Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I'm infected - "am I infected" couldnt solve the problem


  • This topic is locked This topic is locked
59 replies to this topic

#1 skizzo

skizzo

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Local time:07:09 AM

Posted 18 April 2009 - 11:38 AM

Referred here from: http://www.bleepingcomputer.com/forums/t/218785/i-think-i-have-a-keylogger-problem/ ~ OB

Hello there. I first posted on "Am I Infected" because I had a keylogger problem. That was solved, but apparently the member working with me said I was still infected which was the reason my computer slowed down in the past couple of weeks. He said he couldnt find the AntiVirusSentry file with all the MAMB and SAS scans I did after getting rid of my other problems, so he sent me here. I know my computer is slow, only have 512 of RAM and some of my drivers and BIOS need updates, but its never been this slow. Sometimes while opening a new window, the internet freezes (quite often lately), and sometimes I have to shut them down by using CTRL+ALT+DEL. Other times an error message about runtime appears and says the window has to be closed. I've read it was a problem with the latest Adobe, but I dunno. I just know its painfully slow at the moment. Please help me.



DDS (Ver_09-03-16.01) - FAT32x86
Run by Andr‚ Caetano at 17:21:17,58 on 18-04-2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.351.2070.18.1014.418 [GMT 1:00]

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated)
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated)
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated)
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Programas\Intel\Wireless\Bin\EvtEng.exe
C:\Programas\Intel\Wireless\Bin\S24EvMon.exe
SVCHOST.EXE
SVCHOST.EXE
C:\Programas\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
SVCHOST.EXE
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Programas\Java\jre6\bin\jqs.exe
C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe
C:\Programas\Intel\Wireless\Bin\RegSrvc.exe
C:\Programas\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programas\Realtek\InstallShield\AzMixerSel.exe
C:\Programas\Synaptics\SynTP\SynTPLpr.exe
C:\Programas\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programas\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Programas\Creative\ZEN Media Explorer\CTCheck.exe
C:\WINDOWS\system32\igfxext.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programas\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Programas\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programas\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programas\HP\Digital Imaging\bin\hpqgalry.exe
C:\Programas\Internet Explorer\iexplore.exe
C:\Programas\Lavasoft\Ad-Aware\AAWTray.exe
C:\Documents and Settings\André Caetano\Definições locais\Application Data\eSupport.com\biosagentplus_488[1].exe
C:\Documents and Settings\André Caetano\Ambiente de trabalho\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.pt/
uInternet Settings,ProxyServer = 194.36.10.156:3128
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\programas\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\programas\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\programas\microsoft office\office12\GrooveShellExtensions.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Programa Auxiliar de Início de Sessão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programas\ficheiros comuns\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\programas\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\programas\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\programas\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programas\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\programas\google\google toolbar\GoogleToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [swg] c:\programas\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [LaunchApp] Alaunch
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AzMixerSel] c:\programas\realtek\installshield\AzMixerSel.exe
mRun: [SynTPLpr] c:\programas\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\programas\synaptics\syntp\SynTPEnh.exe
mRun: [PCMService] "c:\program files\acer\acer arcade\PCMService.exe"
mRun: [ntiMUI] c:\programas\newtech infosystems\nti cd & dvd-maker 7\ntiMUI.exe
mRun: []
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe 1
mRun: [ePower_DMC] c:\acer\empowering technology\epower\ePower_DMC.exe
mRun: [Boot] c:\acer\empowering technology\epower\Boot.exe
mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE
mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\eRAgent.exe
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [LogitechCameraAssistant] c:\programas\acer\orbicam\CameraAssistant.exe
mRun: [LogitechVideo[inspector]] c:\programas\acer\orbicam\InstallHelper.exe /inspect
mRun: [LogitechCameraService(E)] c:\windows\system32\ElkCtrl.exe /automation
mRun: [ImageItEncrypt] c:\windows\system32\ImageItEncrypt.exe
mRun: [CTCheck] c:\programas\creative\zen media explorer\CTCheck.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [GrooveMonitor] "c:\programas\microsoft office\office12\GrooveMonitor.exe"
mRun: [HP Software Update] "c:\programas\hp\hp software update\HPWuSchd2.exe"
mRun: [SunJavaUpdateSched] "c:\programas\java\jre6\bin\jusched.exe"
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\arranque\adober~1.lnk - c:\programas\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\arranque\acerem~1.lnk - c:\acer\empowering technology\Acer.Empowering.Framework.Launcher.exe
StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\arranque\hpdigi~1.lnk - c:\programas\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\arranque\inicia~1.lnk - c:\programas\hp\digital imaging\bin\hpqthb08.exe
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programas\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} - hxxp://www.srtest.com/srl_bin/sysreqlab_ind.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1217610202868
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\programas\hp\hpcoretech\comp\hpuiprot.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\programas\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\programas\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\programas\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\programas\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\programas\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath -

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-4-12 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-5 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-1-5 27656]
R1 SASDIFSV;SASDIFSV;c:\programas\superantispyware\sasdifsv.sys [2009-3-23 9968]
R1 SASKUTIL;SASKUTIL;c:\programas\superantispyware\SASKUTIL.SYS [2009-3-23 72944]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-5 298264]
R2 EpmPsd;Acer EPM Power Scheme Driver;c:\windows\system32\drivers\epm-psd.sys [2006-6-30 4096]
R2 EpmShd;Acer EPM System Hardware Driver;c:\windows\system32\drivers\epm-shd.sys [2006-6-30 78208]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programas\lavasoft\ad-aware\AAWService.exe [2009-3-9 951632]
R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [2006-6-30 1088896]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2006-6-30 32512]
S3 SASENUM;SASENUM;c:\programas\superantispyware\SASENUM.SYS [2009-3-23 7408]

