sure dont rebember quite well now eheh sry

it was quarentined then i delete them but it all keeps the same
i, too found a strange file when i go to the "manager jobs"..its called fxsteller.exe..i search and found that it was a threat but everytime i close it nothing changes..then i restart the pc and there he is again :)

hope u guys can help me :thumbup2:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:54:43, on 05-04-2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Windows\vVX1000.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\fxsteller.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww.google.pt/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O1 - Hosts: 82.98.231.89 browser-security.microsoft.com
O1 - Hosts: 82.98.231.89 best-click-scanner.info
O1 - Hosts: 82.98.231.89 antivirus-xp-pro-2009.com
O1 - Hosts: 82.98.231.89 microsoft.infosecuritycenter.com
O1 - Hosts: 82.98.231.89 microsoft.softwaresecurityhelp.com
O1 - Hosts: 82.98.231.89 onlinenotifyq.net
O1 - Hosts: 82.98.231.89 antivirusxp-pro-2009.com
O1 - Hosts: 82.98.231.89 microsoft.browser-security-center.com
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: (no name) - {c25d9cb2-0225-4173-848e-1cf5cdfd610f} - C:\Windows\system32\mejetiwa.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX1000] C:\Windows\vVX1000.exe
O4 - HKLM\..\Run: [Windows UDP Control Center] fxsteller.exe
O4 - HKLM\..\Run: [dofipujeta] Rundll32.exe "C:\Windows\system32\yuwevelo.dll",s
O4 - HKLM\..\Run: [CPM37d347cc] Rundll32.exe "c:\windows\system32\lujorosu.dll",a
O4 - HKLM\..\Run: [34e07450] rundll32.exe "C:\Windows\system32\herutoho.dll",b
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\StartRegistryBooster.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Serviço de rede')
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre...ows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...572/mcfscan.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\Windows\system32\duzedune.dll c:\windows\system32\bihawonu.dll c:\windows\system32\lujorosu.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\lujorosu.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\lujorosu.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 8432 bytes

Edited by fpnc, 05 April 2009 - 10:56 AM.


BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,046 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:12:16 AM

Posted 14 April 2009 - 11:45 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. You can find information on A/V control HERE

Orange Blossom :thumbup2:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif

#3 fpnc

fpnc
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:16 AM

Posted 15 April 2009 - 11:46 AM

hello and thanks for answering ;)

well, the only thing i did (or better that i didnt did, cause i just gave up :step4: ) was to turn off the pc, connect the modem to my laptot and work from there cause it was so annyoing the pop ups and ie window errors plus couldnt go on msn cause like i said it freezed and send those links saying "ey look this pic bla bla bla"...

anyway..since i started working with the laptot i only used this pc to get some things done that i couldnt do on laptot...i noticed 1 more thing was everytime i turned the pc on a blue screen appear and the pc restarted...then when i enter on windows a message saying "windows had a fatal problem" or smthing like that appear...and even without net those error messages of ie kept poping up

today i saw your answer and connected the net again...the windows still kept poping up but strangely i could talk on msn again...it doesnt send links anymore...i had to go and i left the pc on doing nothing when i arrived at home not even 1 window of ie error, so i restarted to see if the bluescreen appear and nothing...when i enter on windows i waited a bit and no more ie errors or pop ups!!!

no ideia what could have happen...think this comp is crazy :)

anyway i leave the dds logs so i can have your oppinion cause i dont believe in miracles lol :step1:

many thanks
keep up the slependid work :thumbup2:

ps : i zipped the attach file, tryed to do upload and it said it didnt accept this file...so had to put non-zipped...sorry



DDS (Ver_09-03-16.01) - NTFSx86
Run by Paulo Machado at 17:25:39,50 on 15-04-2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.351.2070.18.3582.2593 [GMT 1:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Windows\vVX1000.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Paulo Machado\Desktop\Inês\joao\dds.scr
C:\Windows\system32\conime.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://ww.google.pt/
uInternet Settings,ProxyOverride = *.local
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\progra~1\mcafee\viruss~1\scriptsn.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Programa Auxiliar de Início de Sessão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: {c25d9cb2-0225-4173-848e-1cf5cdfd610f} - c:\windows\system32\vegozadi.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\StartRegistryBooster.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [HDAudDeck] c:\program files\via\viaudioi\vdeck\VDeck.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [VX1000] c:\windows\vVX1000.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [34e07450] rundll32.exe "c:\windows\system32\dorugeba.dll",b
mRun: [CPM37d347cc] Rundll32.exe "c:\windows\system32\mopidozu.dll",a
mRun: [dofipujeta] Rundll32.exe "c:\windows\system32\wonutego.dll",s
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5572/mcfscan.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
AppInit_DLLs: c:\windows\system32\bihawonu.dll c:\windows\system32\lujorosu.dll c:\windows\system32\mopidozu.dll,c:\windows\system32\nusoyeta.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\mopidozu.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\mopidozu.dll
LSA: Notification Packages = scecli c:\windows\system32\nusoyeta.dll

============= SERVICES / DRIVERS ===============

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-12-28 203280]
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\L1E60x86.sys [2008-9-23 48128]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2008-12-23 250880]

=============== Created Last 30 ================

2009-04-15 13:12 1,565,897 ---sh--- c:\windows\system32\abegurod.ini
2009-04-14 22:29 <DIR> --d----- c:\programdata\DVD Shrink
2009-04-14 22:29 <DIR> --d----- c:\program files\DVD Shrink
2009-04-14 12:29 121 ---sh--- c:\windows\system32\aduripaf.ini
2009-04-09 22:31 108,032 a------- C:\paret2.exe
2009-04-07 22:16 155 a------- c:\windows\system32\SelfDel.bat
2009-04-06 13:31 <DIR> --d----- c:\users\paulom~1\appdata\roaming\DAEMON Tools Pro
2009-04-06 00:55 116,848,982 a------- c:\windows\MEMORY.DMP
2009-04-05 22:47 <DIR> --d----- c:\programdata\DAEMON Tools Lite
2009-04-05 22:47 <DIR> --d----- c:\progra~2\DAEMON Tools Lite
2009-04-05 22:46 <DIR> --d----- c:\program files\DAEMON Tools Toolbar
2009-04-05 22:45 <DIR> --d----- c:\program files\DAEMON Tools Lite
2009-04-05 22:45 <DIR> --d----- c:\users\paulom~1\appdata\roaming\DAEMON Tools Lite
2009-04-04 12:28 <DIR> --d----- c:\program files\Trend Micro
2009-04-03 16:47 <DIR> --d----- c:\windows\McAfee.com
2009-04-03 16:05 <DIR> --d----- c:\windows\PCHEALTH
2009-04-03 13:43 <DIR> --d----- c:\program files\Safer Networking
2009-04-03 13:40 326 a------- c:\windows\wininit.ini
2009-04-03 13:05 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2009-04-03 13:05 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2009-04-03 12:57 <DIR> --d----- c:\users\paulom~1\appdata\roaming\Uniblue
2009-04-03 12:56 <DIR> -cd-h--- c:\programdata\~0
2009-04-03 12:56 <DIR> -cd-h--- c:\progra~2\~0
2009-04-02 22:09 <DIR> --d----- c:\users\paulo machado\Tracing
2009-04-02 22:08 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-04-02 22:05 <DIR> --d----- c:\program files\common files\Windows Live
2009-04-01 19:43 87,608 a------- c:\users\paulom~1\appdata\roaming\inst.exe
2009-04-01 19:43 47,360 a------- c:\windows\system32\drivers\pcouffin.sys
2009-04-01 19:43 47,360 a------- c:\users\paulom~1\appdata\roaming\pcouffin.sys
2009-04-01 19:43 1,184,984 a------- c:\windows\system32\wvc1dmod.dll
2009-04-01 19:43 626,688 a------- c:\windows\system32\vp7vfw.dll
2009-04-01 19:43 217,127 a------- c:\windows\system32\drv43260.dll
2009-04-01 19:43 208,935 a------- c:\windows\system32\drv33260.dll
2009-04-01 19:43 176,165 a------- c:\windows\system32\drv23260.dll
2009-04-01 19:43 102,439 a------- c:\windows\system32\sipr3260.dll
2009-04-01 19:43 65,602 a------- c:\windows\system32\cook3260.dll
2009-04-01 19:43 <DIR> --d----- c:\program files\VSO
2009-03-22 18:26 94,000 a------- c:\windows\system32\drivers\ssm_mdm.sys
2009-03-22 18:26 8,336 a------- c:\windows\system32\drivers\ssm_mdfl.sys
2009-03-22 18:26 6,176 a------- c:\windows\system32\drivers\ssm_cmnt.sys
2009-03-22 18:26 6,176 a------- c:\windows\system32\drivers\ssm_cm.sys
2009-03-22 18:24 766 a------- c:\windows\system32\Uninstall.ico
2009-03-22 18:24 <DIR> --d----- c:\windows\system32\Samsung_USB_Drivers

==================== Find3M ====================

2009-04-15 14:11 654,934 a------- c:\windows\system32\prfh0816.dat
2009-04-15 14:11 132,082 a------- c:\windows\system32\prfc0816.dat
2009-04-15 13:13 49,152 a--sh--- c:\windows\system32\yidopamo.dll
2009-04-15 13:12 87,552 a--sh--- c:\windows\system32\mopidozu.dll
2009-04-15 13:12 79,872 a--sh--- c:\windows\system32\dorugeba.dll
2009-04-12 13:45 87,552 a--sh--- c:\windows\system32\pudomehi.dll
2009-04-12 13:45 51,200 a--sh--- c:\windows\system32\toraheke.exe
2009-04-12 01:45 87,552 a--sh--- c:\windows\system32\zatewada.dll
2009-04-12 01:45 51,200 a--sh--- c:\windows\system32\papulihe.exe
2009-04-11 13:45 87,552 a--sh--- c:\windows\system32\yejivoji.dll
2009-04-11 13:45 51,200 a--sh--- c:\windows\system32\yoduseya.exe
2009-04-11 01:45 87,552 a--sh--- c:\windows\system32\yutebigu.dll
2009-04-11 01:45 51,200 a--sh--- c:\windows\system32\rosotuse.exe
2009-04-10 13:44 87,552 a--sh--- c:\windows\system32\temekatu.dll
2009-04-10 13:44 51,200 a--sh--- c:\windows\system32\kogetagi.exe
2009-04-10 01:44 87,552 a--sh--- c:\windows\system32\juviyame.dll
2009-04-10 01:44 51,200 a--sh--- c:\windows\system32\pujosove.exe
2009-04-09 12:33 87,552 a--sh--- c:\windows\system32\zuziberi.dll
2009-04-09 00:27 49,152 a--sh--- c:\windows\system32\jikotato.dll
2009-04-09 00:26 87,552 a--sh--- c:\windows\system32\veyetidi.dll
2009-04-01 19:43 143,360 a------- c:\windows\inf\infstrng.dat
2009-04-01 19:43 51,200 a------- c:\windows\inf\infpub.dat
2009-04-01 19:43 86,016 a------- c:\windows\inf\infstor.dat
2009-03-22 00:44 249,856 -------- c:\windows\Setup1.exe
2009-03-22 00:44 73,216 a------- c:\windows\ST6UNST.EXE
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-27 17:56 167,936 a------- c:\windows\system32\SpoonUninstall.exe
2009-02-27 17:56 17,871 a------- c:\windows\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
2009-02-13 18:21 202,040 a------- c:\windows\system32\PnkBstrB.exe
2009-02-09 04:10 2,033,152 a------- c:\windows\system32\win32k.sys
2008-12-30 21:49 22,328 a------- c:\users\paulom~1\appdata\roaming\PnkBstrK.sys
2008-12-25 21:31 174 a--sh--- c:\program files\desktop.ini
2008-12-25 21:23 665,600 a------- c:\windows\inf\drvindex.dat
2007-01-18 05:46 332,682 a------- c:\windows\inf\perflib\0816\perfi.dat
2007-01-18 05:46 332,682 a------- c:\windows\inf\perflib\0816\perfh.dat
2007-01-18 05:46 39,514 a------- c:\windows\inf\perflib\0816\perfd.dat
2007-01-18 05:46 39,514 a------- c:\windows\inf\perflib\0816\perfc.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-12-28 16:54 16,384 a--sh--- c:\windows\temp\cookies\index.dat
2008-12-28 16:54 16,384 a--sh--- c:\windows\temp\history\history.ie5\index.dat
2008-12-28 16:54 32,768 a--sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 17:27:05,48 ===============

Attached Files


Edited by fpnc, 15 April 2009 - 11:47 AM.


#4 Jat90

Jat90

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:06:16 AM

Posted 15 April 2009 - 04:46 PM

Hello, fpnc

Welcome to the Bleeping Computer Forums. My name is Jat, and I will be helping you with your situation.

If you do not make a reply in 5 days, we will have to close your topic.


You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.


This computer is quite heavily infected. Let's begin with ComboFix:

ComboFix

Please download ComboFix from one of these locations (If you already have it, delete it and download again):

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Instruction can be found here
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Note** ComboFix was designed only to be used under the supervision of a helper, not for general use.

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.
- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image

#5 fpnc

fpnc
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:16 AM

Posted 15 April 2009 - 05:35 PM

hello jat

here`s the log you requested:

ComboFix 09-04-15.08 - Paulo Machado 15-04-2009 23:23.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.351.2070.18.3582.2663 [GMT 1:00]
Executando de: c:\users\Paulo Machado\Desktop\Inês\joao\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\users\Paulo Machado\AppData\Roaming\inst.exe
c:\windows\system32\abegurod.ini
c:\windows\system32\aduripaf.ini
c:\windows\system32\dorugeba.dll
c:\windows\system32\drivers\ovfsthpcegtoximciixoxxcwlnruvvyakorxou.sys
c:\windows\system32\drivers\ovfsthywtxadpnvqvmpeienjofwmbafpkpkgxx.sys
c:\windows\system32\jikotato.dll
c:\windows\system32\juviyame.dll
c:\windows\system32\mopidozu.dll
c:\windows\system32\nusoyeta.dll
c:\windows\system32\ovfsthbsysixscbunpgwofkusxcnwprpijoptg.dll
c:\windows\system32\ovfsthfwrxfjbmylghctaicehvfvuleotqxbti.dll
c:\windows\system32\ovfsthhtiwbeoptvsbiokmeefxdmqwpjcdqrub.dll
c:\windows\system32\ovfsthjhfftunxljpporkuxodplqfxpycunwjv.dll
c:\windows\system32\ovfsthqtljlwxthuitqhbqcnymivmtenegewmf.dat
c:\windows\system32\ovfsthygewxvwflwwwwstjrqhbpiroimcwvomg.dat
c:\windows\system32\pudomehi.dll
c:\windows\system32\temekatu.dll
c:\windows\system32\vegozadi.dll
c:\windows\system32\veyetidi.dll
c:\windows\system32\wonutego.dll
c:\windows\system32\yejivoji.dll
c:\windows\system32\yidopamo.dll
c:\windows\system32\yutebigu.dll
c:\windows\system32\zatewada.dll
c:\windows\system32\zuziberi.dll

----- BITS: Sites possivelmente infetados -----

hxxp://82.98.235.208
.
((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ovfsthvryqmvqdqekvevbcmiiqejoprwntdpbi
-------\Service_ovfsthyqfmfpctuanxtktragmotwroecmehugu


(((((((((((((((( Arquivos/Ficheiros criados de 2009-03-15 to 2009-04-15 ))))))))))))))))))))))))))))
.