=============== Created Last 30 ================

2009-04-18 15:48 23,600 a------- c:\windows\system32\drivers\TVICHW32.SYS
2009-04-18 15:24 77,824 a------- c:\programas\Startup.exe
2009-04-18 14:23 180,224 a------- c:\windows\system32\igfxres.dll
2009-04-18 14:18 57,344 a------- c:\windows\system32\igxprd32.dll
2009-04-18 14:18 5,854,752 a------- c:\windows\system32\drivers\igxpmp32.sys
2009-04-18 14:18 1,670,144 a------- c:\windows\system32\igxpdv32.dll
2009-04-18 14:18 151,040 a------- c:\windows\system32\igxpgd32.dll
2009-04-18 14:18 2,643,968 a------- c:\windows\system32\igxpdx32.dll
2009-04-18 14:18 176,128 a------- c:\windows\system32\igfxrsky.lrc
2009-04-18 14:18 172,032 a------- c:\windows\system32\igfxrslv.lrc
2009-04-18 14:18 147,456 a------- c:\windows\system32\igfxCoIn_v4926.dll
2009-04-18 14:18 920,088 a------- c:\windows\system32\igxpun.exe
2009-04-18 14:18 319,456 a------- c:\windows\system32\difxapi.dll
2009-04-18 14:16 --d----- C:\Intel
2009-04-18 14:11 --d----- c:\programas\SystemRequirementsLab
2009-04-15 12:43 --d----- c:\documents and settings\andré caetano\DoctorWeb
2009-04-15 12:38 227,840 -------- c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 12:38 286,720 -------- c:\windows\system32\dllcache\pdh.dll
2009-04-15 12:38 111,104 -------- c:\windows\system32\dllcache\services.exe
2009-04-15 12:38 401,408 -------- c:\windows\system32\dllcache\rpcss.dll
2009-04-15 12:38 473,600 -------- c:\windows\system32\dllcache\fastprox.dll
2009-04-15 12:38 684,032 -------- c:\windows\system32\dllcache\advapi32.dll
2009-04-15 12:38 732,672 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 12:38 453,120 -------- c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 12:38 737,792 -------- c:\windows\system32\dllcache\ntdll.dll
2009-04-15 12:35 1,203,922 -------- c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 12:35 219,136 -------- c:\windows\system32\dllcache\wordpad.exe
2009-04-14 15:03 --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-04-14 15:03 --d----- c:\programas\SUPERAntiSpyware
2009-04-14 15:02 --d----- c:\programas\ficheiros comuns\Wise Installation Wizard
2009-04-14 13:26 --d----- c:\programas\Autoruns
2009-04-14 13:25 1,374 a------- c:\windows\imsins.BAK
2009-04-12 09:20 15,688 a------- c:\windows\system32\lsdelete.exe
2009-04-12 04:38 69,723 a------- c:\windows\system32\syntpfcs.dll
2009-04-12 04:24 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-04-12 03:57 --d-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-12 03:56 --d----- c:\programas\Lavasoft
2009-04-12 02:31 --d----- c:\docume~1\alluse~1\applic~1\SecTaskMan
2009-04-12 02:17 --d----- c:\programas\Enigma Software Group
2009-04-12 02:01 --d----- c:\docume~1\alluse~1\applic~1\{92E7A367-8E12-4830-AA70-29C32E331A81}
2009-04-12 01:45 --d----- c:\windows\pss
2009-04-12 00:20 --d----- c:\programas\Microsoft Windows OneCare Live
2009-04-12 00:13 90,352 a------- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-04-11 22:45 --d-hr-- c:\documents and settings\andré caetano\Recent
2009-04-11 22:38 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-11 22:38 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-11 22:38 --d----- c:\programas\Malwarebytes' Anti-Malware
2009-04-11 21:16 --d----- c:\programas\CCleaner
2009-04-11 20:04 --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2009-04-11 18:31 --d----- c:\programas\Spybot - Search & Destroy
2009-04-11 18:31 --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-03-31 14:26 --d----- c:\programas\ficheiros comuns\DVDVideoSoft
2009-03-21 15:07 1,039,360 -------- c:\windows\system32\dllcache\kernel32.dll

==================== Find3M ====================

2009-04-18 14:21 9,699,328 a---h--- c:\documents and settings\andré caetano\NTUSER.DAT
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-06 15:20 286,720 a------- c:\windows\system32\pdh.dll
2009-03-03 01:07 826,368 a------- c:\windows\system32\wininet.dll
2009-03-03 01:07 826,368 a------- c:\windows\system32\dllcache\wininet.dll
2009-02-28 05:54 636,072 -------- c:\windows\system32\dllcache\iexplore.exe
2009-02-20 11:20 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 11:20 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-02-20 06:14 161,792 a------- c:\windows\system32\dllcache\ieakui.dll
2009-02-10 19:05 2,069,888 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-09 14:05 1,846,912 a------- c:\windows\system32\win32k.sys
2009-02-09 14:05 1,846,912 -------- c:\windows\system32\dllcache\win32k.sys
2009-02-09 12:23 2,192,896 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-09 12:23 2,028,032 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-09 12:23 2,028,032 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-09 12:23 2,149,376 a------- c:\windows\system32\ntoskrnl.exe
2009-02-09 12:23 2,149,376 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-09 12:23 111,104 a------- c:\windows\system32\services.exe
2009-02-09 11:53 737,792 a------- c:\windows\system32\ntdll.dll
2009-02-09 11:53 732,672 a------- c:\windows\system32\lsasrv.dll
2009-02-09 11:53 684,032 a------- c:\windows\system32\advapi32.dll
2009-02-09 11:53 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-07 15:00 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-02-06 11:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-06 11:39 35,328 a------- c:\windows\system32\dllcache\sc.exe
2009-02-03 20:57 56,832 a------- c:\windows\system32\secur32.dll
2009-02-03 20:57 56,832 -------- c:\windows\system32\dllcache\secur32.dll
2008-11-04 14:22 19,869 a------- c:\docume~1\alluse~1\applic~1\pecivybuno.bat
2008-11-04 14:22 19,679 a------- c:\programas\ficheiros comuns\memo._dl
2008-11-04 14:22 15,272 a------- c:\programas\ficheiros comuns\jitaqy.inf
2008-11-04 14:22 12,890 a------- c:\docume~1\alluse~1\applic~1\zebulat.scr
2008-11-04 14:22 11,368 a------- c:\programas\ficheiros comuns\moquciheci.db
2008-11-04 14:22 10,826 a------- c:\docume~1\alluse~1\applic~1\wifekaja.pif
2008-11-04 14:22 10,288 a------- c:\docume~1\alluse~1\applic~1\homororem.bat
2008-11-04 14:19 12,912 a------- c:\docume~1\alluse~1\applic~1\gedavijep.reg
2008-10-09 02:25 46,281 a------- c:\programas\proxylist_full_oct_9_01_29_03_d.csv
2008-09-04 03:25 2,791,684 a------- c:\programas\klitekpp243b.exe

============= FINISH: 17:22:43,50 ===============

Attached Files


Edited by Orange Blossom, 18 April 2009 - 03:09 PM.


BC AdBot (Login to Remove)

 


#2 skizzo

skizzo
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Local time:07:09 AM

Posted 19 April 2009 - 07:59 AM

Should I post a new log? A member told me after I post a log I shouldnt change anything but I did check the disk for errors and I disfragmented the disk. Not sure if that affects anything?

#3 skizzo

skizzo
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Local time:07:09 AM

Posted 28 April 2009 - 01:10 PM

please I need help! :thumbup2:

#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:02:09 PM

Posted 28 April 2009 - 01:13 PM

Hello, my name is fenzodahl512 and welcome to Bleeping Computer.. Please do the following....



Please download The Comedian.exe to your desktop
  • Double click the program to run it. It will only take around several minutes to run.
  • It will do a series of tasks and tell you when each one is finished.
  • You will be prompted to press any key after each step
  • When it is done it will close and exit itself automatically.
  • You can delete The_Comedian.exe once it is finished



NEXT


Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop. <<mirror>>
If you see "random" name, just leave it.. If you see "GMER", please rename GMER into GAMERS
  • Open the renamed program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.
IMPORTANT: Do NOT run any program while you are doing these scans as it may interfere with the output results



Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GMER result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 skizzo

skizzo
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Local time:07:09 AM

Posted 30 April 2009 - 11:44 AM

I cant do The Comedian, Internet Explorer says The Comedian found a problem and must be terminated as soon as it clicks, and my AVG detects a trojan horse everytime I click on it

#6 skizzo

skizzo
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Local time:07:09 AM

Posted 30 April 2009 - 12:43 PM

Malwarebytes' Anti-Malware 1.36
Versão do banco de dados: 2061
Windows 5.1.2600 Service Pack 3

30-04-2009 18:41:47
mbam-log-2009-04-30 (18-41-47).txt

Tipo de Verificação: Completa (C:\|D:\|)
Objetos verificados: 158892
Tempo decorrido: 52 minute(s), 53 second(s)

Processos da Memória infectados: 0
Módulos de Memória Infectados: 0
Chaves do Registo infectadas: 0
Valores do Registo infectados: 1
Ítens do Registo infectados: 0
Pastas infectadas: 0
Ficheiros infectados: 0

Processos da Memória infectados:
(Nenhum item malicioso foi detectado)

Módulos de Memória Infectados:
(Nenhum item malicioso foi detectado)

Chaves do Registo infectadas:
(Nenhum item malicioso foi detectado)

Valores do Registo infectados:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.

Ítens do Registo infectados:
(Nenhum item malicioso foi detectado)

Pastas infectadas:
(Nenhum item malicioso foi detectado)

Ficheiros infectados:
(Nenhum item malicioso foi detectado)

#7 skizzo

skizzo
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Local time:07:09 AM

Posted 30 April 2009 - 12:47 PM

Logfile of random's system information tool 1.06 (written by random/random)
Run by André Caetano at 2009-04-30 18:44:50
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 21 GB (48%) free of 45 GB
Total RAM: 1014 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:45:20, on 30-04-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programas\Intel\Wireless\Bin\EvtEng.exe
C:\Programas\Intel\Wireless\Bin\S24EvMon.exe
C:\Programas\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Programas\Java\jre6\bin\jqs.exe
C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe
C:\Programas\Intel\Wireless\Bin\RegSrvc.exe
C:\Programas\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programas\Realtek\InstallShield\AzMixerSel.exe
C:\Programas\Synaptics\SynTP\SynTPLpr.exe
C:\Programas\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programas\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Programas\Creative\ZEN Media Explorer\CTCheck.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programas\HP\HP Software Update\HPWuSchd2.exe
C:\Programas\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programas\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Programas\Internet Explorer\iexplore.exe
C:\Documents and Settings\André Caetano\Ambiente de trabalho\RSIT.exe
C:\Documents and Settings\André Caetano\Ambiente de trabalho\André Caetano.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 194.36.10.156:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programas\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programas\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programas\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programas\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programas\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Programas\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programas\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programas\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [ntiMUI] C:\Programas\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Programas\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Programas\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [ImageItEncrypt] C:\WINDOWS\system32\ImageItEncrypt.exe
O4 - HKLM\..\Run: [CTCheck] C:\Programas\Creative\ZEN Media Explorer\CTCheck.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Programas\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [swg] C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Inicialização rápida do HP Image Zone.lnk = C:\Programas\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_ind.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1217610202868
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programas\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programas\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Programas\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programas\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programas\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programas\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programas\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\programas\ficheiros comuns\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programas\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programas\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programas\WinPcap\rpcapd.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programas\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 13317 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - c:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-10-10 308832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Programas\AVG\AVG8\avgssie.dll [2009-02-07 1078552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Programas\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programa Auxiliar de Início de Sessão do Windows Live - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Programas\Google\Google Toolbar\GoogleToolbar.dll [2009-04-26 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Programas\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-15 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Programas\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-26 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Programas\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\WINDOWS\system32\eDStoolbar.dll [2006-03-08 106496]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Programas\Google\Google Toolbar\GoogleToolbar.dll [2009-04-26 259696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"=Alaunch []
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2006-03-16 88204]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-02-27 16005120]
"AzMixerSel"=C:\Programas\Realtek\InstallShield\AzMixerSel.exe [2005-08-25 53248]
"SynTPLpr"=C:\Programas\Synaptics\SynTP\SynTPLpr.exe [2005-01-08 102491]
"SynTPEnh"=C:\Programas\Synaptics\SynTP\SynTPEnh.exe [2005-01-08 692315]
"PCMService"=C:\Program Files\Acer\Acer Arcade\PCMService.exe [2006-03-23 151552]
"ntiMUI"=C:\Programas\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe [2005-05-11 45056]
""= []
"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2006-03-17 345088]
"ePower_DMC"=C:\Acer\Empowering Technology\ePower\ePower_DMC.exe [2006-04-04 421888]
"Boot"=C:\Acer\Empowering Technology\ePower\Boot.exe [2006-03-15 579584]
"LManager"=C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE [2006-03-30 471040]
"eRecoveryService"=C:\Acer\Empowering Technology\eRecovery\eRAgent.exe [2006-03-30 401408]
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE [2005-11-30 225280]
"LogitechCameraAssistant"=C:\Programas\Acer\OrbiCam\CameraAssistant.exe [2005-11-29 438272]
"LogitechVideo[inspector]"=C:\Programas\Acer\OrbiCam\InstallHelper.exe [2005-11-29 73728]
"LogitechCameraService(E)"=C:\WINDOWS\system32\ElkCtrl.exe [2004-11-01 262144]
"ImageItEncrypt"=C:\WINDOWS\system32\ImageItEncrypt.exe [2005-12-30 40960]
"CTCheck"=C:\Programas\Creative\ZEN Media Explorer\CTCheck.exe [2007-11-06 397312]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-02-07 1601304]
"GrooveMonitor"=C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"HP Software Update"=C:\Programas\HP\HP Software Update\HPWuSchd2.exe [2004-02-12 49152]
"SunJavaUpdateSched"=C:\Programas\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-02-15 159744]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-02-15 131072]
"TkBellExe"=C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe [2008-10-10 185872]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-01-08 39408]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Arranque
Adobe Reader Speed Launch.lnk - C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
HP Digital Imaging Monitor.lnk - C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe
Inicialização rápida do HP Image Zone.lnk - C:\Programas\HP\Digital Imaging\bin\hpqthb08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Programas\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-02-22 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-02-07 10520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-02-15 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Programas\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Programas\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Acer\Acer Arcade\PCMService.exe"="C:\Program Files\Acer\Acer Arcade\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"
"C:\Programas\eMule\emule.exe"="C:\Programas\eMule\emule.exe:*:Enabled:eMule"
"C:\Documents and Settings\André Caetano\Ambiente de trabalho\emule.exe"="C:\Documents and Settings\André Caetano\Ambiente de trabalho\emule.exe:*:Enabled:eMule"
"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\Programas\LimeWire\LimeWire.exe"="C:\Programas\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programas\Windows Live\Messenger\msnmsgr.exe"="C:\Programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programas\Windows Live\Messenger\livecall.exe"="C:\Programas\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Programas\Internet Explorer\IEXPLORE.EXE"="C:\Programas\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\Programas\Kazaa Lite K++\KazaaLite.kpp"="C:\Programas\Kazaa Lite K++\KazaaLite.kpp:*:Enabled:KazaaLite"
"C:\Programas\BT Next Evolution\btnext.exe"="C:\Programas\BT Next Evolution\btnext.exe:*:Enabled:btnext"
"C:\Program Files\Real\RealPlayer\RealPlay.exe"="C:\Program Files\Real\RealPlayer\RealPlay.exe:*:Enabled:RealPlayer"
"C:\Programas\AVG\AVG8\avgupd.exe"="C:\Programas\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Programas\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Programas\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Programas\Microsoft Office\Office12\GROOVE.EXE"="C:\Programas\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Programas\Microsoft Office\Office12\ONENOTE.EXE"="C:\Programas\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programas\Windows Live\Messenger\msnmsgr.exe"="C:\Programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programas\Windows Live\Messenger\livecall.exe"="C:\Programas\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2319c0be-cb86-11dc-9dd4-00163648ebec}]
shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b115a3e-89ba-11db-9d6a-00163648ebec}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
shell\Open(0)\command - Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b0547474-d0d7-11db-9d74-0013022ab5d6}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
shell\Open(0)\command - Recycled\ctfmon.exe