2009-04-15 18:11 . 2009-04-15 18:34 -------- d-----w c:\program files\AVI2ISO
2009-04-14 21:29 . 2009-04-14 21:29 -------- d-----w c:\users\All Users\DVD Shrink
2009-04-14 21:29 . 2009-04-14 21:29 -------- d-----w c:\programdata\DVD Shrink
2009-04-14 21:29 . 2009-04-14 21:29 -------- d-----w c:\program files\DVD Shrink
2009-04-09 21:31 . 2009-04-11 13:31 108032 ----a-w C:\paret2.exe
2009-04-07 21:16 . 2009-04-08 11:41 155 ----a-w c:\windows\system32\SelfDel.bat
2009-04-06 12:31 . 2009-04-06 12:31 -------- d-----w c:\users\Paulo Machado\AppData\Roaming\DAEMON Tools Pro
2009-04-05 23:55 . 2009-04-15 11:14 116848982 ----a-w c:\windows\MEMORY.DMP
2009-04-05 21:47 . 2009-04-05 21:47 -------- d-----w c:\users\All Users\DAEMON Tools Lite
2009-04-05 21:47 . 2009-04-05 21:47 -------- d-----w c:\programdata\DAEMON Tools Lite
2009-04-05 21:46 . 2009-04-09 21:05 -------- d-----w c:\program files\DAEMON Tools Toolbar
2009-04-05 21:45 . 2009-04-05 21:46 -------- d-----w c:\program files\DAEMON Tools Lite
2009-04-05 21:45 . 2009-04-06 12:31 -------- d-----w c:\users\Paulo Machado\AppData\Roaming\DAEMON Tools Lite
2009-04-04 11:28 . 2009-04-04 11:28 -------- d-----w c:\program files\Trend Micro
2009-04-03 15:47 . 2009-04-03 15:47 -------- d-----w c:\windows\McAfee.com
2009-04-03 15:05 . 2009-04-03 15:05 -------- d-----w c:\windows\PCHEALTH
2009-04-03 15:03 . 2009-04-03 15:33 -------- d-----w c:\program files\Windows Live
2009-04-03 12:43 . 2009-04-03 12:43 -------- d-----w c:\program files\Safer Networking
2009-04-03 12:40 . 2009-04-04 12:46 326 ----a-w c:\windows\wininit.ini
2009-04-03 12:05 . 2009-04-05 15:33 -------- d-----w c:\users\All Users\Spybot - Search & Destroy
2009-04-03 12:05 . 2009-04-05 15:33 -------- d-----w c:\programdata\Spybot - Search & Destroy
2009-04-03 11:57 . 2009-04-03 11:57 -------- d-----w c:\users\Paulo Machado\AppData\Roaming\Uniblue
2009-04-03 11:56 . 2009-04-03 12:04 -------- dc-h--w c:\users\All Users\~0
2009-04-03 11:56 . 2009-04-03 12:04 -------- dc-h--w c:\programdata\~0
2009-04-02 21:09 . 2009-04-03 11:38 -------- d-----w c:\users\Paulo Machado\Tracing
2009-04-02 21:08 . 2009-04-02 21:08 -------- d-----w c:\program files\Windows Live SkyDrive
2009-04-02 21:05 . 2009-04-02 21:05 -------- d-----w c:\program files\Common Files\Windows Live
2009-04-01 18:43 . 2009-04-01 19:45 -------- d-----w c:\users\Paulo Machado\AppData\Roaming\Vso
2009-04-01 18:43 . 2009-04-01 18:43 47360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2009-04-01 18:43 . 2009-04-01 18:43 47360 ----a-w c:\users\Paulo Machado\AppData\Roaming\pcouffin.sys
2009-04-01 18:43 . 2007-03-18 19:37 65602 ----a-w c:\windows\system32\cook3260.dll
2009-04-01 18:43 . 2006-09-29 11:26 176165 ----a-w c:\windows\system32\drv23260.dll
2009-04-01 18:43 . 2006-09-29 11:25 208935 ----a-w c:\windows\system32\drv33260.dll
2009-04-01 18:43 . 2006-09-29 11:24 217127 ----a-w c:\windows\system32\drv43260.dll
2009-04-01 18:43 . 2006-05-20 15:16 1184984 ----a-w c:\windows\system32\wvc1dmod.dll
2009-04-01 18:43 . 2006-05-11 18:21 626688 ----a-w c:\windows\system32\vp7vfw.dll
2009-04-01 18:43 . 2002-12-10 01:20 102439 ----a-w c:\windows\system32\sipr3260.dll
2009-04-01 18:43 . 2009-04-01 18:43 -------- d-----w c:\program files\VSO
2009-03-22 17:26 . 2005-08-30 01:49 94000 ----a-w c:\windows\system32\drivers\ssm_mdm.sys
2009-03-22 17:26 . 2005-08-30 01:49 8336 ----a-w c:\windows\system32\drivers\ssm_mdfl.sys
2009-03-22 17:26 . 2005-08-30 01:49 6176 ----a-w c:\windows\system32\drivers\ssm_cmnt.sys
2009-03-22 17:26 . 2005-08-30 01:49 6176 ----a-w c:\windows\system32\drivers\ssm_cm.sys
2009-03-22 17:24 . 2009-03-22 17:28 -------- d-----w c:\windows\system32\Samsung_USB_Drivers
2009-03-22 17:24 . 2005-08-28 20:51 766 ----a-w c:\windows\system32\Uninstall.ico
2009-03-20 23:11 . 2009-03-20 23:11 -------- d-----w c:\windows\Sun

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-15 22:28 . 2009-04-15 22:28 2048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
2009-04-15 22:28 . 2009-04-15 22:28 2048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
2009-04-15 22:28 . 2006-11-02 13:02 49152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2009-04-15 22:28 . 2006-11-02 13:02 32768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2009-04-15 22:28 . 2006-11-02 13:02 32768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2009-04-15 21:54 . 2009-01-26 00:58 -------- d-----w c:\users\Paulo Machado\AppData\Roaming\dvdcss
2009-04-15 18:40 . 2007-01-18 04:49 654934 ----a-w c:\windows\System32\prfh0816.dat
2009-04-15 18:40 . 2007-01-18 04:49 132082 ----a-w c:\windows\System32\prfc0816.dat
2009-04-15 18:36 . 2009-01-24 20:20 -------- d-----w c:\program files\XviD MPEG-4 Video Codec 1.2.0
2009-04-15 18:35 . 2009-01-24 20:02 -------- d-----w c:\program files\AviSynth 2.5
2009-04-15 17:06 . 2009-01-03 21:33 -------- d-----w c:\program files\Steam
2009-04-12 12:45 . 2009-01-12 12:45 51200 --sha-w c:\windows\System32\toraheke.exe
2009-04-12 12:45 . 2009-01-12 12:45 51200 --sha-w c:\windows\System32\toraheke.exe
2009-04-12 00:45 . 2009-01-12 00:45 51200 --sha-w c:\windows\System32\papulihe.exe
2009-04-12 00:45 . 2009-01-12 00:45 51200 --sha-w c:\windows\System32\papulihe.exe
2009-04-11 12:45 . 2009-01-11 12:45 51200 --sha-w c:\windows\System32\yoduseya.exe
2009-04-11 12:45 . 2009-01-11 12:45 51200 --sha-w c:\windows\System32\yoduseya.exe
2009-04-11 00:45 . 2009-01-11 00:45 51200 --sha-w c:\windows\System32\rosotuse.exe
2009-04-11 00:45 . 2009-01-11 00:45 51200 --sha-w c:\windows\System32\rosotuse.exe
2009-04-10 12:44 . 2009-01-10 12:44 51200 --sha-w c:\windows\System32\kogetagi.exe
2009-04-10 12:44 . 2009-01-10 12:44 51200 --sha-w c:\windows\System32\kogetagi.exe
2009-04-10 00:44 . 2009-01-10 00:44 51200 --sha-w c:\windows\System32\pujosove.exe
2009-04-10 00:44 . 2009-01-10 00:44 51200 --sha-w c:\windows\System32\pujosove.exe
2009-04-09 21:06 . 2008-12-23 21:05 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-08 19:09 . 2008-12-23 20:42 680 ----a-w c:\users\Paulo Machado\AppData\Local\d3d9caps.dat
2009-04-06 12:43 . 2009-02-05 23:58 -------- d-----w c:\program files\Java
2009-04-06 12:31 . 2008-12-28 15:33 -------- d-----w c:\users\Paulo Machado\AppData\Roaming\DAEMON Tools
2009-04-05 15:54 . 2009-04-05 15:54 8433 ----a-w C:\hijackthis.log
2009-04-03 15:04 . 2008-12-26 22:53 -------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2009-04-03 15:02 . 2008-12-26 22:51 -------- d-----w c:\programdata\WLInstaller
2009-04-03 12:04 . 2009-02-27 16:49 -------- d-----w c:\program files\Common Files\DVDVideoSoft
2009-04-02 16:27 . 2008-12-28 15:52 -------- d-----w c:\program files\McAfee
2009-04-01 18:43 . 2006-11-02 10:25 51200 ----a-w c:\windows\Inf\infpub.dat
2009-04-01 18:43 . 2006-11-02 10:25 143360 ----a-w c:\windows\Inf\infstrng.dat
2009-04-01 18:43 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infstor.dat
2009-03-29 15:29 . 2009-01-20 23:45 230424 ----a-w C:\img2-001.raw
2009-03-22 17:21 . 2009-02-11 12:07 -------- d-----w c:\program files\Common Files\Adobe
2009-03-21 23:44 . 2009-01-20 19:26 -------- d-----w c:\program files\SubSync
2009-03-21 23:44 . 2009-01-20 19:26 249856 ------w c:\windows\Setup1.exe
2009-03-21 23:44 . 2009-01-20 19:26 73216 ----a-w c:\windows\ST6UNST.EXE
2009-03-19 20:12 . 2009-01-12 20:22 48 --sh--w c:\windows\SBE112F39.tmp
2009-03-18 16:22 . 2009-01-03 21:33 -------- d-----w c:\program files\Common Files\Steam
2009-03-12 20:25 . 2009-01-28 23:40 -------- d-----w c:\users\Paulo Machado\AppData\Roaming\Hamachi
2009-03-12 17:49 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-03-09 04:19 . 2009-02-05 23:58 410984 ----a-w c:\windows\System32\deploytk.dll
2009-03-08 23:08 . 2009-03-08 23:08 -------- d-----w c:\users\Paulo Machado\AppData\Roaming\teamspeak2
2009-02-27 16:56 . 2009-02-27 16:56 17871 ----a-w c:\windows\System32\SpoonUninstall-dBpowerAMP Music Converter.dat
2009-02-27 16:56 . 2009-02-27 16:56 167936 ----a-w c:\windows\System32\SpoonUninstall.exe
2009-02-27 16:56 . 2009-02-27 16:56 -------- d-----w c:\program files\Illustrate
2009-02-27 16:49 . 2009-02-27 16:49 -------- d-----w c:\program files\DVDVideoSoft
2009-02-27 15:50 . 2009-02-27 15:50 -------- d-----w c:\programdata\eMule
2009-02-27 15:50 . 2009-02-27 15:50 -------- d-----w c:\program files\eMule
2009-02-18 21:13 . 2008-12-23 20:42 56728 ----a-w c:\users\Paulo Machado\AppData\Local\GDIPFONTCACHEV1.DAT
2009-02-13 17:21 . 2008-12-30 20:48 202040 ----a-w c:\windows\System32\PnkBstrB.exe
2009-02-09 03:10 . 2009-03-11 11:45 2033152 ----a-w c:\windows\System32\win32k.sys
2008-12-30 20:49 . 2008-12-30 20:49 22328 ----a-w c:\users\Paulo Machado\AppData\Roaming\PnkBstrK.sys
2008-12-25 20:31 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2008-03-25 14131200]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-08 645328]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfehidk.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mferkdk.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Users^Paulo Machado^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\users\Paulo Machado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-12-29 10:40 687560 ----a-w c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2007-01-29 21:10 46632 ----a-w c:\program files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-04-19 13:26 484904 ----a-w c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 15:57 153136 ----a-w c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2007-01-29 21:12 30248 ----a-w c:\program files\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPort11reminder]
2007-02-01 13:46 255528 ----a-w c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2008-01-19 07:33 1233920 ----a-w c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 09:03 210472 ----a-w c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-03-09 04:19 148888 ----a-w c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1130331581-1154666309-3599531796-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{67A44428-8E3C-4E2F-8096-8A7FEFD888AF}c:\\program files\\windows sidebar\\sidebar.exe"= UDP:c:\program files\windows sidebar\sidebar.exe:Barra lateral do Windows
"UDP Query User{BB953416-7053-4397-ACA3-6848F4C66C5D}c:\\program files\\windows sidebar\\sidebar.exe"= TCP:c:\program files\windows sidebar\sidebar.exe:Barra lateral do Windows
"{CB29AAE3-C879-4965-9584-99A6D2CB562A}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{E39BE721-5CDA-4037-949C-D8255BF12F55}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{41F518AF-6619-475C-9571-7AE32D503553}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{7E0F28FE-3BAA-482C-8717-E03CE31FEFAA}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{345CB6E6-67E2-4D04-9620-74D5D486F9F3}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{8A60D238-6FC9-45F6-842E-762E1C4F25C3}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare™
"{EE506C63-7222-4C03-9AA3-0CBC5C9AB3A2}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare™
"{8B10CCD6-0E15-4DA6-9686-2ABEF2833063}"= UDP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{C959D744-95CC-4AAB-912D-019D22837FEB}"= TCP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{2FF38F3F-A204-4A70-8C4A-C05773FE5AE4}"= UDP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{B79FE053-1C6F-4452-9A91-1B621D7E859F}"= TCP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{F29318F3-57B0-40E5-B1C1-CDB4D879558D}"= UDP:c:\windows\explorer.exe:Explorer
"{3A8387B3-5E21-403A-B01E-377F3079396F}"= TCP:c:\windows\explorer.exe:Explorer
"{5DE32FDB-C968-4EB8-9CBE-7D14623AB039}"= UDP:c:\program files\McAfee\VirusScan\mcvsmap.exe:mcvsmap
"{4CD3435D-AAD7-41AD-A68D-E8525291A5CF}"= TCP:c:\program files\McAfee\VirusScan\mcvsmap.exe:mcvsmap
"{4AF792AE-81E1-4C2F-AD59-42204C3DA3FE}"= UDP:c:\windows\System32\dwm.exe:Dwm
"{FFABDF6C-081F-4D75-BC00-92B40780A83B}"= TCP:c:\windows\System32\dwm.exe:Dwm
"{04DC8800-C282-451F-9FEC-A701637483BF}"= UDP:c:\windows\System32\LogonUI.exe:LogonUI
"{ABCEAE1D-9459-4DF6-92F6-5D6320D14CA8}"= TCP:c:\windows\System32\LogonUI.exe:LogonUI
"{CA3C2CB3-CB47-4D24-9CD7-21235544BA49}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{931F6369-FEB2-4911-B8EF-F86C2C2F045B}"= UDP:c:\windows\System32\wininit.exe:wininit
"{31BEE82B-623A-4FD6-810F-2BF4FC1FC226}"= TCP:c:\windows\System32\wininit.exe:wininit
"{A52613FC-8C13-4032-8F19-0D15642E47E9}"= UDP:c:\windows\System32\taskeng.exe:taskeng
"{47BA3F39-3B61-452F-A482-3C3A1C5E8D76}"= TCP:c:\windows\System32\taskeng.exe:taskeng
"{58F3643E-A491-4F8A-B1DE-90A9DB4DC485}"= UDP:c:\windows\System32\services.exe:services
"{3952E4EF-6AB9-42A1-B415-465D1B27B121}"= TCP:c:\windows\System32\services.exe:services
"{0BB51D01-E942-4411-9C21-2B6F40816568}"= UDP:c:\windows\System32\services.exe:services
"{40BB5D3C-C509-47B5-8E10-FAEA38C48533}"= TCP:c:\windows\System32\services.exe:services
"{46603B7B-3C9B-4923-8296-6112CBAEA290}"= UDP:c:\windows\System32\lsass.exe:lsass
"{8EEF70C8-D19C-41AA-829F-C171A939F596}"= TCP:c:\windows\System32\lsass.exe:lsass
"{FEEB1D79-EA81-4655-A2D8-1530C0CEAFE1}"= UDP:c:\program files\McAfee\MSC\mcmscsvc.exe:mcmscsvc
"{8582C608-FE0E-42FE-BEB1-5BB16824FBEF}"= TCP:c:\program files\McAfee\MSC\mcmscsvc.exe:mcmscsvc
"{964530BF-4818-4B67-BF13-DBEA850CEFEC}"= UDP:c:\program files\McAfee\MPF\MpfSrv.exe:MPFSrv
"{2210A3C2-6B33-4685-B081-DCC8B7C9F35D}"= TCP:c:\program files\McAfee\MPF\MpfSrv.exe:MPFSrv
"{7B3EDE70-0871-4EF1-B94A-AA1CC9F91439}"= UDP:c:\windows\System32\Ati2evxx.exe:Ati2evxx
"{17AD1397-5975-494E-9355-94D789E7CA9A}"= TCP:c:\windows\System32\Ati2evxx.exe:Ati2evxx
"{3214D0D9-C7CD-470D-A706-52431F048D2F}"= UDP:c:\windows\System32\SearchIndexer.exe:SearchIndexer
"{754847D7-B6E4-4351-84C7-3AEA97434079}"= UDP:c:\windows\System32\SearchIndexer.exe:SearchIndexer
"{36395B9A-C60C-48AB-B8C4-5726E6A9C719}"= TCP:c:\windows\System32\SearchIndexer.exe:SearchIndexer
"{064E850C-4682-465E-818F-D553E683E231}"= TCP:c:\windows\System32\SearchIndexer.exe:SearchIndexer
"{77F92F00-7B90-4623-B2E7-645727230791}"= UDP:c:\windows\explorer.exe:Explorer
"{F8063591-42AB-4143-8E5F-F2F0D6317663}"= TCP:c:\windows\explorer.exe:Explorer
"{A32F622D-25F0-477E-A5FF-B1B73CA84EA6}"= UDP:c:\program files\Microsoft LifeCam\MSCamS32.exe:MSCamS32
"{E26E5B36-3E35-4C9B-98EC-F54F1A007E06}"= TCP:c:\program files\Microsoft LifeCam\MSCamS32.exe:MSCamS32
"{BBBB5268-C05B-4BFE-BAEA-31536E76D7D8}"= UDP:c:\combofix\NirCmd.cfexe:NirCmd
"{5799FA8B-B384-483D-A66C-88C127FBAB20}"= TCP:c:\combofix\NirCmd.cfexe:NirCmd
"{C4606F59-A627-4BFB-98BA-731B30DB55F6}"= UDP:c:\windows\System32\dwm.exe:Dwm
"{C97C069A-2F0D-4469-B5DF-1640115E54DD}"= TCP:c:\windows\System32\dwm.exe:Dwm
"{A2A313F6-5C48-4345-98E0-69C0B217EF9F}"= UDP:c:\program files\McAfee\SiteAdvisor\McSACore.exe:McSACore
"{05A601D6-6206-4B59-A7ED-B6C219CEEA16}"= TCP:c:\program files\McAfee\SiteAdvisor\McSACore.exe:McSACore

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R3 SliceDisk5;SliceDisk5; [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-01-23 203280]
S3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1E60x86.sys [2008-09-23 48128]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2008-02-14 250880]


--- ---

*Deregistered* - sptd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{68006ea1-d139-11dd-a5da-806e6f6e6963}]
\shell\AutoRun\command - D:\SETUP.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b31bee84-0f47-11de-95f6-806e6f6e6963}]
\shell\AutoRun\command - D:\SETUP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Conteúdo da pasta 'Tarefas Agendadas'

2009-04-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-03-19 10:53]

2009-04-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-03-19 10:53]
.
- - - - ORFÃOS REMOVIDOS - - - -

BHO-{c25d9cb2-0225-4173-848e-1cf5cdfd610f} - c:\windows\system32\vegozadi.dll
WebBrowser-{32099AAC-C132-4136-9E9A-4E364A424E17} - (no file)
HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\uniblue\registrybooster\StartRegistryBooster.exe
SharedTaskScheduler-{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\mopidozu.dll
SafeBoot-mfehidk
SafeBoot-mferkdk
SafeBoot-mfetdik
SafeBoot-mfetdik.sys


.
------- Scan Suplementar -------
.
uStart Page = hxxp://ww.google.pt/
uInternet Settings,ProxyOverride = *.local
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-15 23:28
Windows 6.0.6001 Service Pack 1 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\VDeck\VDeck.exe????????????????????????????????????????????