======List of files/folders created in the last 3 months======

2009-04-30 18:44:49 ----D---- C:\rsit
2009-04-25 15:52:49 ----D---- C:\Programas\Online TV Player 4
2009-04-18 17:01:02 ----A---- C:\Programas\cpuz.exe
2009-04-18 15:24:22 ----A---- C:\Programas\Startup.exe
2009-04-18 14:23:03 ----A---- C:\WINDOWS\system32\igfxres.dll
2009-04-18 14:18:45 ----A---- C:\WINDOWS\system32\igxprd32.dll
2009-04-18 14:18:42 ----A---- C:\WINDOWS\system32\igxpgd32.dll
2009-04-18 14:18:42 ----A---- C:\WINDOWS\system32\igxpdv32.dll
2009-04-18 14:18:41 ----A---- C:\WINDOWS\system32\igxpdx32.dll
2009-04-18 14:18:41 ----A---- C:\WINDOWS\system32\igfxCoIn_v4926.dll
2009-04-18 14:18:39 ----A---- C:\WINDOWS\system32\igxpun.exe
2009-04-18 14:18:39 ----A---- C:\WINDOWS\system32\difxapi.dll
2009-04-18 14:16:49 ----D---- C:\Intel
2009-04-18 14:11:40 ----D---- C:\Programas\SystemRequirementsLab
2009-04-16 03:39:05 ----HD---- C:\WINDOWS\$NtUninstallKB952004$
2009-04-16 03:38:57 ----HD---- C:\WINDOWS\$NtUninstallKB960803$
2009-04-16 03:10:10 ----HD---- C:\WINDOWS\$NtUninstallKB959426$
2009-04-16 03:10:00 ----HD---- C:\WINDOWS\$NtUninstallKB961373$
2009-04-16 03:03:39 ----HD---- C:\WINDOWS\$NtUninstallKB956572$
2009-04-16 03:01:17 ----HD---- C:\WINDOWS\$NtUninstallKB923561$
2009-04-14 18:19:14 ----A---- C:\WINDOWS\system32\javaws.exe
2009-04-14 18:19:14 ----A---- C:\WINDOWS\system32\javaw.exe
2009-04-14 18:19:13 ----A---- C:\WINDOWS\system32\java.exe
2009-04-14 15:03:27 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-14 15:03:15 ----D---- C:\Programas\SUPERAntiSpyware
2009-04-14 15:03:15 ----D---- C:\Documents and Settings\André Caetano\Application Data\SUPERAntiSpyware.com
2009-04-14 15:02:32 ----D---- C:\Programas\Ficheiros comuns\Wise Installation Wizard
2009-04-14 13:26:52 ----D---- C:\Programas\Autoruns
2009-04-14 13:25:21 ----A---- C:\WINDOWS\imsins.BAK
2009-04-12 09:20:12 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-04-12 04:38:29 ----A---- C:\WINDOWS\system32\syntpfcs.dll
2009-04-12 03:57:21 ----HD---- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-12 03:56:53 ----D---- C:\Programas\Lavasoft
2009-04-12 03:56:53 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-04-12 02:31:38 ----D---- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2009-04-12 02:17:00 ----D---- C:\Programas\Enigma Software Group
2009-04-12 02:01:37 ----D---- C:\Documents and Settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}
2009-04-12 01:45:57 ----D---- C:\WINDOWS\pss
2009-04-12 00:25:27 ----D---- C:\Programas\Windows Live Safety Center
2009-04-12 00:20:22 ----D---- C:\Programas\Microsoft Windows OneCare Live
2009-04-11 22:42:30 ----A---- C:\WINDOWS\ntbtlog.txt
2009-04-11 22:38:35 ----D---- C:\Programas\Malwarebytes' Anti-Malware
2009-04-11 21:16:04 ----D---- C:\Programas\CCleaner
2009-04-11 20:04:33 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-04-11 18:31:46 ----D---- C:\Programas\Spybot - Search & Destroy
2009-04-11 18:31:46 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-31 14:26:47 ----D---- C:\Programas\Ficheiros comuns\DVDVideoSoft
2009-03-27 16:19:03 ----D---- C:\Documents and Settings\André Caetano\Application Data\MiniDm
2009-03-27 14:39:44 ----D---- C:\Documents and Settings\André Caetano\Application Data\IEPro
2009-03-26 17:40:16 ----D---- C:\Documents and Settings\André Caetano\Application Data\AVG8
2009-03-11 03:03:05 ----HD---- C:\WINDOWS\$NtUninstallKB960225$
2009-03-11 03:02:56 ----HD---- C:\WINDOWS\$NtUninstallKB958690$
2009-03-11 03:02:29 ----HD---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-03-04 22:45:47 ----D---- C:\Documents and Settings\André Caetano\Application Data\AVS4YOU
2009-03-04 22:45:23 ----D---- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2009-03-04 22:38:07 ----D---- C:\Programas\Ficheiros comuns\AVSMedia
2009-02-25 20:19:45 ----HD---- C:\WINDOWS\$NtUninstallKB967715$
2009-02-23 01:14:16 ----D---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-02-23 01:14:07 ----D---- C:\Programas\AltoMP3 Gold
2009-02-11 03:01:36 ----HD---- C:\WINDOWS\$NtUninstallKB960715$

======List of files/folders modified in the last 3 months======

2009-04-29 04:13:04 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-20 09:49:32 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-18 14:22:46 ----A---- C:\WINDOWS\ModemLog_Agere Systems HDA Modem.txt
2009-04-12 04:28:32 ----RASH---- C:\boot.ini
2009-04-12 04:28:32 ----A---- C:\WINDOWS\win.ini
2009-04-12 04:28:32 ----A---- C:\WINDOWS\system.ini
2009-04-06 15:57:24 ----A---- C:\WINDOWS\system32\MRT.exe
2009-03-21 15:07:54 ----A---- C:\WINDOWS\system32\kernel32.dll
2009-03-09 05:19:08 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-03-06 15:20:30 ----A---- C:\WINDOWS\system32\pdh.dll
2009-03-03 01:07:32 ----A---- C:\WINDOWS\system32\wininet.dll
2009-02-20 18:09:18 ----A---- C:\WINDOWS\system32\webcheck.dll
2009-02-20 18:09:18 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-02-20 18:09:18 ----A---- C:\WINDOWS\system32\ieencode.dll
2009-02-20 18:09:16 ----A---- C:\WINDOWS\system32\url.dll
2009-02-20 18:09:16 ----A---- C:\WINDOWS\system32\pngfilt.dll
2009-02-20 18:09:16 ----A---- C:\WINDOWS\system32\occache.dll
2009-02-20 18:09:16 ----A---- C:\WINDOWS\system32\mstime.dll
2009-02-20 18:09:16 ----A---- C:\WINDOWS\system32\msrating.dll
2009-02-20 18:09:16 ----A---- C:\WINDOWS\system32\mshtmled.dll
2009-02-20 18:09:16 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-02-20 18:09:14 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-02-20 18:09:14 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-02-20 18:09:12 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-02-20 18:09:12 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-02-20 18:09:12 ----A---- C:\WINDOWS\system32\iernonce.dll
2009-02-20 18:09:12 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-02-20 18:09:08 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2009-02-20 18:09:08 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2009-02-20 18:09:08 ----A---- C:\WINDOWS\system32\ieaksie.dll
2009-02-20 18:09:08 ----A---- C:\WINDOWS\system32\ieakeng.dll
2009-02-20 18:09:08 ----A---- C:\WINDOWS\system32\icardie.dll
2009-02-20 18:09:08 ----A---- C:\WINDOWS\system32\extmgr.dll
2009-02-20 18:09:08 ----A---- C:\WINDOWS\system32\dxtrans.dll
2009-02-20 18:09:08 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2009-02-20 18:09:08 ----A---- C:\WINDOWS\system32\advpack.dll
2009-02-20 11:20:50 ----A---- C:\WINDOWS\system32\ieudinit.exe
2009-02-20 11:20:50 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2009-02-20 06:14:12 ----A---- C:\WINDOWS\system32\ieakui.dll
2009-02-09 12:23:54 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2009-02-09 12:23:40 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2009-02-09 12:23:36 ----A---- C:\WINDOWS\system32\services.exe
2009-02-09 11:53:18 ----A---- C:\WINDOWS\system32\rpcss.dll
2009-02-09 11:53:18 ----A---- C:\WINDOWS\system32\ntdll.dll
2009-02-09 11:53:18 ----A---- C:\WINDOWS\system32\lsasrv.dll
2009-02-09 11:53:18 ----A---- C:\WINDOWS\system32\advapi32.dll
2009-02-07 15:00:40 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-02-06 11:39:08 ----A---- C:\WINDOWS\system32\sc.exe
2009-02-03 20:57:26 ----A---- C:\WINDOWS\system32\secur32.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-02-07 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-02-07 27656]
R1 intelppm;Controlador de processador Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40320]
R1 SASDIFSV;SASDIFSV; \??\C:\Programas\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Programas\SUPERAntiSpyware\SASKUTIL.sys []
R1 WmiAcpi;Interface de gestão Microsoft Windows para ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.9.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-06-30 21275]
R2 EpmPsd;Acer EPM Power Scheme Driver; \??\C:\WINDOWS\system32\drivers\epm-psd.sys []
R2 EpmShd;Acer EPM System Hardware Driver; \??\C:\WINDOWS\system32\drivers\epm-shd.sys []
R2 int15;int15; \??\C:\WINDOWS\system32\drivers\int15.sys []
R2 s24trans;Transporte WLAN; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-11-28 13568]
R2 tvicport;tvicport; \??\C:\WINDOWS\system32\drivers\tvicport.sys []
R2 zntport;zntport; \??\C:\WINDOWS\system32\drivers\zntport.sys []
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2006-03-16 1124097]
R3 CmBatt;Controlador Microsoft ACPI Control Method Battery; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\WINDOWS\system32\DRIVERS\DKbFltr.sys [2004-12-08 16896]
R3 HDAudBus;Controlador de Barramento UAA da Microsoft para High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-15 5854752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-02-27 4241920]
R3 lv321av;Logitech USB PC Camera (VC0321); C:\WINDOWS\System32\Drivers\lv321av.sys [2005-11-30 1088896]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-11-30 39424]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2006-04-19 6144]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-01-18 80512]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-01-08 191456]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-09-20 162432]
R3 usbehci;Microsoft USB 2.0 - controlador Miniport de anfitrião melhorado; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrador activado por USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Controlador miniport do controlador Microsoft USB universal; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-02-22 1505792]
S3 CCDECODE;Descodificador de captura fechada; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HidUsb;Controlador de classe HID da Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-06-21 51088]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-06-21 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-06-21 21744]
S3 lvmvdrv;Logitech Machine Vision Engine Loader; \??\C:\WINDOWS\system32\drivers\lvmvdrv.sys []
S3 mouhid;Controlador HID de rato; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-11-20 12160]
S3 MSTEE;Conversor da Microsoft para fluxos Tee/Sink-to-Sink; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Ligação de TV/Vídeo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2005-11-02 32512]
S3 psdfilter;psdfilter; \??\C:\WINDOWS\system32\Drivers\psdfilter.sys []
S3 psdvdisk;psdvdisk; \??\C:\WINDOWS\system32\Drivers\psdvdisk.sys []
S3 SASENUM;SASENUM; \??\C:\Programas\SUPERAntiSpyware\SASENUM.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Classe de impressoras USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Controlador de scanner USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Controlador de armazenamento de massa USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 w39n51;Intel® PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-11-27 1427968]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcerMemUsageCheckService;Memory Check Service; C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [2006-03-29 28672]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-02-07 298264]
R2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe [2006-03-23 254050]
R2 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe [2006-03-23 114784]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-13 44032]
R2 CyberLink Media Library Service;CyberLink Media Library Service; C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe [2006-03-23 61440]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Programas\Intel\Wireless\Bin\EvtEng.exe [2005-11-28 114753]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programas\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Programas\Lavasoft\Ad-Aware\AAWService.exe [2009-04-26 953168]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe [2006-02-17 73728]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Programas\Intel\Wireless\Bin\RegSrvc.exe [2005-11-28 217164]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Programas\CyberLink\Shared Files\RichVideo.exe [2005-01-21 143360]
R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Programas\Intel\Wireless\Bin\S24EvMon.exe [2005-11-28 540745]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-02-22 405504]
S2 LVPrcSrv;Logitech Process Monitor; c:\programas\ficheiros comuns\logitech\lvmvfm\LVPrcSrv.exe [2005-11-30 81920]
S3 aspnet_state;Serviço de estado do ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800]
S3 gusvc;Google Software Updater; C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-29 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Programas\Ficheiros comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Programas\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:\Programas\Ficheiros comuns\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Programas\Ficheiros comuns\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-03-18 65536]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Programas\WinPcap\rpcapd.exe [2005-11-02 86016]
S3 usnjsvc;Pastas Partilhadas do Messenger - USN Journal Reader Service; C:\Programas\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Programas\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Serviço de Partilha de Rede do Windows Media Player; C:\Programas\Windows Media Player\WMPNetwk.exe [2007-01-05 915968]