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos:

**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'Explorer.exe'(424)
c:\program files\McAfee\SiteAdvisor\saHook.dll
.
------------------------ Outros Processos em Execução ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\conime.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Brother\ControlCenter3\BrccMCtl.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Brother\Brmfcmon\BrMfcMon.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\windows\System32\rundll32.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\System32\PnkBstrA.exe
c:\windows\System32\PnkBstrB.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\Common Files\McAfee\MNA\McNASvc.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Tempo para conclusão: 2009-04-15 23:32 - Máquina reiniciou
ComboFix-quarantined-files.txt 2009-04-15 22:32

Pré-execução: 69.479.682.048 bytes livres
Pós execução: 69.768.572.928 bytes livres

344 --- E O F --- 2009-03-12 17:49

#6 Jat90

Jat90

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:06:16 AM

Posted 15 April 2009 - 05:43 PM

Hello,

Looks better:

CFScript

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\System32\toraheke.exe
c:\windows\System32\papulihe.exe
c:\windows\System32\yoduseya.exe
c:\windows\System32\rosotuse.exe
c:\windows\System32\kogetagi.exe
c:\windows\System32\pujosove.exe


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

ESET Online Scan

Please go to Eset website to perform an online scan. Please use Internet Explorer as it uses ActiveX.
  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Uncheck (untick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, you will find a log in C:\Program Files\esetonlinescanner\log.txt. Please post this log in your next reply.


In your next reply, please post:
  • ComboFix log
  • DDS log

- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image

#7 fpnc

fpnc
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:16 AM

Posted 15 April 2009 - 08:33 PM

by DDS log u meant the ESET log right?
or another DDS like i posted before?

if i did wrong no problem posting a dds log or doing all again eheh :)

sry :thumbup2:


COMBOFIX LOG


ComboFix 09-04-15.08 - Paulo Machado 16-04-2009 1:39.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.351.2070.18.3582.2621 [GMT 1:00]
Executando de: c:\users\Paulo Machado\Desktop\Inês\joao\ComboFix.exe
Comandos utilizados :: c:\users\Paulo Machado\Desktop\Inês\joao\CFScript.txt

FILE ::
c:\windows\System32\kogetagi.exe
c:\windows\System32\papulihe.exe
c:\windows\System32\pujosove.exe
c:\windows\System32\rosotuse.exe
c:\windows\System32\toraheke.exe
c:\windows\System32\yoduseya.exe
.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\ovfsthcsuwckxemtuqwcothrpnyruscrhlrkjx.sys
c:\windows\System32\kogetagi.exe
c:\windows\system32\ovfsthenijcwbittbpfamftnkiwwbhhcrmijbe.dat
c:\windows\system32\ovfsthkroqeepniscqyefpthmpwxilipbrxrnn.dll
c:\windows\system32\ovfsthkxpsemujvorxkdkbodgpttjvwwhcsmbf.dat
c:\windows\system32\ovfsthstexxqxkifipyhsjovuujgvmnwuqsent.dll
c:\windows\system32\ovfsthxxeibejrestvswqwprotpvsxcvayvaya.dll
c:\windows\System32\papulihe.exe
c:\windows\System32\pujosove.exe
c:\windows\System32\rosotuse.exe
c:\windows\System32\toraheke.exe
c:\windows\System32\yoduseya.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ovfsthyqfmfpctuanxtktragmotwroecmehugu


(((((((((((((((( Arquivos/Ficheiros criados de 2009-03-16 to 2009-04-16 ))))))))))))))))))))))))))))
.

2009-04-15 18:11 . 2009-04-15 18:34 -------- d-----w c:\program files\AVI2ISO
2009-04-14 21:29 . 2009-04-14 21:29 -------- d-----w c:\users\All Users\DVD Shrink
2009-04-14 21:29 . 2009-04-14 21:29 -------- d-----w c:\programdata\DVD Shrink
2009-04-14 21:29 . 2009-04-14 21:29 -------- d-----w c:\program files\DVD Shrink
2009-04-09 21:31 . 2009-04-11 13:31 108032 ----a-w C:\paret2.exe
2009-04-07 21:16 . 2009-04-08 11:41 155 ----a-w c:\windows\system32\SelfDel.bat
2009-04-06 12:31 . 2009-04-06 12:31 -------- d-----w c:\users\Paulo Machado\AppData\Roaming\DAEMON Tools Pro
2009-04-05 23:55 . 2009-04-15 11:14 116848982 ----a-w c:\windows\MEMORY.DMP
2009-04-05 21:47 . 2009-04-05 21:47 -------- d-----w c:\users\All Users\DAEMON Tools Lite
2009-04-05 21:47 . 2009-04-05 21:47 -------- d-----w c:\programdata\DAEMON Tools Lite
2009-04-05 21:46 . 2009-04-09 21:05 -------- d-----w c:\program files\DAEMON Tools Toolbar
2009-04-05 21:45 . 2009-04-05 21:46 -------- d-----w c:\program files\DAEMON Tools Lite
2009-04-05 21:45 . 2009-04-06 12:31 -------- d-----w c:\users\Paulo Machado\AppData\Roaming\DAEMON Tools Lite
2009-04-04 11:28 . 2009-04-04 11:28 -------- d-----w c:\program files\Trend Micro
2009-04-03 15:47 . 2009-04-03 15:47 -------- d-----w c:\windows\McAfee.com
2009-04-03 15:05 . 2009-04-03 15:05 -------- d-----w c:\windows\PCHEALTH
2009-04-03 15:03 . 2009-04-03 15:33 -------- d-----w c:\program files\Windows Live
2009-04-03 12:43 . 2009-04-03 12:43 -------- d-----w c:\program files\Safer Networking
2009-04-03 12:40 . 2009-04-04 12:46 326 ----a-w c:\windows\wininit.ini
2009-04-03 12:05 . 2009-04-05 15:33 -------- d-----w c:\users\All Users\Spybot - Search & Destroy
2009-04-03 12:05 . 2009-04-05 15:33 -------- d-----w c:\programdata\Spybot - Search & Destroy
2009-04-03 11:57 . 2009-04-03 11:57 -------- d-----w c:\users\Paulo Machado\AppData\Roaming\Uniblue
2009-04-03 11:56 . 2009-04-03 12:04 -------- dc-h--w c:\users\All Users\~0
2009-04-03 11:56 . 2009-04-03 12:04 -------- dc-h--w c:\programdata\~0
2009-04-02 21:09 . 2009-04-03 11:38 -------- d-----w c:\users\Paulo Machado\Tracing
2009-04-02 21:08 . 2009-04-02 21:08 -------- d-----w c:\program files\Windows Live SkyDrive
2009-04-02 21:05 . 2009-04-02 21:05 -------- d-----w c:\program files\Common Files\Windows Live
2009-04-01 18:43 . 2009-04-01 19:45 -------- d-----w c:\users\Paulo Machado\AppData\Roaming\Vso
2009-04-01 18:43 . 2009-04-01 18:43 47360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2009-04-01 18:43 . 2009-04-01 18:43 47360 ----a-w c:\users\Paulo Machado\AppData\Roaming\pcouffin.sys
2009-04-01 18:43 . 2007-03-18 19:37 65602 ----a-w c:\windows\system32\cook3260.dll
2009-04-01 18:43 . 2006-09-29 11:26 176165 ----a-w c:\windows\system32\drv23260.dll
2009-04-01 18:43 . 2006-09-29 11:25 208935 ----a-w c:\windows\system32\drv33260.dll
2009-04-01 18:43 . 2006-09-29 11:24 217127 ----a-w c:\windows\system32\drv43260.dll
2009-04-01 18:43 . 2006-05-20 15:16 1184984 ----a-w c:\windows\system32\wvc1dmod.dll
2009-04-01 18:43 . 2006-05-11 18:21 626688 ----a-w c:\windows\system32\vp7vfw.dll
2009-04-01 18:43 . 2002-12-10 01:20 102439 ----a-w c:\windows\system32\sipr3260.dll
2009-04-01 18:43 . 2009-04-01 18:43 -------- d-----w c:\program files\VSO
2009-03-22 17:26 . 2005-08-30 01:49 94000 ----a-w c:\windows\system32\drivers\ssm_mdm.sys
2009-03-22 17:26 . 2005-08-30 01:49 8336 ----a-w c:\windows\system32\drivers\ssm_mdfl.sys
2009-03-22 17:26 . 2005-08-30 01:49 6176 ----a-w c:\windows\system32\drivers\ssm_cmnt.sys
2009-03-22 17:26 . 2005-08-30 01:49 6176 ----a-w c:\windows\system32\drivers\ssm_cm.sys
2009-03-22 17:24 . 2009-03-22 17:28 -------- d-----w c:\windows\system32\Samsung_USB_Drivers
2009-03-22 17:24 . 2005-08-28 20:51 766 ----a-w c:\windows\system32\Uninstall.ico
2009-03-20 23:11 . 2009-03-20 23:11 -------- d-----w c:\windows\Sun