-----------------EOF-----------------

#8 skizzo

skizzo
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Local time:07:09 AM

Posted 30 April 2009 - 01:10 PM

info.txt logfile of random's system information tool 1.06 2009-04-30 18:45:26

======Uninstall list======

-->"C:\Programas\Creative Installation Information\CD_RIPPER_UNICODE_2\Setup.exe" /remove /l0x0416
-->"C:\Programas\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /l0x0009
-->"C:\Programas\Creative Installation Information\CREATIVE_SYNC_MANAGER_U\Setup.exe" /remove /l0x0009
-->"C:\Programas\Creative Installation Information\CREATIVE_VIDEO_CONVERTER\Setup.exe" /remove /l0x0009
-->"C:\Programas\Creative Installation Information\E-CENTER_NET_CONTENT_U\Setup.exe" /remove /l0x0009
-->"C:\Programas\Creative Installation Information\E-CENTER_PLUGIN_CDBURNER_U\Setup.exe" /remove /l0x0009
-->"C:\Programas\Creative Installation Information\E-CENTER_PLUGIN_MTP_U\Setup.exe" /remove /l0x0009
-->"C:\Programas\Creative Installation Information\MEDIASOURCE_PLAYER_SKINPACK_U\Setup.exe" /remove /l0x0009
-->C:\WINDOWS\IsUninst.exe -f"C:\Programas\Acer Inc.\Acer Portuguese Guide Link\Uninst.isu"
-->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{13E613EF-BB55-11D9-9D77-000129760D75}\setup.exe" -uninstall
-->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{FC4F90EC-B1DA-11D9-9D77-000129760D75}\setup.exe" -uninstall
-->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{5EEE551B-7692-4D68-91BF-DAD745243AFB}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{C029DB0E-C59F-417A-90F8-88FD5B2C4AE7}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0816-0000-0000000FF1CE} /uninstall {A0926DF5-19BB-448D-B8AA-7B1E321F48CF}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0816-0000-0000000FF1CE} /uninstall {A0926DF5-19BB-448D-B8AA-7B1E321F48CF}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0816-0000-0000000FF1CE} /uninstall {A0926DF5-19BB-448D-B8AA-7B1E321F48CF}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0816-0000-0000000FF1CE} /uninstall {A0926DF5-19BB-448D-B8AA-7B1E321F48CF}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0816-0000-0000000FF1CE} /uninstall {A0926DF5-19BB-448D-B8AA-7B1E321F48CF}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0816-0000-0000000FF1CE} /uninstall {A0926DF5-19BB-448D-B8AA-7B1E321F48CF}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0816-0000-0000000FF1CE} /uninstall {C450104C-4F9F-4924-8B97-92FB09DE9A92}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0816-0000-0000000FF1CE} /uninstall {A0926DF5-19BB-448D-B8AA-7B1E321F48CF}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0816-0000-0000000FF1CE} /uninstall {6C04B8BC-6DC4-422F-B871-0236D11C50AB}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0816-0000-0000000FF1CE} /uninstall {A0926DF5-19BB-448D-B8AA-7B1E321F48CF}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0816-0000-0000000FF1CE} /uninstall {A0926DF5-19BB-448D-B8AA-7B1E321F48CF}
Acer Arcade-->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
Acer eDataSecurity Management 2.0.3076-->C:\PROGRA~1\FICHEI~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{4AD13F68-CADA-4C6B-9759-C33753F89908} /l2070
Acer eDataSecurity Management-->C:\Acer\Empowering Technology\eDataSecurity\eDStbmngr.exe UNINSTALL 1
Acer Empowering Technology-->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x816 -removeonly
Acer eNet Management-->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{C06554A1-2C1E-4D20-B613-EE62C79927CC}\Setup.exe" -l0x416
Acer ePerformance Management-->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{7057702F-6D71-4F30-8000-9E72BC771887}\setup.exe" -l0x816 -removeonly
Acer ePower Management-->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\Setup.exe" -l0x816
Acer ePresentation Management-->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{BF839132-BD43-4056-ACBF-4377F4A88E2A}\Setup.exe" -l0x816
Acer eSettings Management-->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{1F2C8256-2773-46C7-9ABA-3E39C24ABB51}\setup.exe" -l0x816 -removeonly
Acer GridVista-->C:\WINDOWS\UnInst32.exe GridV.UNI
Acer OrbiCam Software-->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{76AC1AEB-1167-4ABC-8861-4E58392A5B7F}\setup.exe" -l0x416
Acer Screensaver-->MsiExec.exe /I{D458BBDC-0363-42E0-8FF9-4736E3CB3CA2}
Actualização Crítica para o Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Actualização de Segurança para o Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Actualização de Segurança para o Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Actualização de Segurança para o Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Actualização de Segurança para o Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Actualização de Segurança para o Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Actualização de segurança para Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Actualização de segurança para Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Actualização de segurança para Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Actualização de segurança para Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Actualização de segurança para Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Actualização de segurança para Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Actualização de segurança para Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Actualização de segurança para Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB913433)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB913433.inf
Actualização de segurança para Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Actualização de Segurança para Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Actualização para Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Actualização para Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Actualização para Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Actualização para Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Actualização para Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Agere Systems HDA Modem-->agrsmdel
AltoMP3 Gold 5.20-->C:\Programas\AltoMP3 Gold\uninst.exe
Arquivo do WinRAR-->C:\Programas\WinRAR\uninstall.exe
Assistente de Início de Sessão do Windows Live-->MsiExec.exe /I{74B15DD2-921E-48E5-9ADC-DC6C0C69C263}
AVG Free 8.0-->C:\Programas\AVG\AVG8\setup.exe /UNINSTALL
CCleaner (remove only)-->"C:\Programas\CCleaner\uninst.exe"
CD to MP3 WAV Maker 1.28-->"C:\Programas\SuperAudiotool\CD to MP3 WAV Maker\unins000.exe"
Correcção para o Windows Media Player 10 - KB895316-->"C:\WINDOWS\$NtUninstallKB895316$\spuninst\spuninst.exe"
Correcção para o Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Creative Audio Pack-->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{5EEE551B-7692-4D68-91BF-DAD745243AFB}\setup.exe" -l0x9 /remove
Creative MediaSource 5-->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\SETUP.EXE" -l0x9 /remove
Creative Removable Disk Manager-->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9 /remove
Creative System Information-->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Driver da Acer OrbiCam-->"C:\Programas\Ficheiros comuns\Acer\OrbiCam\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT -l0416
DriverAgent by eSupport.com-->RunDll32.exe advpack.dll,LaunchINFSection driveragent_exe.inf,TVICHW32Remove
eMule-->"C:\Programas\eMule\Uninstall.exe"
FLV Player 2.0, build 24-->C:\Programas\FLV Player\uninst.exe
Google Toolbar for Internet Explorer-->"C:\Programas\Google\Google Toolbar\Component\GoogleToolbarManager_BDA1448D3D255554.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Documents and Settings\André Caetano\Ambiente de trabalho\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix para Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Image Zone 4.2-->C:\Programas\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 4.2-->"C:\Programas\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe" -datfile hposcr04.dat
HP Software Update-->MsiExec.exe /X{457791C5-D702-4143-A7B2-2744BE9573F2}
Intel® Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
Intel® PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Java™ 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java™ SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
K-Lite Codec Pack 2.54 Full-->"C:\Programas\K-Lite Codec Pack\unins000.exe"
Last.fm 1.5.4.24567-->"C:\Programas\Last.fm\unins000.exe"
Launch Manager-->C:\WINDOWS\UnInst32.exe QtZgAcer.UNI
LimeWire 5.0.11-->"C:\Programas\LimeWire\uninstall.exe"
Malwarebytes' Anti-Malware-->"C:\Programas\Malwarebytes' Anti-Malware\unins000.exe"
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1 Portuguese Language Pack-->MsiExec.exe /X{0D70FCFE-2102-4951-A56E-22DD07DFA5B6}
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Language Pack - PTG-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - PTG\install.exe
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (Portuguese (Portugal)) 2007-->MsiExec.exe /X{90120000-0015-0816-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Programas\Ficheiros comuns\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Portuguese (Portugal)) 2007-->MsiExec.exe /X{90120000-0016-0816-0000-0000000FF1CE}
Microsoft Office Groove MUI (Portuguese (Portugal)) 2007-->MsiExec.exe /X{90120000-00BA-0816-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Portuguese (Portugal)) 2007-->MsiExec.exe /X{90120000-0044-0816-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Portuguese (Portugal)) 2007-->MsiExec.exe /X{90120000-00A1-0816-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Portuguese (Portugal)) 2007-->MsiExec.exe /X{90120000-001A-0816-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Portuguese (Portugal)) 2007-->MsiExec.exe /X{90120000-0018-0816-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Portuguese (Portugal)) 2007-->MsiExec.exe /X{90120000-001F-0816-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (Portuguese (Portugal)) 2007-->MsiExec.exe /X{90120000-002C-0816-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Portuguese (Portugal)) 2007-->MsiExec.exe /X{90120000-0019-0816-0000-0000000FF1CE}
Microsoft Office Shared MUI (Portuguese (Portugal)) 2007-->MsiExec.exe /X{90120000-006E-0816-0000-0000000FF1CE}
Microsoft Office Word MUI (Portuguese (Portugal)) 2007-->MsiExec.exe /X{90120000-001B-0816-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox (3.0.3)-->C:\Programas\Mozilla Firefox\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
NTI Backup NOW! 4-->C:\PROGRA~1\FICHEI~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{385979FE-DC4F-4140-8EAD-A59625000D72} /l2070 BUN4
NTI CD & DVD-Maker-->C:\PROGRA~1\FICHEI~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l2070 CDM7
PowerProducer-->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x816 -removeonly
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB960003)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F04F8702-18D0-458D-921E-146FB7CD38CF}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB959997)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {9EAC3AEC-5C81-4856-A05B-DE9DC236D740}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Spybot - Search & Destroy-->"C:\Programas\Spybot - Search & Destroy\unins000.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Programas\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
System Requirements Lab-->C:\Programas\SystemRequirementsLab\Uninstall.exe
Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\PROGRA~1\FICHEI~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A} /l1046
Uninstall 1.0.0.1-->"C:\Programas\Ficheiros comuns\DVDVideoSoft\unins000.exe"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Outlook 2007 Junk Email Filter (kb968503)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5DD98950-4D10-4B79-8BF6-59726705207D}
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{0C69F74B-DA6A-4C56-8017-988B7D63993A}
Windows Live Messenger-->MsiExec.exe /X{B98023FD-EC2A-404B-BFC3-49E7ECE4490E}
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Programas\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format 11 runtime-->"C:\Programas\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Programas\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
ZEN Media Explorer-->"C:\Programas\Creative Installation Information\ZEN_MTP_MEDIA_EXPLORER\Setup.exe" /remove /l0x0416
ZENcast Organizer-->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{C029DB0E-C59F-417A-90F8-88FD5B2C4AE7}\setup.exe" -l0x9 /remove