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-16 00:38 . 2009-04-16 00:38 2048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
2009-04-16 00:38 . 2009-04-16 00:38 2048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
2009-04-16 00:38 . 2006-11-02 13:02 49152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2009-04-16 00:38 . 2006-11-02 13:02 32768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2009-04-16 00:38 . 2006-11-02 13:02 32768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2009-04-16 00:37 . 2007-01-18 04:49 654934 ----a-w c:\windows\System32\prfh0816.dat
2009-04-16 00:37 . 2007-01-18 04:49 132082 ----a-w c:\windows\System32\prfc0816.dat
2009-04-15 23:52 . 2009-01-03 21:33 -------- d-----w c:\program files\Steam
2009-04-15 21:54 . 2009-01-26 00:58 -------- d-----w c:\users\Paulo Machado\AppData\Roaming\dvdcss
2009-04-15 18:36 . 2009-01-24 20:20 -------- d-----w c:\program files\XviD MPEG-4 Video Codec 1.2.0
2009-04-15 18:35 . 2009-01-24 20:02 -------- d-----w c:\program files\AviSynth 2.5
2009-04-09 21:06 . 2008-12-23 21:05 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-08 19:09 . 2008-12-23 20:42 680 ----a-w c:\users\Paulo Machado\AppData\Local\d3d9caps.dat
2009-04-06 12:43 . 2009-02-05 23:58 -------- d-----w c:\program files\Java
2009-04-06 12:31 . 2008-12-28 15:33 -------- d-----w c:\users\Paulo Machado\AppData\Roaming\DAEMON Tools
2009-04-05 15:54 . 2009-04-05 15:54 8433 ----a-w C:\hijackthis.log
2009-04-03 15:04 . 2008-12-26 22:53 -------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2009-04-03 15:02 . 2008-12-26 22:51 -------- d-----w c:\programdata\WLInstaller
2009-04-03 12:04 . 2009-02-27 16:49 -------- d-----w c:\program files\Common Files\DVDVideoSoft
2009-04-02 16:27 . 2008-12-28 15:52 -------- d-----w c:\program files\McAfee
2009-04-01 18:43 . 2006-11-02 10:25 51200 ----a-w c:\windows\Inf\infpub.dat
2009-04-01 18:43 . 2006-11-02 10:25 143360 ----a-w c:\windows\Inf\infstrng.dat
2009-04-01 18:43 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infstor.dat
2009-03-29 15:29 . 2009-01-20 23:45 230424 ----a-w C:\img2-001.raw
2009-03-22 17:21 . 2009-02-11 12:07 -------- d-----w c:\program files\Common Files\Adobe
2009-03-21 23:44 . 2009-01-20 19:26 -------- d-----w c:\program files\SubSync
2009-03-21 23:44 . 2009-01-20 19:26 249856 ------w c:\windows\Setup1.exe
2009-03-21 23:44 . 2009-01-20 19:26 73216 ----a-w c:\windows\ST6UNST.EXE
2009-03-19 20:12 . 2009-01-12 20:22 48 --sh--w c:\windows\SBE112F39.tmp
2009-03-18 16:22 . 2009-01-03 21:33 -------- d-----w c:\program files\Common Files\Steam
2009-03-12 20:25 . 2009-01-28 23:40 -------- d-----w c:\users\Paulo Machado\AppData\Roaming\Hamachi
2009-03-12 17:49 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-03-09 04:19 . 2009-02-05 23:58 410984 ----a-w c:\windows\System32\deploytk.dll
2009-03-08 23:08 . 2009-03-08 23:08 -------- d-----w c:\users\Paulo Machado\AppData\Roaming\teamspeak2
2009-02-27 16:56 . 2009-02-27 16:56 17871 ----a-w c:\windows\System32\SpoonUninstall-dBpowerAMP Music Converter.dat
2009-02-27 16:56 . 2009-02-27 16:56 167936 ----a-w c:\windows\System32\SpoonUninstall.exe
2009-02-27 16:56 . 2009-02-27 16:56 -------- d-----w c:\program files\Illustrate
2009-02-27 16:49 . 2009-02-27 16:49 -------- d-----w c:\program files\DVDVideoSoft
2009-02-27 15:50 . 2009-02-27 15:50 -------- d-----w c:\programdata\eMule
2009-02-27 15:50 . 2009-02-27 15:50 -------- d-----w c:\program files\eMule
2009-02-18 21:13 . 2008-12-23 20:42 56728 ----a-w c:\users\Paulo Machado\AppData\Local\GDIPFONTCACHEV1.DAT
2009-02-13 17:21 . 2008-12-30 20:48 202040 ----a-w c:\windows\System32\PnkBstrB.exe
2009-02-09 03:10 . 2009-03-11 11:45 2033152 ----a-w c:\windows\System32\win32k.sys
2008-12-30 20:49 . 2008-12-30 20:49 22328 ----a-w c:\users\Paulo Machado\AppData\Roaming\PnkBstrK.sys
2008-12-25 20:31 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((( SnapShot@2009-04-15_22.28.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-11-02 07:33 . 2006-11-02 07:33 48128 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6001.18226_none_f35dec30ba31667b\mshtmler.dll
+ 2008-12-25 18:20 . 2008-01-19 07:33 72704 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.18226_none_ae22877d06d0b3c6\admparse.dll
+ 2008-12-24 10:19 . 2008-12-24 10:19 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18226_none_01d9592da1dddc20\WininetPlugin.dll
+ 2008-12-23 21:09 . 2009-04-16 00:40 43310 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-04-16 00:40 73352 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2006-11-02 13:02 . 2009-04-15 22:22 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2006-11-02 13:02 . 2009-04-16 00:38 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2006-11-02 13:02 . 2009-04-15 22:22 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2006-11-02 13:02 . 2009-04-16 00:38 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2006-11-02 13:02 . 2009-04-16 00:38 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2006-11-02 13:02 . 2009-04-15 22:22 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-12-25 18:20 . 2008-01-19 07:33 9728 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18215_none_a644c0145ccecd28\lsass.exe
+ 2008-12-23 20:43 . 2009-04-16 00:40 8226 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1130331581-1154666309-3599531796-1000_UserData.bin
+ 2009-04-16 00:22 . 2009-04-16 00:22 4316 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\5466C31D6E9F5813D0E6EECB48AEB809E6DB7AC9\5466C31D6E9F5813D0E6EECB48AEB809E6DB7AC9\Data.dat
- 2009-04-15 22:02 . 2009-04-15 22:02 4790 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\46E6C6F5B21AB7C775233AB319556E94B3AA8CEE\46E6C6F5B21AB7C775233AB319556E94B3AA8CEE\Data.dat
+ 2009-04-16 00:14 . 2009-04-16 00:14 4790 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\46E6C6F5B21AB7C775233AB319556E94B3AA8CEE\46E6C6F5B21AB7C775233AB319556E94B3AA8CEE\Data.dat
+ 2009-04-16 00:31 . 2009-04-16 00:31 6038 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\3A3C5F7CC9415160B34912634CB95978E99A7DDE\3A3C5F7CC9415160B34912634CB95978E99A7DDE\Data.dat
- 2009-04-15 21:55 . 2009-04-15 21:55 6038 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\3A3C5F7CC9415160B34912634CB95978E99A7DDE\3A3C5F7CC9415160B34912634CB95978E99A7DDE\Data.dat
- 2009-04-15 21:55 . 2009-04-15 21:55 5952 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\1A3A2A5ED2CFC8590C0060C5C31BCCC2B8A60B86\1A3A2A5ED2CFC8590C0060C5C31BCCC2B8A60B86\Data.dat
+ 2009-04-16 00:34 . 2009-04-16 00:34 5952 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\1A3A2A5ED2CFC8590C0060C5C31BCCC2B8A60B86\1A3A2A5ED2CFC8590C0060C5C31BCCC2B8A60B86\Data.dat
+ 2009-04-16 00:19 . 2009-04-16 00:19 5152 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\10E0F88A7198DBB9F42187A3C4BCD6C24493B7D8\10E0F88A7198DBB9F42187A3C4BCD6C24493B7D8\Data.dat
+ 2009-04-16 00:38 . 2009-04-16 00:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-04-16 00:38 . 2009-04-16 00:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-12-25 18:22 . 2008-01-19 07:43 441400 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18215_none_a644c0145ccecd28\ksecdd.sys
+ 2006-11-02 08:43 . 2006-11-02 09:51 407144 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21010_none_a4e2f4e978ca9090\ksecdd.sys
+ 2006-11-02 08:43 . 2006-11-02 09:51 407144 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16820_none_a44eb0105fb4d975\ksecdd.sys
+ 2008-12-24 10:19 . 2008-12-24 10:19 180736 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.18226_none_6492d24fae29d383\ieui.dll
+ 2008-12-24 10:18 . 2008-12-24 10:18 129536 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18226_none_479410098c8efa7d\sqmapi.dll
+ 2006-11-02 07:27 . 2006-11-02 09:39 161792 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.18226_none_ae22877d06d0b3c6\ieakui.dll
- 2007-01-18 04:49 . 2009-04-15 18:40 654934 c:\windows\System32\prfh0816.dat
+ 2007-01-18 04:49 . 2009-04-16 00:37 654934 c:\windows\System32\prfh0816.dat
+ 2007-01-18 04:49 . 2009-04-16 00:37 132082 c:\windows\System32\prfc0816.dat
- 2007-01-18 04:49 . 2009-04-15 18:40 132082 c:\windows\System32\prfc0816.dat
+ 2006-11-02 10:33 . 2009-04-16 00:37 591476 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-04-15 18:40 591476 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-04-15 18:40 105356 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-04-16 00:37 105356 c:\windows\System32\perfc009.dat
+ 2006-11-02 12:47 . 2009-04-16 00:39 262144 c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2006-11-02 12:47 . 2009-04-15 22:28 262144 c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2006-11-02 12:47 . 2009-04-15 22:28 262144 c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2006-11-02 12:47 . 2009-04-16 00:40 262144 c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-12-24 10:19 . 2008-12-24 10:19 2455488 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.21023_none_fa22b17087c34c89\ieapfltr.dat
+ 2008-12-24 10:19 . 2008-12-24 10:19 2455488 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16830_none_f98b6bb96eb04969\ieapfltr.dat
+ 2006-11-02 10:22 . 2009-04-16 00:32 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2006-11-02 10:22 . 2009-04-03 15:37 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2008-12-25 13:51 . 2009-04-15 22:34 145519371 c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
.
-- Snapshot resetado para data atual --
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2008-03-25 14131200]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-08 645328]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfehidk.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mferkdk.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Users^Paulo Machado^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\users\Paulo Machado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-12-29 10:40 687560 ----a-w c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2007-01-29 21:10 46632 ----a-w c:\program files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-04-19 13:26 484904 ----a-w c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 15:57 153136 ----a-w c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2007-01-29 21:12 30248 ----a-w c:\program files\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPort11reminder]
2007-02-01 13:46 255528 ----a-w c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2008-01-19 07:33 1233920 ----a-w c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 09:03 210472 ----a-w c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-03-09 04:19 148888 ----a-w c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1130331581-1154666309-3599531796-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{67A44428-8E3C-4E2F-8096-8A7FEFD888AF}c:\\program files\\windows sidebar\\sidebar.exe"= UDP:c:\program files\windows sidebar\sidebar.exe:Barra lateral do Windows
"UDP Query User{BB953416-7053-4397-ACA3-6848F4C66C5D}c:\\program files\\windows sidebar\\sidebar.exe"= TCP:c:\program files\windows sidebar\sidebar.exe:Barra lateral do Windows
"{CB29AAE3-C879-4965-9584-99A6D2CB562A}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{E39BE721-5CDA-4037-949C-D8255BF12F55}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{41F518AF-6619-475C-9571-7AE32D503553}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{7E0F28FE-3BAA-482C-8717-E03CE31FEFAA}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{345CB6E6-67E2-4D04-9620-74D5D486F9F3}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{8A60D238-6FC9-45F6-842E-762E1C4F25C3}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare™
"{EE506C63-7222-4C03-9AA3-0CBC5C9AB3A2}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare™
"{8B10CCD6-0E15-4DA6-9686-2ABEF2833063}"= UDP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{C959D744-95CC-4AAB-912D-019D22837FEB}"= TCP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{2FF38F3F-A204-4A70-8C4A-C05773FE5AE4}"= UDP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{B79FE053-1C6F-4452-9A91-1B621D7E859F}"= TCP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{F29318F3-57B0-40E5-B1C1-CDB4D879558D}"= UDP:c:\windows\explorer.exe:Explorer
"{3A8387B3-5E21-403A-B01E-377F3079396F}"= TCP:c:\windows\explorer.exe:Explorer
"{5DE32FDB-C968-4EB8-9CBE-7D14623AB039}"= UDP:c:\program files\McAfee\VirusScan\mcvsmap.exe:mcvsmap
"{4CD3435D-AAD7-41AD-A68D-E8525291A5CF}"= TCP:c:\program files\McAfee\VirusScan\mcvsmap.exe:mcvsmap
"{4AF792AE-81E1-4C2F-AD59-42204C3DA3FE}"= UDP:c:\windows\System32\dwm.exe:Dwm
"{FFABDF6C-081F-4D75-BC00-92B40780A83B}"= TCP:c:\windows\System32\dwm.exe:Dwm
"{04DC8800-C282-451F-9FEC-A701637483BF}"= UDP:c:\windows\System32\LogonUI.exe:LogonUI
"{ABCEAE1D-9459-4DF6-92F6-5D6320D14CA8}"= TCP:c:\windows\System32\LogonUI.exe:LogonUI
"{CA3C2CB3-CB47-4D24-9CD7-21235544BA49}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{931F6369-FEB2-4911-B8EF-F86C2C2F045B}"= UDP:c:\windows\System32\wininit.exe:wininit
"{31BEE82B-623A-4FD6-810F-2BF4FC1FC226}"= TCP:c:\windows\System32\wininit.exe:wininit
"{A52613FC-8C13-4032-8F19-0D15642E47E9}"= UDP:c:\windows\System32\taskeng.exe:taskeng
"{47BA3F39-3B61-452F-A482-3C3A1C5E8D76}"= TCP:c:\windows\System32\taskeng.exe:taskeng
"{58F3643E-A491-4F8A-B1DE-90A9DB4DC485}"= UDP:c:\windows\System32\services.exe:services
"{3952E4EF-6AB9-42A1-B415-465D1B27B121}"= TCP:c:\windows\System32\services.exe:services
"{0BB51D01-E942-4411-9C21-2B6F40816568}"= UDP:c:\windows\System32\services.exe:services
"{40BB5D3C-C509-47B5-8E10-FAEA38C48533}"= TCP:c:\windows\System32\services.exe:services
"{46603B7B-3C9B-4923-8296-6112CBAEA290}"= UDP:c:\windows\System32\lsass.exe:lsass
"{8EEF70C8-D19C-41AA-829F-C171A939F596}"= TCP:c:\windows\System32\lsass.exe:lsass
"{FEEB1D79-EA81-4655-A2D8-1530C0CEAFE1}"= UDP:c:\program files\McAfee\MSC\mcmscsvc.exe:mcmscsvc
"{8582C608-FE0E-42FE-BEB1-5BB16824FBEF}"= TCP:c:\program files\McAfee\MSC\mcmscsvc.exe:mcmscsvc
"{964530BF-4818-4B67-BF13-DBEA850CEFEC}"= UDP:c:\program files\McAfee\MPF\MpfSrv.exe:MPFSrv
"{2210A3C2-6B33-4685-B081-DCC8B7C9F35D}"= TCP:c:\program files\McAfee\MPF\MpfSrv.exe:MPFSrv
"{7B3EDE70-0871-4EF1-B94A-AA1CC9F91439}"= UDP:c:\windows\System32\Ati2evxx.exe:Ati2evxx
"{17AD1397-5975-494E-9355-94D789E7CA9A}"= TCP:c:\windows\System32\Ati2evxx.exe:Ati2evxx
"{3214D0D9-C7CD-470D-A706-52431F048D2F}"= UDP:c:\windows\System32\SearchIndexer.exe:SearchIndexer
"{754847D7-B6E4-4351-84C7-3AEA97434079}"= UDP:c:\windows\System32\SearchIndexer.exe:SearchIndexer
"{36395B9A-C60C-48AB-B8C4-5726E6A9C719}"= TCP:c:\windows\System32\SearchIndexer.exe:SearchIndexer
"{064E850C-4682-465E-818F-D553E683E231}"= TCP:c:\windows\System32\SearchIndexer.exe:SearchIndexer
"{77F92F00-7B90-4623-B2E7-645727230791}"= UDP:c:\windows\explorer.exe:Explorer
"{F8063591-42AB-4143-8E5F-F2F0D6317663}"= TCP:c:\windows\explorer.exe:Explorer
"{A32F622D-25F0-477E-A5FF-B1B73CA84EA6}"= UDP:c:\program files\Microsoft LifeCam\MSCamS32.exe:MSCamS32
"{E26E5B36-3E35-4C9B-98EC-F54F1A007E06}"= TCP:c:\program files\Microsoft LifeCam\MSCamS32.exe:MSCamS32
"{BBBB5268-C05B-4BFE-BAEA-31536E76D7D8}"= UDP:c:\combofix\NirCmd.cfexe:NirCmd
"{5799FA8B-B384-483D-A66C-88C127FBAB20}"= TCP:c:\combofix\NirCmd.cfexe:NirCmd
"{C4606F59-A627-4BFB-98BA-731B30DB55F6}"= UDP:c:\windows\System32\dwm.exe:Dwm
"{C97C069A-2F0D-4469-B5DF-1640115E54DD}"= TCP:c:\windows\System32\dwm.exe:Dwm
"{A2A313F6-5C48-4345-98E0-69C0B217EF9F}"= UDP:c:\program files\McAfee\SiteAdvisor\McSACore.exe:McSACore
"{05A601D6-6206-4B59-A7ED-B6C219CEEA16}"= TCP:c:\program files\McAfee\SiteAdvisor\McSACore.exe:McSACore

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R3 SliceDisk5;SliceDisk5; [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-01-23 203280]
S3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1E60x86.sys [2008-09-23 48128]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2008-02-14 250880]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{68006ea1-d139-11dd-a5da-806e6f6e6963}]
\shell\AutoRun\command - D:\SETUP.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b31bee84-0f47-11de-95f6-806e6f6e6963}]
\shell\AutoRun\command - D:\SETUP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Conteúdo da pasta 'Tarefas Agendadas'

2009-04-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-03-19 10:53]

2009-04-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-03-19 10:53]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://ww.google.pt/
uInternet Settings,ProxyOverride = *.local
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-16 01:41
Windows 6.0.6001 Service Pack 1 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\VDeck\VDeck.exe????????????????????????????????????????????

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos:

**************************************************************************
.
Tempo para conclusão: 2009-04-16 1:43
ComboFix-quarantined-files.txt 2009-04-16 00:43
ComboFix2.txt 2009-04-15 22:32

Pré-execução: 69.608.222.720 bytes livres
Pós execução: 69.607.002.112 bytes livres

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
331 --- E O F --- 2009-03-12 17:49


ESET LOG


# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=4011 (20090415)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=a39d09d3afcb9f458274ac81de0a1174
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2009-04-16 01:27:23
# local_time=2009-04-16 02:27:23 (+0000, Hora de Verão de GMT)
# country="Portugal"
# osver=6.0.6001 NT Service Pack 1
# scanned=301446
# found=4
# scan_time=2053
C:\paret2.exe Win32/Adware.Virtumonde application A8145ADEB3D3AD266BA153F7F581DA2D
C:\paret2.exe »CAB »noj.exe Win32/Adware.Virtumonde application 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Windows\System32\abegurod.ini.vir Win32/Adware.Virtumonde.NEO~datafile application 5C3CF644B260E0514C0AD3FBEC71E751
C:\Qoobox\Quarantine\C\Windows\System32\aduripaf.ini.vir Win32/Adware.Virtumonde.NEO~datafile application FB4AFAA4C995B8DB1A5846329F7317DA

#8 Jat90

Jat90

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:06:16 AM

Posted 16 April 2009 - 05:59 AM

Hello,

Yes, I meant ESET log sorry. Let's do this:

CFScript

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\paret2.exe


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image

#9 fpnc

fpnc
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:16 AM

Posted 16 April 2009 - 06:06 AM

it says there`s a new combo fix version

i update it or not?

#10 Jat90

Jat90

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:06:16 AM

Posted 16 April 2009 - 06:28 AM

Shouldn't be necessary now, we are nearly done :thumbup2:
- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image

#11 fpnc

fpnc
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:16 AM

Posted 16 April 2009 - 06:37 AM

ComboFix 09-04-15.08 - Paulo Machado 16-04-2009 12:31.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.351.2070.18.3582.2672 [GMT 1:00]
Executando de: c:\users\Paulo Machado\Desktop\Inês\joao\ComboFix.exe
Comandos utilizados :: c:\users\Paulo Machado\Desktop\Inês\joao\CFScript.txt
* Criado um novo ponto de restauro

FILE ::
C:\paret2.exe
.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\paret2.exe
c:\windows\system32\drivers\ovfsth.sys
c:\windows\system32\drivers\ovfsthywtxadpnvqvmpeienjofwmbafpkpkgxx.sys
c:\windows\system32\ovfsthdcbqtpduebpdbhbsodivodftuajbpypl.dll
c:\windows\system32\ovfsthdihjqxynycuknfmbuxifqiwwfiqolcnu.dll
c:\windows\system32\ovfsthenijcwbittbpfamftnkiwwbhhcrmijbe.dat
c:\windows\system32\ovfsthfcppgskppuoqmyrtepprbaloonmebbwr.dll
c:\windows\system32\ovfsthfwrxfjbmylghctaicehvfvuleotqxbti.dll
c:\windows\system32\ovfsthhtiwbeoptvsbiokmeefxdmqwpjcdqrub.dll
c:\windows\system32\ovfsthhtrdxieqseobtvhrhgdsinlpbmvqpgxb.dll
c:\windows\system32\ovfsthjhfftunxljpporkuxodplqfxpycunwjv.dll
c:\windows\system32\ovfsthkroqeepniscqyefpthmpwxilipbrxrnn.dll
c:\windows\system32\ovfsthkxpsemujvorxkdkbodgpttjvwwhcsmbf.dat
c:\windows\system32\ovfsthncysvjpgtiaintnheoqvntqerawcqybq.dat
c:\windows\system32\ovfsthnerqipbrgnpuijtpbikxnsutfqhxphwt.dll
c:\windows\system32\ovfsthopfeduwvpywbsdkxpdyesirafpumubia.dat
c:\windows\system32\ovfsthpfxkrxdutpcveucdaprwdcwuwiawexvr.dat
c:\windows\system32\ovfsthqtljlwxthuitqhbqcnymivmtenegewmf.dat
c:\windows\system32\ovfsthrdptrmbioxigtmvfqckrcbsyuoxibyeg.dll
c:\windows\system32\ovfsthstexxqxkifipyhsjovuujgvmnwuqsent.dll
c:\windows\system32\ovfsthuxodeeoaxbenuibgglhboemptbsjgwio.dat
c:\windows\system32\ovfsthxxeibejrestvswqwprotpvsxcvayvaya.dll
c:\windows\system32\ovfsthygewxvwflwwwwstjrqhbpiroimcwvomg.dat

.
(((((((((((((((( Arquivos/Ficheiros criados de 2009-03-16 to 2009-04-16 ))))))))))))))))))))))))))))
.

2009-04-16 10:45 . 2009-04-16 10:45 118 ----a-w c:\windows\system32\MRT.INI
2009-04-16 00:51 . 2009-04-16 01:27 -------- d-----w c:\program files\EsetOnlineScanner
2009-04-15 18:11 . 2009-04-15 18:34 -------- d-----w c:\program files\AVI2ISO
2009-04-14 21:29 . 2009-04-14 21:29 -------- d-----w c:\users\All Users\DVD Shrink
2009-04-14 21:29 . 2009-04-14 21:29 -------- d-----w c:\programdata\DVD Shrink
2009-04-14 21:29 . 2009-04-14 21:29 -------- d-----w c:\program files\DVD Shrink
2009-04-07 21:16 . 2009-04-08 11:41 155 ----a-w c:\windows\system32\SelfDel.bat
2009-04-06 12:31 . 2009-04-06 12:31 -------- d-----w c:\users\Paulo Machado\AppData\Roaming\DAEMON Tools Pro
2009-04-05 23:55 . 2009-04-15 11:14 116848982 ----a-w c:\windows\MEMORY.DMP
2009-04-05 21:47 . 2009-04-05 21:47 -------- d-----w c:\users\All Users\DAEMON Tools Lite
2009-04-05 21:47 . 2009-04-05 21:47 -------- d-----w c:\programdata\DAEMON Tools Lite
2009-04-05 21:46 . 2009-04-09 21:05 -------- d-----w c:\program files\DAEMON Tools Toolbar
2009-04-05 21:45 . 2009-04-05 21:46 -------- d-----w c:\program files\DAEMON Tools Lite
2009-04-05 21:45 . 2009-04-06 12:31 -------- d-----w c:\users\Paulo Machado\AppData\Roaming\DAEMON Tools Lite
2009-04-04 11:28 . 2009-04-04 11:28 -------- d-----w c:\program files\Trend Micro
2009-04-03 15:47 . 2009-04-03 15:47 -------- d-----w c:\windows\McAfee.com
2009-04-03 15:05 . 2009-04-03 15:05 -------- d-----w c:\windows\PCHEALTH
2009-04-03 15:03 . 2009-04-03 15:33 -------- d-----w c:\program files\Windows Live
2009-04-03 12:43 . 2009-04-03 12:43 -------- d-----w c:\program files\Safer Networking
2009-04-03 12:40 . 2009-04-04 12:46 326 ----a-w c:\windows\wininit.ini
2009-04-03 12:05 . 2009-04-05 15:33 -------- d-----w c:\users\All Users\Spybot - Search & Destroy
2009-04-03 12:05 . 2009-04-05 15:33 -------- d-----w c:\programdata\Spybot - Search & Destroy
2009-04-03 11:57 . 2009-04-03 11:57 -------- d-----w c:\users\Paulo Machado\AppData\Roaming\Uniblue
2009-04-03 11:56 . 2009-04-03 12:04 -------- dc-h--w c:\users\All Users\~0
2009-04-03 11:56 . 2009-04-03 12:04 -------- dc-h--w c:\programdata\~0
2009-04-02 21:09 . 2009-04-03 11:38 -------- d-----w c:\users\Paulo Machado\Tracing
2009-04-02 21:08 . 2009-04-02 21:08 -------- d-----w c:\program files\Windows Live SkyDrive
2009-04-02 21:05 . 2009-04-02 21:05 -------- d-----w c:\program files\Common Files\Windows Live
2009-04-01 18:43 . 2009-04-01 19:45 -------- d-----w c:\users\Paulo Machado\AppData\Roaming\Vso
2009-04-01 18:43 . 2009-04-01 18:43 47360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2009-04-01 18:43 . 2009-04-01 18:43 47360 ----a-w c:\users\Paulo Machado\AppData\Roaming\pcouffin.sys
2009-04-01 18:43 . 2007-03-18 19:37 65602 ----a-w c:\windows\system32\cook3260.dll
2009-04-01 18:43 . 2006-09-29 11:26 176165 ----a-w c:\windows\system32\drv23260.dll
2009-04-01 18:43 . 2006-09-29 11:25 208935 ----a-w c:\windows\system32\drv33260.dll
2009-04-01 18:43 . 2006-09-29 11:24 217127 ----a-w c:\windows\system32\drv43260.dll
2009-04-01 18:43 . 2006-05-20 15:16 1184984 ----a-w c:\windows\system32\wvc1dmod.dll
2009-04-01 18:43 . 2006-05-11 18:21 626688 ----a-w c:\windows\system32\vp7vfw.dll
2009-04-01 18:43 . 2002-12-10 01:20 102439 ----a-w c:\windows\system32\sipr3260.dll
2009-04-01 18:43 . 2009-04-01 18:43 -------- d-----w c:\program files\VSO
2009-03-22 17:26 . 2005-08-30 01:49 94000 ----a-w c:\windows\system32\drivers\ssm_mdm.sys
2009-03-22 17:26 . 2005-08-30 01:49 8336 ----a-w c:\windows\system32\drivers\ssm_mdfl.sys
2009-03-22 17:26 . 2005-08-30 01:49 6176 ----a-w c:\windows\system32\drivers\ssm_cmnt.sys
2009-03-22 17:26 . 2005-08-30 01:49 6176 ----a-w c:\windows\system32\drivers\ssm_cm.sys
2009-03-22 17:24 . 2009-03-22 17:28 -------- d-----w c:\windows\system32\Samsung_USB_Drivers
2009-03-22 17:24 . 2005-08-28 20:51 766 ----a-w c:\windows\system32\Uninstall.ico
2009-03-20 23:11 . 2009-03-20 23:11 -------- d-----w c:\windows\Sun