======Hosts File======

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com

======Security center information======

AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic (disabled)
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: AVG Anti-Virus Free
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic (disabled)
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic (disabled)
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic

======System event log======

Computer Name: ANDRÉ
Event Code: 256
Message: Excedido o tempo limite para envio de notificação de alteração da interface do dispositivo para a janela de "C:\Programas\Creative\ZEN Media Explorer\CTCheck.exe"

Record Number: 59760
Source Name: PlugPlayManager
Time Written: 20090321021404.000000+000
Event Type: Aviso!
User:

Computer Name: ANDRÉ
Event Code: 257
Message: Excedido o tempo limite para envio de notificação de alteração do dispositivo de destino para a janela de "C:\Programas\Creative\ZEN Media Explorer\CTCheck.exe"

Record Number: 59759
Source Name: PlugPlayManager
Time Written: 20090321021404.000000+000
Event Type: Aviso!
User:

Computer Name: ANDRÉ
Event Code: 4226
Message: O TCP/IP atingiu o limite de segurança imposto pelo número de tentativas de ligação TCP simultâneas.

Record Number: 59758
Source Name: Tcpip
Time Written: 20090321014753.000000+000
Event Type: Aviso!
User:

Computer Name: ANDRÉ
Event Code: 256
Message: Excedido o tempo limite para envio de notificação de alteração da interface do dispositivo para a janela de "C:\Programas\Creative\ZEN Media Explorer\CTCheck.exe"

Record Number: 59757
Source Name: PlugPlayManager
Time Written: 20090321004258.000000+000
Event Type: Aviso!
User:

Computer Name: ANDRÉ
Event Code: 14000
Message: MTP WPD Driver has started successfully.

Record Number: 59756
Source Name: WPDMTPDriver
Time Written: 20090321004227.000000+000
Event Type: Informações
User:

=====Application event log=====

Computer Name: ANDRÉ
Event Code: 0
Message: PowerEvent foi processado com êxito pelo serviço.

Record Number: 63270
Source Name: AcerMemUsageCheckService
Time Written: 20090120134037.000000+000
Event Type: Informações
User:

Computer Name: ANDRÉ
Event Code: 0
Message: PowerEvent foi processado com êxito pelo serviço.

Record Number: 63269
Source Name: AcerMemUsageCheckService
Time Written: 20090120134007.000000+000
Event Type: Informações
User:

Computer Name: ANDRÉ
Event Code: 0
Message: PowerEvent foi processado com êxito pelo serviço.

Record Number: 63268
Source Name: AcerMemUsageCheckService
Time Written: 20090120133937.000000+000
Event Type: Informações
User:

Computer Name: ANDRÉ
Event Code: 0
Message: PowerEvent foi processado com êxito pelo serviço.

Record Number: 63267
Source Name: AcerMemUsageCheckService
Time Written: 20090120133918.000000+000
Event Type: Informações
User:

Computer Name: ANDRÉ
Event Code: 0
Message: PowerEvent foi processado com êxito pelo serviço.

Record Number: 63266
Source Name: AcerMemUsageCheckService
Time Written: 20090120133913.000000+000
Event Type: Informações
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programas\Intel\Wireless\Bin\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0e08
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

Attached Files



#9 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:02:09 PM

Posted 30 April 2009 - 01:56 PM

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.Link 1
Link 2
Link 3
Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#10 skizzo

skizzo
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Local time:07:09 AM

Posted 01 May 2009 - 10:29 AM

Combofix detected the Avira Antivirus on my pc, but I cant find it anywhere, my computer says there is no such program installed :thumbup2:

#11 skizzo

skizzo
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Local time:07:09 AM

Posted 01 May 2009 - 10:50 AM

ComboFix 09-04-30.056 - André Caetano 01-05-2009 16:38.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.351.2070.18.1014.615 [GMT 1:00]
Executando de: c:\documents and settings\André Caetano\Ambiente de trabalho\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated)
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)
.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


(((((((((((((((( Arquivos/Ficheiros criados de 2009-04-01 to 2009-05-01 ))))))))))))))))))))))))))))
.