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-16 11:30 . 2006-11-02 13:02 49152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2009-04-16 11:30 . 2006-11-02 13:02 32768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2009-04-16 11:30 . 2006-11-02 13:02 32768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2009-04-16 10:52 . 2007-01-18 04:49 654934 ----a-w c:\windows\System32\prfh0816.dat
2009-04-16 10:52 . 2007-01-18 04:49 132082 ----a-w c:\windows\System32\prfc0816.dat
2009-04-16 10:47 . 2009-04-16 10:47 2048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
2009-04-16 10:47 . 2009-04-16 10:47 2048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
2009-04-16 10:46 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-15 23:52 . 2009-01-03 21:33 -------- d-----w c:\program files\Steam
2009-04-15 21:54 . 2009-01-26 00:58 -------- d-----w c:\users\Paulo Machado\AppData\Roaming\dvdcss
2009-04-15 18:36 . 2009-01-24 20:20 -------- d-----w c:\program files\XviD MPEG-4 Video Codec 1.2.0
2009-04-15 18:35 . 2009-01-24 20:02 -------- d-----w c:\program files\AviSynth 2.5
2009-04-09 21:06 . 2008-12-23 21:05 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-08 19:09 . 2008-12-23 20:42 680 ----a-w c:\users\Paulo Machado\AppData\Local\d3d9caps.dat
2009-04-06 12:43 . 2009-02-05 23:58 -------- d-----w c:\program files\Java
2009-04-06 12:31 . 2008-12-28 15:33 -------- d-----w c:\users\Paulo Machado\AppData\Roaming\DAEMON Tools
2009-04-05 15:54 . 2009-04-05 15:54 8433 ----a-w C:\hijackthis.log
2009-04-03 15:04 . 2008-12-26 22:53 -------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2009-04-03 15:02 . 2008-12-26 22:51 -------- d-----w c:\programdata\WLInstaller
2009-04-03 12:04 . 2009-02-27 16:49 -------- d-----w c:\program files\Common Files\DVDVideoSoft
2009-04-02 16:27 . 2008-12-28 15:52 -------- d-----w c:\program files\McAfee
2009-04-01 18:43 . 2006-11-02 10:25 51200 ----a-w c:\windows\Inf\infpub.dat
2009-04-01 18:43 . 2006-11-02 10:25 143360 ----a-w c:\windows\Inf\infstrng.dat
2009-04-01 18:43 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infstor.dat
2009-03-29 15:29 . 2009-01-20 23:45 230424 ----a-w C:\img2-001.raw
2009-03-22 17:21 . 2009-02-11 12:07 -------- d-----w c:\program files\Common Files\Adobe
2009-03-21 23:44 . 2009-01-20 19:26 -------- d-----w c:\program files\SubSync
2009-03-21 23:44 . 2009-01-20 19:26 249856 ------w c:\windows\Setup1.exe
2009-03-21 23:44 . 2009-01-20 19:26 73216 ----a-w c:\windows\ST6UNST.EXE
2009-03-19 20:12 . 2009-01-12 20:22 48 --sh--w c:\windows\SBE112F39.tmp
2009-03-18 16:22 . 2009-01-03 21:33 -------- d-----w c:\program files\Common Files\Steam
2009-03-17 03:38 . 2009-04-15 22:34 40960 ----a-w c:\windows\AppPatch\apihex86.dll
2009-03-17 03:38 . 2009-04-15 22:34 13824 ----a-w c:\windows\System32\apilogen.dll
2009-03-17 03:38 . 2009-04-15 22:34 24064 ----a-w c:\windows\System32\amxread.dll
2009-03-12 20:25 . 2009-01-28 23:40 -------- d-----w c:\users\Paulo Machado\AppData\Roaming\Hamachi
2009-03-09 04:19 . 2009-02-05 23:58 410984 ----a-w c:\windows\System32\deploytk.dll
2009-03-08 23:08 . 2009-03-08 23:08 -------- d-----w c:\users\Paulo Machado\AppData\Roaming\teamspeak2
2009-03-03 04:46 . 2009-04-15 22:34 3599328 ----a-w c:\windows\System32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-15 22:34 3547632 ----a-w c:\windows\System32\ntoskrnl.exe
2009-03-03 04:40 . 2009-04-15 22:34 827392 ----a-w c:\windows\System32\wininet.dll
2009-03-03 04:39 . 2009-04-15 22:34 183296 ----a-w c:\windows\System32\sdohlp.dll
2009-03-03 04:39 . 2009-04-15 22:34 551424 ----a-w c:\windows\System32\rpcss.dll
2009-03-03 04:39 . 2009-04-15 22:34 26112 ----a-w c:\windows\System32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-15 22:34 78336 ----a-w c:\windows\System32\ieencode.dll
2009-03-03 04:37 . 2009-04-15 22:34 98304 ----a-w c:\windows\System32\iasrecst.dll
2009-03-03 04:37 . 2009-04-15 22:34 54784 ----a-w c:\windows\System32\iasads.dll
2009-03-03 04:37 . 2009-04-15 22:34 44032 ----a-w c:\windows\System32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-15 22:34 666624 ----a-w c:\windows\System32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-15 22:34 17408 ----a-w c:\windows\System32\iashost.exe
2009-03-03 02:28 . 2009-04-15 22:34 26624 ----a-w c:\windows\System32\ieUnatt.exe
2009-02-27 16:56 . 2009-02-27 16:56 17871 ----a-w c:\windows\System32\SpoonUninstall-dBpowerAMP Music Converter.dat
2009-02-27 16:56 . 2009-02-27 16:56 167936 ----a-w c:\windows\System32\SpoonUninstall.exe
2009-02-27 16:56 . 2009-02-27 16:56 -------- d-----w c:\program files\Illustrate
2009-02-27 16:49 . 2009-02-27 16:49 -------- d-----w c:\program files\DVDVideoSoft
2009-02-27 15:50 . 2009-02-27 15:50 -------- d-----w c:\programdata\eMule
2009-02-27 15:50 . 2009-02-27 15:50 -------- d-----w c:\program files\eMule
2009-02-18 21:13 . 2008-12-23 20:42 56728 ----a-w c:\users\Paulo Machado\AppData\Local\GDIPFONTCACHEV1.DAT
2009-02-13 17:21 . 2008-12-30 20:48 202040 ----a-w c:\windows\System32\PnkBstrB.exe
2009-02-13 08:49 . 2009-04-15 22:34 72704 ----a-w c:\windows\System32\secur32.dll
2009-02-13 08:49 . 2009-04-15 22:34 1255936 ----a-w c:\windows\System32\lsasrv.dll
2009-02-09 03:10 . 2009-03-11 11:45 2033152 ----a-w c:\windows\System32\win32k.sys
2008-12-30 20:49 . 2008-12-30 20:49 22328 ----a-w c:\users\Paulo Machado\AppData\Roaming\PnkBstrK.sys
2008-12-25 20:31 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((( SnapShot_2009-04-16_00.41.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-15 22:34 . 2009-03-03 04:32 26112 c:\windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6001.22389_none_2be9bd5af4bd3b16\printfilterpipelineprxy.dll
+ 2009-04-15 22:34 . 2009-03-03 04:39 26112 c:\windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6001.18226_none_2b9dff39db71a7a1\printfilterpipelineprxy.dll
+ 2009-04-15 22:34 . 2009-03-03 04:17 26112 c:\windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6000.21023_none_2a3e34a2f76b9db7\printfilterpipelineprxy.dll
+ 2009-04-15 22:34 . 2009-03-03 04:19 24576 c:\windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6000.16830_none_29a6eeebde589a97\printfilterpipelineprxy.dll
+ 2009-04-15 22:34 . 2009-03-03 02:24 17408 c:\windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6001.22389_none_d16ab47d4f561502\iashost.exe
+ 2009-04-15 22:34 . 2009-03-03 04:28 47104 c:\windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6001.22389_none_d16ab47d4f561502\iasdatastore.dll
+ 2009-04-15 22:34 . 2009-03-03 04:28 57344 c:\windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6001.22389_none_d16ab47d4f561502\iasads.dll
+ 2009-04-15 22:34 . 2009-03-03 04:37 98304 c:\windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6001.18226_none_d11ef65c360a818d\iasrecst.dll
+ 2009-04-15 22:34 . 2009-03-03 02:38 17408 c:\windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6001.18226_none_d11ef65c360a818d\iashost.exe
+ 2009-04-15 22:34 . 2009-03-03 04:37 44032 c:\windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6001.18226_none_d11ef65c360a818d\iasdatastore.dll
+ 2009-04-15 22:34 . 2009-03-03 04:37 54784 c:\windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6001.18226_none_d11ef65c360a818d\iasads.dll
+ 2009-04-15 22:34 . 2009-03-03 04:14 97280 c:\windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.21023_none_cfbf2bc5520477a3\iasrecst.dll
+ 2009-04-15 22:34 . 2009-03-03 04:14 37888 c:\windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.21023_none_cfbf2bc5520477a3\iasdatastore.dll
+ 2009-04-15 22:34 . 2009-03-03 04:14 53248 c:\windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.21023_none_cfbf2bc5520477a3\iasads.dll
+ 2009-04-15 22:34 . 2009-03-03 04:16 97280 c:\windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16830_none_cf27e60e38f17483\iasrecst.dll
+ 2009-04-15 22:34 . 2009-03-03 04:16 37888 c:\windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16830_none_cf27e60e38f17483\iasdatastore.dll
+ 2009-04-15 22:34 . 2009-03-03 04:16 53248 c:\windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16830_none_cf27e60e38f17483\iasads.dll
+ 2009-04-15 22:34 . 2009-02-13 08:21 72704 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22376_none_a68e7da1761c2def\secur32.dll
+ 2009-04-15 22:34 . 2009-02-13 08:49 72704 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18215_none_a644c0145ccecd28\secur32.dll
+ 2009-04-15 22:34 . 2009-02-13 07:15 72704 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21010_none_a4e2f4e978ca9090\secur32.dll
+ 2009-04-15 22:34 . 2009-02-13 07:26 72704 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16820_none_a44eb0105fb4d975\secur32.dll
+ 2009-04-15 22:34 . 2009-03-03 04:14 52736 c:\windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.21023_none_2a8666ad812ddf1b\iebrshim.dll
+ 2009-04-15 22:34 . 2009-03-03 04:16 52736 c:\windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.16830_none_29ef20f6681adbfb\iebrshim.dll
+ 2009-04-15 22:34 . 2009-03-03 04:14 56320 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.21023_none_c461503d7a7e09be\iesetup.dll
+ 2009-04-15 22:34 . 2009-03-03 04:14 44544 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.21023_none_c461503d7a7e09be\iernonce.dll
+ 2009-04-15 22:34 . 2009-03-03 02:06 70656 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.21023_none_c461503d7a7e09be\ie4uinit.exe
+ 2009-04-15 22:34 . 2009-03-03 04:16 56320 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16830_none_c3ca0a86616b069e\iesetup.dll
+ 2009-04-15 22:34 . 2009-03-03 04:16 44544 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16830_none_c3ca0a86616b069e\iernonce.dll
+ 2009-04-15 22:34 . 2009-03-03 02:08 70656 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16830_none_c3ca0a86616b069e\ie4uinit.exe
+ 2009-04-15 22:34 . 2009-03-03 02:15 26624 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22389_none_2f9e23da3354de78\ieUnatt.exe
+ 2009-04-15 22:34 . 2009-03-03 02:28 26624 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18226_none_2f5265b91a094b03\ieUnatt.exe
+ 2009-04-15 22:34 . 2009-03-03 02:06 26624 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21023_none_2df29b2236034119\ieUnatt.exe
+ 2009-04-15 22:34 . 2009-03-03 02:08 26624 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16830_none_2d5b556b1cf03df9\ieUnatt.exe
+ 2009-04-15 22:34 . 2009-03-03 04:14 63488 c:\windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.21023_none_592c1a7f8042c775\icardie.dll
+ 2009-04-15 22:34 . 2009-03-03 04:16 63488 c:\windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.16830_none_5894d4c8672fc455\icardie.dll
+ 2009-04-15 22:34 . 2009-03-03 02:14 48128 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6001.22389_none_f3a9aa51d37cf9f0\mshtmler.dll
+ 2009-04-15 22:34 . 2009-03-03 04:28 78336 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6001.22389_none_f3a9aa51d37cf9f0\ieencode.dll
+ 2009-04-15 22:34 . 2009-03-03 04:37 78336 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6001.18226_none_f35dec30ba31667b\ieencode.dll
+ 2009-04-15 22:34 . 2009-03-03 00:41 48128 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6000.21023_none_f1fe2199d62b5c91\mshtmler.dll
+ 2009-04-15 22:34 . 2009-03-03 04:14 78336 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6000.21023_none_f1fe2199d62b5c91\ieencode.dll
+ 2009-04-15 22:34 . 2009-03-03 00:44 48128 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6000.16830_none_f166dbe2bd185971\mshtmler.dll
+ 2009-04-15 22:34 . 2009-03-03 04:16 78336 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6000.16830_none_f166dbe2bd185971\ieencode.dll
+ 2009-04-15 22:34 . 2009-03-03 04:26 72704 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.22389_none_ae6e459e201c473b\admparse.dll
+ 2009-04-15 22:34 . 2009-03-03 04:13 72704 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6000.21023_none_acc2bce622caa9dc\admparse.dll
+ 2009-04-15 22:34 . 2009-03-03 04:15 72704 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6000.16830_none_ac2b772f09b7a6bc\admparse.dll
+ 2009-04-15 22:34 . 2009-03-03 04:32 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22389_none_0225174ebb296f95\WininetPlugin.dll
+ 2009-04-15 22:34 . 2009-03-03 04:29 28160 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22389_none_0225174ebb296f95\jsproxy.dll
+ 2009-04-15 22:34 . 2009-03-03 04:37 28160 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18226_none_01d9592da1dddc20\jsproxy.dll
+ 2009-04-15 22:34 . 2009-03-03 04:18 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.21023_none_00798e96bdd7d236\WininetPlugin.dll
+ 2009-04-15 22:34 . 2009-03-03 04:14 27648 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.21023_none_00798e96bdd7d236\jsproxy.dll
+ 2009-04-15 22:34 . 2009-03-03 04:20 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16830_none_ffe248dfa4c4cf16\WininetPlugin.dll
+ 2009-04-15 22:34 . 2009-03-03 04:16 27648 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16830_none_ffe248dfa4c4cf16\jsproxy.dll
+ 2009-04-15 22:34 . 2009-03-03 04:17 44544 c:\windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.21023_none_ec570a422f6e343f\pngfilt.dll
+ 2009-04-15 22:34 . 2009-03-03 04:19 44544 c:\windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.16830_none_ebbfc48b165b311f\pngfilt.dll
+ 2009-04-15 22:34 . 2008-06-06 03:25 38912 c:\windows\winsxs\x86_microsoft-windows-com-dtc-client_31bf3856ad364e35_6.0.6001.22197_none_4d223d3bd2ae154b\xolehlp.dll
+ 2009-04-15 22:34 . 2008-06-06 03:27 38912 c:\windows\winsxs\x86_microsoft-windows-com-dtc-client_31bf3856ad364e35_6.0.6001.18085_none_4ca16fc8b98a26e2\xolehlp.dll
+ 2009-04-15 22:34 . 2008-06-06 03:23 30208 c:\windows\winsxs\x86_microsoft-windows-com-dtc-client_31bf3856ad364e35_6.0.6000.20852_none_4b623eb9d56b930a\xolehlp.dll
+ 2009-04-15 22:34 . 2008-06-05 04:50 30208 c:\windows\winsxs\x86_microsoft-windows-com-dtc-client_31bf3856ad364e35_6.0.6000.16697_none_4ab261cabc69e490\xolehlp.dll
+ 2009-04-15 22:34 . 2009-03-21 03:14 13824 c:\windows\winsxs\x86_microsoft-windows-a..lity-infrastructure_31bf3856ad364e35_6.0.6001.22399_none_7b098a66fa8bd087\apilogen.dll
+ 2009-04-15 22:34 . 2009-03-21 03:14 40960 c:\windows\winsxs\x86_microsoft-windows-a..lity-infrastructure_31bf3856ad364e35_6.0.6001.22399_none_7b098a66fa8bd087\apihex86.dll
+ 2009-04-15 22:34 . 2009-03-21 03:14 24064 c:\windows\winsxs\x86_microsoft-windows-a..lity-infrastructure_31bf3856ad364e35_6.0.6001.22399_none_7b098a66fa8bd087\amxread.dll
+ 2009-04-15 22:34 . 2009-03-17 03:38 13824 c:\windows\winsxs\x86_microsoft-windows-a..lity-infrastructure_31bf3856ad364e35_6.0.6001.18230_none_7ab7ca89e145a508\apilogen.dll
+ 2009-04-15 22:34 . 2009-03-17 03:38 40960 c:\windows\winsxs\x86_microsoft-windows-a..lity-infrastructure_31bf3856ad364e35_6.0.6001.18230_none_7ab7ca89e145a508\apihex86.dll
+ 2009-04-15 22:34 . 2009-03-17 03:38 24064 c:\windows\winsxs\x86_microsoft-windows-a..lity-infrastructure_31bf3856ad364e35_6.0.6001.18230_none_7ab7ca89e145a508\amxread.dll
+ 2009-04-15 22:34 . 2009-03-17 03:19 14848 c:\windows\winsxs\x86_microsoft-windows-a..lity-infrastructure_31bf3856ad364e35_6.0.6000.21029_none_796ed356fd2caf41\apilogen.dll
+ 2009-04-15 22:34 . 2009-03-17 03:19 40960 c:\windows\winsxs\x86_microsoft-windows-a..lity-infrastructure_31bf3856ad364e35_6.0.6000.21029_none_796ed356fd2caf41\apihex86.dll
+ 2009-04-15 22:34 . 2009-03-17 03:19 25600 c:\windows\winsxs\x86_microsoft-windows-a..lity-infrastructure_31bf3856ad364e35_6.0.6000.21029_none_796ed356fd2caf41\amxread.dll
+ 2009-04-15 22:34 . 2009-03-17 03:16 14848 c:\windows\winsxs\x86_microsoft-windows-a..lity-infrastructure_31bf3856ad364e35_6.0.6000.16834_none_78d58d0be41b7973\apilogen.dll
+ 2009-04-15 22:34 . 2009-03-17 03:16 40960 c:\windows\winsxs\x86_microsoft-windows-a..lity-infrastructure_31bf3856ad364e35_6.0.6000.16834_none_78d58d0be41b7973\apihex86.dll
+ 2009-04-15 22:34 . 2009-03-17 03:16 25600 c:\windows\winsxs\x86_microsoft-windows-a..lity-infrastructure_31bf3856ad364e35_6.0.6000.16834_none_78d58d0be41b7973\amxread.dll
+ 2009-04-15 22:34 . 2008-06-06 03:27 38912 c:\windows\System32\xolehlp.dll
- 2008-12-25 18:22 . 2008-01-19 07:37 38912 c:\windows\System32\xolehlp.dll
+ 2008-12-23 21:09 . 2009-04-16 10:49 43358 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-04-16 10:49 73576 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-12-25 18:21 . 2008-01-19 07:36 72704 c:\windows\System32\secur32.dll
+ 2009-04-15 22:34 . 2009-02-13 08:49 72704 c:\windows\System32\secur32.dll
- 2008-12-25 18:21 . 2008-01-19 07:36 26112 c:\windows\System32\printfilterpipelineprxy.dll
+ 2009-04-15 22:34 . 2009-03-03 04:39 26112 c:\windows\System32\printfilterpipelineprxy.dll
+ 2008-02-05 07:48 . 2008-02-05 07:48 77824 c:\windows\System32\OnlineScannerUninstaller.exe
+ 2009-04-15 22:34 . 2009-03-03 04:37 28160 c:\windows\System32\jsproxy.dll
- 2009-02-12 02:26 . 2009-01-15 06:08 28160 c:\windows\System32\jsproxy.dll
+ 2009-04-15 22:34 . 2009-03-03 02:28 26624 c:\windows\System32\ieUnatt.exe
- 2006-11-02 08:49 . 2006-11-02 09:45 26624 c:\windows\System32\ieUnatt.exe
+ 2009-04-15 22:34 . 2009-03-03 04:37 78336 c:\windows\System32\ieencode.dll
- 2008-12-25 18:19 . 2008-01-19 07:34 78336 c:\windows\System32\ieencode.dll
- 2008-12-25 18:21 . 2008-01-19 07:34 98304 c:\windows\System32\iasrecst.dll
+ 2009-04-15 22:34 . 2009-03-03 04:37 98304 c:\windows\System32\iasrecst.dll
+ 2009-04-15 22:34 . 2009-03-03 02:38 17408 c:\windows\System32\iashost.exe
- 2008-12-25 18:21 . 2008-01-19 07:33 17408 c:\windows\System32\iashost.exe
- 2008-12-25 18:21 . 2008-01-19 07:34 44032 c:\windows\System32\iasdatastore.dll
+ 2009-04-15 22:34 . 2009-03-03 04:37 44032 c:\windows\System32\iasdatastore.dll
+ 2009-04-15 22:34 . 2009-03-03 04:37 54784 c:\windows\System32\iasads.dll
- 2008-12-25 18:21 . 2008-01-19 07:34 54784 c:\windows\System32\iasads.dll
- 2006-11-02 13:02 . 2009-04-16 00:38 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2006-11-02 13:02 . 2009-04-16 11:30 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2006-11-02 13:02 . 2009-04-16 00:38 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2006-11-02 13:02 . 2009-04-16 11:30 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2006-11-02 13:02 . 2009-04-16 11:30 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2006-11-02 13:02 . 2009-04-16 00:38 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-12-25 18:20 . 2008-01-19 07:33 13824 c:\windows\System32\apilogen.dll
+ 2009-04-15 22:34 . 2009-03-17 03:38 13824 c:\windows\System32\apilogen.dll
- 2008-12-25 18:20 . 2008-01-19 07:33 24064 c:\windows\System32\amxread.dll
+ 2009-04-15 22:34 . 2009-03-17 03:38 24064 c:\windows\System32\amxread.dll
+ 2009-04-15 22:34 . 2009-03-17 03:38 40960 c:\windows\AppPatch\apihex86.dll
- 2008-12-25 18:20 . 2008-01-19 07:33 40960 c:\windows\AppPatch\apihex86.dll
+ 2009-04-15 22:34 . 2009-02-13 08:20 9728 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22376_none_a68e7da1761c2def\lsass.exe
+ 2009-04-15 22:34 . 2009-02-13 04:58 7680 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21010_none_a4e2f4e978ca9090\lsass.exe
+ 2009-04-15 22:34 . 2009-02-13 07:26 7680 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16820_none_a44eb0105fb4d975\lsass.exe
+ 2008-12-26 23:33 . 2009-04-16 01:39 2470 c:\windows\System32\WDI\ERCQueuedResolutions.dat
- 2008-12-26 23:33 . 2009-04-15 22:27 2470 c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2008-12-23 20:43 . 2009-04-16 10:49 8266 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1130331581-1154666309-3599531796-1000_UserData.bin
+ 2009-04-16 10:42 . 2009-04-16 10:42 4790 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\46E6C6F5B21AB7C775233AB319556E94B3AA8CEE\46E6C6F5B21AB7C775233AB319556E94B3AA8CEE\Data.dat
- 2009-04-16 00:14 . 2009-04-16 00:14 4790 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\46E6C6F5B21AB7C775233AB319556E94B3AA8CEE\46E6C6F5B21AB7C775233AB319556E94B3AA8CEE\Data.dat
- 2009-04-16 00:31 . 2009-04-16 00:31 6038 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\3A3C5F7CC9415160B34912634CB95978E99A7DDE\3A3C5F7CC9415160B34912634CB95978E99A7DDE\Data.dat
+ 2009-04-16 10:41 . 2009-04-16 10:41 6038 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\3A3C5F7CC9415160B34912634CB95978E99A7DDE\3A3C5F7CC9415160B34912634CB95978E99A7DDE\Data.dat
+ 2009-04-16 10:41 . 2009-04-16 10:41 5952 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\1A3A2A5ED2CFC8590C0060C5C31BCCC2B8A60B86\1A3A2A5ED2CFC8590C0060C5C31BCCC2B8A60B86\Data.dat
- 2009-04-16 00:34 . 2009-04-16 00:34 5952 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\1A3A2A5ED2CFC8590C0060C5C31BCCC2B8A60B86\1A3A2A5ED2CFC8590C0060C5C31BCCC2B8A60B86\Data.dat
+ 2009-04-16 11:21 . 2009-04-16 11:21 5152 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\10E0F88A7198DBB9F42187A3C4BCD6C24493B7D8\10E0F88A7198DBB9F42187A3C4BCD6C24493B7D8\Data.dat
- 2009-04-16 00:19 . 2009-04-16 00:19 5152 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\10E0F88A7198DBB9F42187A3C4BCD6C24493B7D8\10E0F88A7198DBB9F42187A3C4BCD6C24493B7D8\Data.dat
- 2009-04-16 00:38 . 2009-04-16 00:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-04-16 10:47 . 2009-04-16 10:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-04-16 10:47 . 2009-04-16 10:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-04-16 00:38 . 2009-04-16 00:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-04-15 22:34 . 2008-12-06 04:26 376832 c:\windows\winsxs\x86_microsoft.windows.winhttp_31bf3856ad364e35_5.1.6001.22323_none_2544fb0bdb4e81f9\winhttp.dll
+ 2009-04-15 22:34 . 2008-12-06 04:42 376832 c:\windows\winsxs\x86_microsoft.windows.winhttp_31bf3856ad364e35_5.1.6001.18178_none_248a4e30c254ef70\winhttp.dll
+ 2009-04-15 22:34 . 2008-12-08 04:19 377344 c:\windows\winsxs\x86_microsoft.windows.winhttp_31bf3856ad364e35_5.1.6000.20971_none_2326ac35de524a0f\winhttp.dll
+ 2009-04-15 22:34 . 2008-12-08 04:34 376832 c:\windows\winsxs\x86_microsoft.windows.winhttp_31bf3856ad364e35_5.1.6000.16786_none_22973f0ac53847c2\winhttp.dll
+ 2009-04-15 22:34 . 2009-03-03 02:03 247296 c:\windows\winsxs\x86_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.0.6001.22389_none_109ee25ca4bb6776\WmiPrvSE.exe
+ 2009-04-15 22:34 . 2009-03-03 04:33 499200 c:\windows\winsxs\x86_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.0.6001.22389_none_109ee25ca4bb6776\WmiPrvSD.dll
+ 2009-04-15 22:34 . 2009-03-03 04:33 129024 c:\windows\winsxs\x86_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.0.6001.22389_none_109ee25ca4bb6776\WmiDcPrv.dll
+ 2009-04-15 22:34 . 2009-03-03 02:16 247296 c:\windows\winsxs\x86_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.0.6001.18226_none_1053243b8b6fd401\WmiPrvSE.exe
+ 2009-04-15 22:34 . 2009-03-03 04:40 499200 c:\windows\winsxs\x86_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.0.6001.18226_none_1053243b8b6fd401\WmiPrvSD.dll
+ 2009-04-15 22:34 . 2009-03-03 04:40 129024 c:\windows\winsxs\x86_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.0.6001.18226_none_1053243b8b6fd401\WmiDcPrv.dll
+ 2009-04-15 22:34 . 2009-03-03 01:57 247296 c:\windows\winsxs\x86_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.0.6000.21023_none_0ef359a4a769ca17\WmiPrvSE.exe
+ 2009-04-15 22:34 . 2009-03-03 04:18 501760 c:\windows\winsxs\x86_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.0.6000.21023_none_0ef359a4a769ca17\WmiPrvSD.dll
+ 2009-04-15 22:34 . 2009-03-03 04:18 130560 c:\windows\winsxs\x86_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.0.6000.21023_none_0ef359a4a769ca17\WmiDcPrv.dll
+ 2009-04-15 22:34 . 2009-03-03 01:59 247296 c:\windows\winsxs\x86_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.0.6000.16830_none_0e5c13ed8e56c6f7\WmiPrvSE.exe
+ 2009-04-15 22:34 . 2009-03-03 04:20 501760 c:\windows\winsxs\x86_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.0.6000.16830_none_0e5c13ed8e56c6f7\WmiPrvSD.dll
+ 2009-04-15 22:34 . 2009-03-03 04:20 130560 c:\windows\winsxs\x86_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.0.6000.16830_none_0e5c13ed8e56c6f7\WmiDcPrv.dll
+ 2009-04-15 22:34 . 2009-03-03 04:28 615424 c:\windows\winsxs\x86_microsoft-windows-wmi-core-fastprox-dll_31bf3856ad364e35_6.0.6001.22389_none_fb85772b93130197\fastprox.dll
+ 2009-04-15 22:34 . 2009-03-03 04:36 615424 c:\windows\winsxs\x86_microsoft-windows-wmi-core-fastprox-dll_31bf3856ad364e35_6.0.6001.18226_none_fb39b90a79c76e22\fastprox.dll
+ 2009-04-15 22:34 . 2009-03-03 04:14 614912 c:\windows\winsxs\x86_microsoft-windows-wmi-core-fastprox-dll_31bf3856ad364e35_6.0.6000.21023_none_f9d9ee7395c16438\fastprox.dll
+ 2009-04-15 22:34 . 2009-03-03 04:16 614912 c:\windows\winsxs\x86_microsoft-windows-wmi-core-fastprox-dll_31bf3856ad364e35_6.0.6000.16830_none_f942a8bc7cae6118\fastprox.dll
+ 2009-04-15 22:34 . 2009-03-03 02:49 666624 c:\windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6001.22389_none_2be9bd5af4bd3b16\printfilterpipelinesvc.exe
+ 2009-04-15 22:34 . 2009-03-03 03:04 666624 c:\windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6001.18226_none_2b9dff39db71a7a1\printfilterpipelinesvc.exe
+ 2009-04-15 22:34 . 2009-03-03 02:37 659456 c:\windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6000.21023_none_2a3e34a2f76b9db7\printfilterpipelinesvc.exe
+ 2009-04-15 22:34 . 2009-03-03 02:40 654336 c:\windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6000.16830_none_29a6eeebde589a97\printfilterpipelinesvc.exe
+ 2009-04-15 22:34 . 2009-03-03 04:32 324608 c:\windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6001.22389_none_d16ab47d4f561502\sdohlp.dll
+ 2009-04-15 22:34 . 2009-03-03 04:28 119296 c:\windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6001.22389_none_d16ab47d4f561502\iasrecst.dll
+ 2009-04-15 22:34 . 2009-03-03 04:39 183296 c:\windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6001.18226_none_d11ef65c360a818d\sdohlp.dll
+ 2009-04-15 22:34 . 2009-03-03 04:17 158720 c:\windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.21023_none_cfbf2bc5520477a3\sdohlp.dll
+ 2009-04-15 22:34 . 2009-03-03 04:19 158720 c:\windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16830_none_cf27e60e38f17483\sdohlp.dll
+ 2009-04-15 22:34 . 2009-01-30 00:29 441400 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22376_none_a68e7da1761c2def\ksecdd.sys
+ 2009-04-15 22:34 . 2009-02-13 08:21 890880 c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.22376_none_9401d8206f9c7e67\kernel32.dll
+ 2009-04-15 22:34 . 2009-02-13 08:49 888832 c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18215_none_93b81a93564f1da0\kernel32.dll
+ 2009-04-15 22:34 . 2009-02-13 07:13 875520 c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.21010_none_92564f68724ae108\kernel32.dll
+ 2009-04-15 22:34 . 2009-02-13 07:26 875520 c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.16820_none_91c20a8f593529ed\kernel32.dll
+ 2009-04-15 22:34 . 2009-03-03 02:07 301568 c:\windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.21023_none_0bd4a953f021dd83\ieuser.exe
+ 2009-04-15 22:34 . 2009-03-03 02:09 301568 c:\windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.16830_none_0b3d639cd70eda63\ieuser.exe
+ 2009-04-15 22:34 . 2009-03-03 02:07 263168 c:\windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.21023_none_e72c7437ada71dd1\ieinstal.exe
+ 2009-04-15 22:34 . 2009-03-03 02:08 263168 c:\windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.16830_none_e6952e8094941ab1\ieinstal.exe
+ 2009-04-15 22:34 . 2009-03-03 04:28 180736 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.22389_none_64de9070c77566f8\ieui.dll
+ 2009-04-15 22:34 . 2009-03-03 04:14 180736 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.21023_none_633307b8ca23c999\ieui.dll
+ 2009-04-15 22:34 . 2009-03-03 04:16 180736 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16830_none_629bc201b110c679\ieui.dll
+ 2009-04-15 22:34 . 2009-03-03 04:32 129536 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.22389_none_47dfce2aa5da8df2\sqmapi.dll
+ 2009-04-15 22:34 . 2009-03-03 04:28 270848 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.22389_none_47dfce2aa5da8df2\iertutil.dll
+ 2009-04-15 22:34 . 2009-03-03 04:37 270336 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18226_none_479410098c8efa7d\iertutil.dll
+ 2009-04-15 22:34 . 2009-03-03 04:17 134144 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.21023_none_46344572a888f093\sqmapi.dll
+ 2009-04-15 22:34 . 2009-03-03 04:14 268288 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.21023_none_46344572a888f093\iertutil.dll
+ 2009-04-15 22:34 . 2009-03-03 04:19 134144 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.16830_none_459cffbb8f75ed73\sqmapi.dll
+ 2009-04-15 22:34 . 2009-03-03 04:16 268288 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.16830_none_459cffbb8f75ed73\iertutil.dll
+ 2009-04-15 22:34 . 2009-03-03 04:31 102912 c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_6.0.6001.22389_none_37628bfd2d797360\occache.dll
+ 2009-04-15 22:34 . 2009-03-03 04:39 102912 c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_6.0.6001.18226_none_3716cddc142ddfeb\occache.dll
+ 2009-04-15 22:34 . 2009-03-03 04:17 102912 c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_6.0.6000.21023_none_35b703453027d601\occache.dll
+ 2009-04-15 22:34 . 2009-03-03 04:19 102912 c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_6.0.6000.16830_none_351fbd8e1714d2e1\occache.dll
+ 2009-04-15 22:34 . 2009-03-03 04:32 636072 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22389_none_2f9e23da3354de78\iexplore.exe
+ 2009-04-15 22:34 . 2009-03-03 04:40 636072 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18226_none_2f5265b91a094b03\iexplore.exe
+ 2009-04-15 22:34 . 2009-03-03 04:18 636072 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21023_none_2df29b2236034119\iexplore.exe
+ 2009-04-15 22:34 . 2009-03-03 04:22 636072 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16830_none_2d5b556b1cf03df9\iexplore.exe
+ 2009-04-15 22:34 . 2009-03-03 04:15 477696 c:\windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.21023_none_46b984805f698544\mshtmled.dll
+ 2009-04-15 22:34 . 2009-03-03 04:17 477696 c:\windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.16830_none_46223ec946568224\mshtmled.dll
+ 2009-04-15 22:34 . 2009-03-03 04:30 458240 c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_6.0.6001.22389_none_6022ae1d53ccc24d\msfeeds.dll
+ 2009-04-15 22:34 . 2009-03-03 04:38 458240 c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_6.0.6001.18226_none_5fd6effc3a812ed8\msfeeds.dll
+ 2009-04-15 22:34 . 2009-03-03 04:15 459264 c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_6.0.6000.21023_none_5e772565567b24ee\msfeeds.dll
+ 2009-04-15 22:34 . 2009-03-03 04:17 459264 c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_6.0.6000.16830_none_5ddfdfae3d6821ce\msfeeds.dll
+ 2009-04-15 22:34 . 2009-03-03 04:14 214528 c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.21023_none_9656ea289da8d2b7\dxtrans.dll
+ 2009-04-15 22:34 . 2009-03-03 04:14 347136 c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.21023_none_9656ea289da8d2b7\dxtmsft.dll
+ 2009-04-15 22:34 . 2009-03-03 04:16 214528 c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16830_none_95bfa4718495cf97\dxtrans.dll
+ 2009-04-15 22:34 . 2009-03-03 04:16 347136 c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16830_none_95bfa4718495cf97\dxtmsft.dll
+ 2009-04-15 22:34 . 2009-03-03 04:14 380928 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.21023_none_fa22b17087c34c89\ieapfltr.dll
+ 2009-04-15 22:34 . 2009-03-03 04:16 383488 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16830_none_f98b6bb96eb04969\ieapfltr.dll
+ 2009-04-15 22:34 . 2009-03-03 04:28 161792 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.22389_none_ae6e459e201c473b\ieakui.dll
+ 2009-04-15 22:34 . 2009-03-03 04:28 230400 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.22389_none_ae6e459e201c473b\ieaksie.dll
+ 2009-04-15 22:34 . 2009-03-03 04:37 230400 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.18226_none_ae22877d06d0b3c6\ieaksie.dll
+ 2009-04-15 22:34 . 2009-03-03 04:14 161792 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6000.21023_none_acc2bce622caa9dc\ieakui.dll
+ 2009-04-15 22:34 . 2009-03-03 04:14 230400 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6000.21023_none_acc2bce622caa9dc\ieaksie.dll
+ 2009-04-15 22:34 . 2009-03-03 04:16 161792 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6000.16830_none_ac2b772f09b7a6bc\ieakui.dll
+ 2009-04-15 22:34 . 2009-03-03 04:16 230400 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6000.16830_none_ac2b772f09b7a6bc\ieaksie.dll
+ 2009-04-15 22:34 . 2009-03-03 04:28 389120 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_6.0.6001.22389_none_748c904a70d3905c\iedkcs32.dll
+ 2009-04-15 22:34 . 2009-03-03 04:37 389120 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_6.0.6001.18226_none_7440d2295787fce7\iedkcs32.dll
+ 2009-04-15 22:34 . 2009-03-03 04:14 388608 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_6.0.6000.21023_none_72e107927381f2fd\iedkcs32.dll
+ 2009-04-15 22:34 . 2009-03-03 04:16 385024 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_6.0.6000.16830_none_7249c1db5a6eefdd\iedkcs32.dll
+ 2009-04-15 22:34 . 2009-03-03 04:32 827904 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22389_none_0225174ebb296f95\wininet.dll
+ 2009-04-15 22:34 . 2009-03-03 04:40 827392 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18226_none_01d9592da1dddc20\wininet.dll
+ 2009-04-15 22:34 . 2009-03-03 04:18 828416 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.21023_none_00798e96bdd7d236\wininet.dll
+ 2009-04-15 22:34 . 2009-03-03 04:20 826368 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16830_none_ffe248dfa4c4cf16\wininet.dll
+ 2009-04-15 22:34 . 2009-03-03 04:30 671232 c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.22389_none_e101ca7595c90871\mstime.dll
+ 2009-04-15 22:34 . 2009-03-03 04:38 671232 c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.18226_none_e0b60c547c7d74fc\mstime.dll
+ 2009-04-15 22:34 . 2009-03-03 04:16 671232 c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.21023_none_df5641bd98776b12\mstime.dll
+ 2009-04-15 22:34 . 2009-03-03 04:18 671232 c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.16830_none_debefc067f6467f2\mstime.dll
+ 2009-04-15 22:34 . 2008-06-06 03:23 562176 c:\windows\winsxs\x86_microsoft-windows-com-dtc-client_31bf3856ad364e35_6.0.6001.22197_none_4d223d3bd2ae154b\msdtcprx.dll
+ 2009-04-15 22:34 . 2008-06-06 03:27 562176 c:\windows\winsxs\x86_microsoft-windows-com-dtc-client_31bf3856ad364e35_6.0.6001.18085_none_4ca16fc8b98a26e2\msdtcprx.dll
+ 2009-04-15 22:34 . 2008-06-06 03:21 500736 c:\windows\winsxs\x86_microsoft-windows-com-dtc-client_31bf3856ad364e35_6.0.6000.20852_none_4b623eb9d56b930a\msdtcprx.dll
+ 2009-04-15 22:34 . 2008-06-05 04:50 500736 c:\windows\winsxs\x86_microsoft-windows-com-dtc-client_31bf3856ad364e35_6.0.6000.16697_none_4ab261cabc69e490\msdtcprx.dll
+ 2009-04-15 22:34 . 2009-03-03 04:32 551424 c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.22389_none_6a06ffcd57365beb\rpcss.dll
+ 2009-04-15 22:34 . 2009-03-03 04:39 551424 c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18226_none_69bb41ac3deac876\rpcss.dll
+ 2009-04-15 22:34 . 2009-03-03 04:17 550400 c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.21023_none_685b771559e4be8c\rpcss.dll
+ 2009-04-15 22:34 . 2009-03-03 04:19 549888 c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.16830_none_67c4315e40d1bb6c\rpcss.dll
+ 2009-04-15 22:34 . 2009-03-03 04:13 124928 c:\windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.21023_none_aa5c00930ed54e40\advpack.dll
+ 2009-04-15 22:34 . 2009-03-03 04:15 124928 c:\windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.16830_none_a9c4badbf5c24b20\advpack.dll
+ 2009-04-15 22:34 . 2009-03-03 04:40 827392 c:\windows\System32\wininet.dll
- 2009-02-12 02:26 . 2009-01-15 06:11 827392 c:\windows\System32\wininet.dll
- 2008-12-25 18:22 . 2008-01-19 07:36 376832 c:\windows\System32\winhttp.dll
+ 2009-04-15 22:34 . 2008-12-06 04:42 376832 c:\windows\System32\winhttp.dll
+ 2009-04-15 22:34 . 2009-03-03 02:16 247296 c:\windows\System32\wbem\WmiPrvSE.exe
+ 2009-04-15 22:34 . 2009-03-03 04:40 499200 c:\windows\System32\wbem\WmiPrvSD.dll
+ 2009-04-15 22:34 . 2009-03-03 04:40 129024 c:\windows\System32\wbem\WmiDcPrv.dll
+ 2009-04-15 22:34 . 2009-03-03 04:36 615424 c:\windows\System32\wbem\fastprox.dll
+ 2004-12-07 09:11 . 2004-12-07 09:11 258352 c:\windows\System32\unicows.dll
+ 2009-04-15 22:34 . 2009-03-03 04:39 183296 c:\windows\System32\sdohlp.dll
- 2008-12-25 18:22 . 2008-01-19 07:36 183296 c:\windows\System32\sdohlp.dll
+ 2009-04-15 22:34 . 2009-03-03 04:39 551424 c:\windows\System32\rpcss.dll
+ 2009-04-15 22:34 . 2009-03-03 03:04 666624 c:\windows\System32\printfilterpipelinesvc.exe
- 2007-01-18 04:49 . 2009-04-16 00:37 654934 c:\windows\System32\prfh0816.dat
+ 2007-01-18 04:49 . 2009-04-16 10:52 654934 c:\windows\System32\prfh0816.dat
+ 2007-01-18 04:49 . 2009-04-16 10:52 132082 c:\windows\System32\prfc0816.dat
- 2007-01-18 04:49 . 2009-04-16 00:37 132082 c:\windows\System32\prfc0816.dat
- 2006-11-02 10:33 . 2009-04-16 00:37 591476 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-04-16 10:52 591476 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-04-16 00:37 105356 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-04-16 10:52 105356 c:\windows\System32\perfc009.dat
+ 2008-02-08 12:53 . 2008-02-08 12:53 110592 c:\windows\System32\OnlineScannerLang.dll
+ 2008-02-11 08:39 . 2008-02-11 08:39 237568 c:\windows\System32\OnlineScannerDLLW.dll
+ 2008-02-11 08:39 . 2008-02-11 08:39 253952 c:\windows\System32\OnlineScannerDLLA.dll
+ 2009-04-15 22:34 . 2009-03-03 04:39 102912 c:\windows\System32\occache.dll
- 2008-12-25 18:21 . 2008-01-19 07:36 102912 c:\windows\System32\occache.dll
- 2009-02-12 02:26 . 2009-01-15 06:08 671232 c:\windows\System32\mstime.dll
+ 2009-04-15 22:34 . 2009-03-03 04:38 671232 c:\windows\System32\mstime.dll
+ 2009-04-15 22:34 . 2009-03-03 04:38 458240 c:\windows\System32\msfeeds.dll
- 2009-02-12 02:26 . 2009-01-15 06:08 458240 c:\windows\System32\msfeeds.dll
+ 2009-04-15 22:34 . 2008-06-06 03:27 562176 c:\windows\System32\msdtcprx.dll
+ 2005-12-05 11:37 . 2005-12-05 11:37 106496 c:\windows\System32\lnod32upd.dll
+ 2005-12-05 18:25 . 2005-12-05 18:25 139264 c:\windows\System32\lnod32umc.dll
+ 2007-07-27 13:49 . 2007-07-27 13:49 225355 c:\windows\System32\lnod32apiW.dll
+ 2007-07-27 13:49 . 2007-07-27 13:49 196683 c:\windows\System32\lnod32apiA.dll
+ 2009-04-15 22:34 . 2009-02-13 08:49 888832 c:\windows\System32\kernel32.dll
+ 2009-04-15 22:34 . 2009-03-03 04:37 270336 c:\windows\System32\iertutil.dll
- 2009-02-12 02:26 . 2009-01-15 06:07 270336 c:\windows\System32\iertutil.dll
+ 2009-04-15 22:34 . 2009-03-03 04:37 389120 c:\windows\System32\iedkcs32.dll
- 2008-12-25 18:21 . 2008-01-19 07:34 230400 c:\windows\System32\ieaksie.dll
+ 2009-04-15 22:34 . 2009-03-03 04:37 230400 c:\windows\System32\ieaksie.dll
+ 2006-11-02 12:47 . 2009-04-16 10:48 262144 c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2006-11-02 12:47 . 2009-04-16 00:39 262144 c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2006-11-02 12:47 . 2009-04-16 10:48 262144 c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2006-11-02 12:47 . 2009-04-16 00:40 262144 c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-04-15 22:34 . 2009-03-03 04:37 3548656 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22389_none_6c6c8571cd797017\ntoskrnl.exe
+ 2009-04-15 22:34 . 2009-03-03 04:37 3600880 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22389_none_6c6c8571cd797017\ntkrnlpa.exe
+ 2009-04-15 22:34 . 2009-03-03 04:46 3547632 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18226_none_6c20c750b42ddca2\ntoskrnl.exe
+ 2009-04-15 22:34 . 2009-03-03 04:46 3599328 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18226_none_6c20c750b42ddca2\ntkrnlpa.exe
+ 2009-04-15 22:34 . 2009-03-03 04:22 3471328 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.21023_none_6ac0fcb9d027d2b8\ntoskrnl.exe
+ 2009-04-15 22:34 . 2009-03-03 04:22 3505120 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.21023_none_6ac0fcb9d027d2b8\ntkrnlpa.exe
+ 2009-04-15 22:34 . 2009-03-03 04:24 3469280 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16830_none_6a29b702b714cf98\ntoskrnl.exe
+ 2009-04-15 22:34 . 2009-03-03 04:24 3503584 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16830_none_6a29b702b714cf98\ntkrnlpa.exe
+ 2009-04-15 22:34 . 2009-03-13 22:23 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22395_none_f2b56ce184dc676b\OESpamFilter.dat
+ 2009-04-15 22:34 . 2009-03-13 22:26 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18229_none_f27b80b26b826966\OESpamFilter.dat
+ 2009-04-15 22:34 . 2009-03-13 22:24 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.21027_none_f11cb665877b78d3\OESpamFilter.dat
+ 2009-04-15 22:34 . 2009-03-13 22:24 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16833_none_f08470646e695c5c\OESpamFilter.dat
+ 2009-04-15 22:34 . 2009-02-13 08:21 1257472 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22376_none_a68e7da1761c2def\lsasrv.dll
+ 2009-04-15 22:34 . 2009-02-13 08:49 1255936 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18215_none_a644c0145ccecd28\lsasrv.dll
+ 2009-04-15 22:34 . 2009-02-13 07:13 1234432 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21010_none_a4e2f4e978ca9090\lsasrv.dll
+ 2009-04-15 22:34 . 2009-02-13 07:26 1233408 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16820_none_a44eb0105fb4d975\lsasrv.dll
+ 2009-04-15 22:34 . 2009-03-03 04:28 6070784 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.22389_none_64de9070c77566f8\ieframe.dll
+ 2009-04-15 22:34 . 2009-03-03 04:37 6068736 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.18226_none_6492d24fae29d383\ieframe.dll
+ 2009-04-15 22:34 . 2009-03-03 04:14 6068736 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.21023_none_633307b8ca23c999\ieframe.dll
+ 2009-04-15 22:34 . 2009-03-03 04:16 6066176 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16830_none_629bc201b110c679\ieframe.dll
+ 2009-04-15 22:34 . 2009-03-03 04:30 3581440 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22389_none_137f366d3b7fd8cb\mshtml.dll
+ 2009-04-15 22:34 . 2009-03-03 04:38 3580928 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18226_none_1333784c22344556\mshtml.dll
+ 2009-04-15 22:34 . 2009-03-03 04:15 3596800 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.21023_none_11d3adb53e2e3b6c\mshtml.dll
+ 2009-04-15 22:34 . 2009-03-03 04:17 3595264 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16830_none_113c67fe251b384c\mshtml.dll
+ 2009-04-15 22:34 . 2009-03-03 04:32 1166848 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22389_none_b51f3bacf0204902\urlmon.dll
+ 2009-04-15 22:34 . 2009-03-03 04:40 1166336 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18226_none_b4d37d8bd6d4b58d\urlmon.dll
+ 2009-04-15 22:34 . 2009-03-03 04:18 1163264 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.21023_none_b373b2f4f2ceaba3\urlmon.dll
+ 2009-04-15 22:34 . 2009-03-03 04:20 1160192 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16830_none_b2dc6d3dd9bba883\urlmon.dll
- 2009-02-12 02:26 . 2009-01-15 06:11 1166336 c:\windows\System32\urlmon.dll
+ 2009-04-15 22:34 . 2009-03-03 04:40 1166336 c:\windows\System32\urlmon.dll
- 2006-11-02 10:22 . 2009-04-16 00:32 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2006-11-02 10:22 . 2009-04-16 10:48 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-04-15 22:34 . 2009-03-03 04:46 3547632 c:\windows\System32\ntoskrnl.exe
+ 2009-04-15 22:34 . 2009-03-03 04:46 3599328 c:\windows\System32\ntkrnlpa.exe
+ 2009-04-15 22:34 . 2009-03-03 04:38 3580928 c:\windows\System32\mshtml.dll
+ 2009-04-15 22:34 . 2009-02-13 08:49 1255936 c:\windows\System32\lsasrv.dll
- 2008-12-25 18:23 . 2008-01-19 07:36 1255936 c:\windows\System32\lsasrv.dll
+ 2009-04-15 22:34 . 2009-03-03 04:37 6068736 c:\windows\System32\ieframe.dll
+ 2009-04-16 11:31 . 2009-04-16 11:31 6336512 c:\windows\ERDNT\Hiv-backup\SCHEMA.DAT
+ 2009-04-16 10:44 . 2009-04-06 06:57 24921544 c:\windows\System32\MRT.exe
.
-- Snapshot resetado para data atual --
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2008-03-25 14131200]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-08 645328]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfehidk.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mferkdk.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Users^Paulo Machado^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\users\Paulo Machado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-12-29 10:40 687560 ----a-w c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2007-01-29 21:10 46632 ----a-w c:\program files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-04-19 13:26 484904 ----a-w c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 15:57 153136 ----a-w c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2007-01-29 21:12 30248 ----a-w c:\program files\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPort11reminder]
2007-02-01 13:46 255528 ----a-w c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2008-01-19 07:33 1233920 ----a-w c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 09:03 210472 ----a-w c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-03-09 04:19 148888 ----a-w c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1130331581-1154666309-3599531796-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{67A44428-8E3C-4E2F-8096-8A7FEFD888AF}c:\\program files\\windows sidebar\\sidebar.exe"= UDP:c:\program files\windows sidebar\sidebar.exe:Barra lateral do Windows
"UDP Query User{BB953416-7053-4397-ACA3-6848F4C66C5D}c:\\program files\\windows sidebar\\sidebar.exe"= TCP:c:\program files\windows sidebar\sidebar.exe:Barra lateral do Windows
"{CB29AAE3-C879-4965-9584-99A6D2CB562A}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{E39BE721-5CDA-4037-949C-D8255BF12F55}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{41F518AF-6619-475C-9571-7AE32D503553}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{7E0F28FE-3BAA-482C-8717-E03CE31FEFAA}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{345CB6E6-67E2-4D04-9620-74D5D486F9F3}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{8A60D238-6FC9-45F6-842E-762E1C4F25C3}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare™
"{EE506C63-7222-4C03-9AA3-0CBC5C9AB3A2}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare™
"{8B10CCD6-0E15-4DA6-9686-2ABEF2833063}"= UDP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{C959D744-95CC-4AAB-912D-019D22837FEB}"= TCP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{2FF38F3F-A204-4A70-8C4A-C05773FE5AE4}"= UDP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{B79FE053-1C6F-4452-9A91-1B621D7E859F}"= TCP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{F29318F3-57B0-40E5-B1C1-CDB4D879558D}"= UDP:c:\windows\explorer.exe:Explorer
"{3A8387B3-5E21-403A-B01E-377F3079396F}"= TCP:c:\windows\explorer.exe:Explorer
"{5DE32FDB-C968-4EB8-9CBE-7D14623AB039}"= UDP:c:\program files\McAfee\VirusScan\mcvsmap.exe:mcvsmap
"{4CD3435D-AAD7-41AD-A68D-E8525291A5CF}"= TCP:c:\program files\McAfee\VirusScan\mcvsmap.exe:mcvsmap
"{4AF792AE-81E1-4C2F-AD59-42204C3DA3FE}"= UDP:c:\windows\System32\dwm.exe:Dwm
"{FFABDF6C-081F-4D75-BC00-92B40780A83B}"= TCP:c:\windows\System32\dwm.exe:Dwm
"{04DC8800-C282-451F-9FEC-A701637483BF}"= UDP:c:\windows\System32\LogonUI.exe:LogonUI
"{ABCEAE1D-9459-4DF6-92F6-5D6320D14CA8}"= TCP:c:\windows\System32\LogonUI.exe:LogonUI
"{CA3C2CB3-CB47-4D24-9CD7-21235544BA49}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{931F6369-FEB2-4911-B8EF-F86C2C2F045B}"= UDP:c:\windows\System32\wininit.exe:wininit
"{31BEE82B-623A-4FD6-810F-2BF4FC1FC226}"= TCP:c:\windows\System32\wininit.exe:wininit
"{A52613FC-8C13-4032-8F19-0D15642E47E9}"= UDP:c:\windows\System32\taskeng.exe:taskeng
"{47BA3F39-3B61-452F-A482-3C3A1C5E8D76}"= TCP:c:\windows\System32\taskeng.exe:taskeng
"{58F3643E-A491-4F8A-B1DE-90A9DB4DC485}"= UDP:c:\windows\System32\services.exe:services
"{3952E4EF-6AB9-42A1-B415-465D1B27B121}"= TCP:c:\windows\System32\services.exe:services
"{0BB51D01-E942-4411-9C21-2B6F40816568}"= UDP:c:\windows\System32\services.exe:services
"{40BB5D3C-C509-47B5-8E10-FAEA38C48533}"= TCP:c:\windows\System32\services.exe:services
"{46603B7B-3C9B-4923-8296-6112CBAEA290}"= UDP:c:\windows\System32\lsass.exe:lsass
"{8EEF70C8-D19C-41AA-829F-C171A939F596}"= TCP:c:\windows\System32\lsass.exe:lsass
"{FEEB1D79-EA81-4655-A2D8-1530C0CEAFE1}"= UDP:c:\program files\McAfee\MSC\mcmscsvc.exe:mcmscsvc
"{8582C608-FE0E-42FE-BEB1-5BB16824FBEF}"= TCP:c:\program files\McAfee\MSC\mcmscsvc.exe:mcmscsvc
"{964530BF-4818-4B67-BF13-DBEA850CEFEC}"= UDP:c:\program files\McAfee\MPF\MpfSrv.exe:MPFSrv
"{2210A3C2-6B33-4685-B081-DCC8B7C9F35D}"= TCP:c:\program files\McAfee\MPF\MpfSrv.exe:MPFSrv
"{7B3EDE70-0871-4EF1-B94A-AA1CC9F91439}"= UDP:c:\windows\System32\Ati2evxx.exe:Ati2evxx
"{17AD1397-5975-494E-9355-94D789E7CA9A}"= TCP:c:\windows\System32\Ati2evxx.exe:Ati2evxx
"{3214D0D9-C7CD-470D-A706-52431F048D2F}"= UDP:c:\windows\System32\SearchIndexer.exe:SearchIndexer
"{754847D7-B6E4-4351-84C7-3AEA97434079}"= UDP:c:\windows\System32\SearchIndexer.exe:SearchIndexer
"{36395B9A-C60C-48AB-B8C4-5726E6A9C719}"= TCP:c:\windows\System32\SearchIndexer.exe:SearchIndexer
"{064E850C-4682-465E-818F-D553E683E231}"= TCP:c:\windows\System32\SearchIndexer.exe:SearchIndexer
"{77F92F00-7B90-4623-B2E7-645727230791}"= UDP:c:\windows\explorer.exe:Explorer
"{F8063591-42AB-4143-8E5F-F2F0D6317663}"= TCP:c:\windows\explorer.exe:Explorer
"{A32F622D-25F0-477E-A5FF-B1B73CA84EA6}"= UDP:c:\program files\Microsoft LifeCam\MSCamS32.exe:MSCamS32
"{E26E5B36-3E35-4C9B-98EC-F54F1A007E06}"= TCP:c:\program files\Microsoft LifeCam\MSCamS32.exe:MSCamS32
"{BBBB5268-C05B-4BFE-BAEA-31536E76D7D8}"= UDP:c:\combofix\NirCmd.cfexe:NirCmd
"{5799FA8B-B384-483D-A66C-88C127FBAB20}"= TCP:c:\combofix\NirCmd.cfexe:NirCmd
"{C4606F59-A627-4BFB-98BA-731B30DB55F6}"= UDP:c:\windows\System32\dwm.exe:Dwm
"{C97C069A-2F0D-4469-B5DF-1640115E54DD}"= TCP:c:\windows\System32\dwm.exe:Dwm
"{A2A313F6-5C48-4345-98E0-69C0B217EF9F}"= UDP:c:\program files\McAfee\SiteAdvisor\McSACore.exe:McSACore
"{05A601D6-6206-4B59-A7ED-B6C219CEEA16}"= TCP:c:\program files\McAfee\SiteAdvisor\McSACore.exe:McSACore

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R3 SliceDisk5;SliceDisk5; [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-01-23 203280]
S3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1E60x86.sys [2008-09-23 48128]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2008-02-14 250880]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{68006ea1-d139-11dd-a5da-806e6f6e6963}]
\shell\AutoRun\command - D:\SETUP.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b31bee84-0f47-11de-95f6-806e6f6e6963}]
\shell\AutoRun\command - D:\SETUP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Conteúdo da pasta 'Tarefas Agendadas'

2009-04-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-03-19 10:53]

2009-04-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-03-19 10:53]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://ww.google.pt/
uInternet Settings,ProxyOverride = *.local
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-16 12:33
Windows 6.0.6001 Service Pack 1 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\VDeck\VDeck.exe????????????????????????????????????????????

Procurando ficheiros/arquivos ocultos ...


c:\users\PAULOM~1\AppData\Local\Temp\catchme.dll 53248 bytes executable

Varredura completada com sucesso
arquivos/ficheiros ocultos: 1

**************************************************************************
.
Tempo para conclusão: 2009-04-16 12:35
ComboFix-quarantined-files.txt 2009-04-16 11:35
ComboFix2.txt 2009-04-16 00:43
ComboFix3.txt 2009-04-15 22:32

Pré-execução: 68.919.103.488 bytes livres
Pós execução: 68.686.704.640 bytes livres

614 --- E O F --- 2009-04-16 10:46

#12 Jat90

Jat90

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:06:16 AM

Posted 17 April 2009 - 05:20 AM

Hello,

Looks good. How is your pc now?

Congratulations you are now clean! :thumbup2:

We should tidy up our mess though.

Uninstall ComboFix
  • Go to Start, then click Run
  • In the box, type: Combofix /u
  • Press Enter or click ok, and ComboFix will uninstall. Refer to the picture below if unsure.
Posted Image

Other Deletions

Locate where you saved DDS.exe, right click the file and select Delete.



Take a read of this excellent tutorial:

Simple and easy ways to keep your computer safe and secure on the Internet


Disable and Enable System Restore.

You should disable and re-enable system restore to make sure there are no infected files found in a restore point. You should now create a new restore point, since your system is clean.

You can find instructions on how to disable and re-enable system restore here:

Windows XP System Restore Guide

Visit Microsoft's Windows Update Site Frequently
  • It is important that you visit http://www.windowsupdate.com regularly.
  • This will ensure your computer has always the latest security updates available installed on your computer.
  • If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
System still slow?

You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.

Next, I would recommend the download and installation of some (I would say two is enough) of the following programs:

Spybot© - Search and Destroy
  • This will provide real-time spyware & hijacker protection on your computer alongside your virus protection.
  • You should also scan your computer with program on a regular basis just as you would an anti virus software.
SUPERAntiSpyware
  • You should also scan your computer with the program on a regular basis just as you would an anti virus software in conjunction with Spybot.
  • Each antispyware product has different detection rates for different infections, using different products therefore increases your chances of finding and killing most malware.
MalwareBytes' Anti-Malware
  • Malwarebytes' Anti-Malware can detect and remove malware that even the most well known anti-virus and anti-malware applications fail to detect.
  • Ability to perform full scans for all drives.
  • The "Quick Scan" option lets the user scan the computer quickly checking for the most damaging threats and completing in usually under 10 minutes.
Javacools© SpywareBlaster
  • SpywareBlaster will added a large list of programs and sites into your Internet Explorer and Firefox settings and that will protect you from running and downloading known malicious programs.
Update all these programs regularly - Make sure you update all the programs I have listed regularly.
Without regular updates you WILL NOT be protected when new malicious programs are released.

Glad I could Help :)
- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image

#13 fpnc

fpnc
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:16 AM

Posted 17 April 2009 - 07:12 AM

my pc is ok now :thumbup2:

got my system speed back and all seems ok..no more popups and stuff eheh

thx jad for your help :)

topic can be closed if u guys want
thx a lot

#14 Jat90

Jat90

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:06:16 AM

Posted 17 April 2009 - 07:22 AM

No Problem :thumbup2:

Since the problem appears to be resolved, this topic is now Closed. Glad I could help.
If you need this topic reopened, please send me a message. In your message please include the address of this thread in your request.

This applies only to the original topic starter.

Everyone else please start a new topic.
- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users