2009-04-30 17:44 . 2009-04-30 17:44 -------- d-----w C:\rsit
2009-04-25 14:52 . 2009-04-25 14:52 -------- d-----w c:\programas\Online TV Player 4
2009-04-18 16:01 . 2009-02-13 18:56 1527808 ----a-w c:\programas\cpuz.exe
2009-04-18 14:48 . 2009-04-18 14:48 23600 ----a-w c:\windows\system32\drivers\TVICHW32.SYS
2009-04-18 14:24 . 2003-01-03 19:36 77824 ----a-w c:\programas\Startup.exe
2009-04-18 13:23 . 2008-02-15 11:49 180224 ----a-w c:\windows\system32\igfxres.dll
2009-04-18 13:18 . 2008-02-15 12:12 57344 ----a-w c:\windows\system32\igxprd32.dll
2009-04-18 13:18 . 2008-02-15 12:12 5854752 ----a-w c:\windows\system32\drivers\igxpmp32.sys
2009-04-18 13:18 . 2008-02-15 12:12 1670144 ----a-w c:\windows\system32\igxpdv32.dll
2009-04-18 13:18 . 2008-02-15 12:12 151040 ----a-w c:\windows\system32\igxpgd32.dll
2009-04-18 13:18 . 2008-02-15 12:21 147456 ----a-w c:\windows\system32\igfxCoIn_v4926.dll
2009-04-18 13:18 . 2008-02-15 12:12 2643968 ----a-w c:\windows\system32\igxpdx32.dll
2009-04-18 13:18 . 2006-11-10 07:25 319456 ----a-w c:\windows\system32\difxapi.dll
2009-04-18 13:18 . 2008-03-07 11:56 920088 ----a-w c:\windows\system32\igxpun.exe
2009-04-18 13:16 . 2009-04-18 13:16 -------- d-----w C:\Intel
2009-04-18 13:11 . 2009-04-18 13:11 -------- d-----w c:\programas\SystemRequirementsLab
2009-04-15 11:38 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 11:38 . 2009-03-06 14:20 286720 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-15 11:38 . 2009-02-09 11:23 111104 ------w c:\windows\system32\dllcache\services.exe
2009-04-15 11:38 . 2009-02-09 10:53 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 11:38 . 2009-02-09 10:53 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 11:38 . 2009-02-09 10:53 684032 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 11:38 . 2009-02-09 10:53 732672 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 11:38 . 2009-02-09 10:53 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 11:38 . 2009-02-09 10:53 737792 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 11:35 . 2008-04-21 21:15 219136 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-14 14:03 . 2009-04-14 14:03 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-14 14:03 . 2009-04-14 14:03 -------- d-----w c:\programas\SUPERAntiSpyware
2009-04-14 14:02 . 2009-04-14 14:02 -------- d-----w c:\programas\Ficheiros comuns\Wise Installation Wizard
2009-04-14 12:26 . 2009-04-14 12:26 -------- d-----w c:\programas\Autoruns
2009-04-12 08:20 . 2009-03-09 19:06 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-04-12 03:38 . 2005-01-08 06:17 69723 ----a-w c:\windows\system32\syntpfcs.dll
2009-04-12 03:24 . 2009-04-26 03:29 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-04-12 02:57 . 2009-04-12 02:57 -------- d--h--w c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-12 02:56 . 2009-04-12 02:56 -------- d-----w c:\programas\Lavasoft
2009-04-12 02:56 . 2009-04-12 02:56 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-04-12 01:31 . 2009-04-12 01:31 -------- d-----w c:\documents and settings\All Users\Application Data\SecTaskMan
2009-04-12 01:17 . 2009-04-12 01:17 -------- d-----w c:\programas\Enigma Software Group
2009-04-12 01:01 . 2009-04-12 01:01 -------- d-----w c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}
2009-04-11 23:25 . 2009-04-11 23:25 -------- d-----w c:\programas\Windows Live Safety Center
2009-04-11 23:20 . 2009-04-11 23:20 -------- d-----w c:\programas\Microsoft Windows OneCare Live
2009-04-11 23:13 . 2009-04-11 23:13 90352 ----a-w c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-04-11 21:38 . 2009-04-06 14:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-11 21:38 . 2009-04-06 14:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-11 21:38 . 2009-04-11 21:38 -------- d-----w c:\programas\Malwarebytes' Anti-Malware
2009-04-11 20:16 . 2009-04-11 20:16 -------- d-----w c:\programas\CCleaner
2009-04-11 19:04 . 2009-04-11 19:04 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-04-11 17:31 . 2009-04-11 17:31 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-11 17:31 . 2009-04-11 17:31 -------- d-----w c:\programas\Spybot - Search & Destroy

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-20 08:49 . 2006-04-19 19:14 76688 ----a-w c:\windows\system32\perfc016.dat
2009-04-20 08:49 . 2006-04-19 19:14 458578 ----a-w c:\windows\system32\perfh016.dat
2009-03-31 13:26 . 2009-03-31 13:26 -------- d-----w c:\programas\Ficheiros comuns\DVDVideoSoft
2009-03-09 04:19 . 2008-12-25 12:42 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-06 14:20 . 2004-08-04 19:00 286720 ----a-w c:\windows\system32\pdh.dll
2009-03-04 21:38 . 2009-03-04 21:38 -------- d-----w c:\programas\Ficheiros comuns\AVSMedia
2009-03-03 00:07 . 2006-01-09 18:02 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 17:09 . 2004-08-04 19:00 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 13:05 . 2004-08-04 19:00 1846912 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:23 . 2004-08-04 19:00 2028032 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 11:23 . 2004-08-04 19:00 2149376 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 11:23 . 2004-08-04 19:00 111104 ----a-w c:\windows\system32\services.exe
2009-02-09 10:53 . 2004-08-04 19:00 737792 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 10:53 . 2004-08-04 19:00 732672 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:53 . 2004-08-04 19:00 684032 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:53 . 2004-08-04 19:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-07 14:00 . 2009-01-05 14:19 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-02-07 14:00 . 2009-01-05 14:19 325128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-02-06 10:39 . 2004-08-04 19:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:57 . 2004-08-04 19:00 56832 ----a-w c:\windows\system32\secur32.dll
2008-11-04 13:22 . 2008-11-04 13:22 19679 ----a-w c:\programas\Ficheiros comuns\memo._dl
2008-11-04 13:22 . 2008-11-04 13:22 15272 ----a-w c:\programas\Ficheiros comuns\jitaqy.inf
2008-11-04 13:22 . 2008-11-04 13:22 11368 ----a-w c:\programas\Ficheiros comuns\moquciheci.db
2008-10-09 01:25 . 2008-10-09 01:25 46281 ----a-w c:\programas\proxylist_full_oct_9_01_29_03_d.csv
2008-09-04 02:25 . 2008-09-04 02:25 2791684 ----a-w c:\programas\klitekpp243b.exe
.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-08 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"AzMixerSel"="c:\programas\Realtek\InstallShield\AzMixerSel.exe" [2005-08-25 53248]
"SynTPLpr"="c:\programas\Synaptics\SynTP\SynTPLpr.exe" [2005-01-08 102491]
"SynTPEnh"="c:\programas\Synaptics\SynTP\SynTPEnh.exe" [2005-01-08 692315]
"PCMService"="c:\program files\Acer\Acer Arcade\PCMService.exe" [2006-03-22 151552]
"ntiMUI"="c:\programas\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 45056]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-03-17 345088]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-04-04 421888]
"Boot"="c:\acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 579584]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2006-03-30 471040]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-03-30 401408]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-11-30 225280]
"LogitechCameraAssistant"="c:\programas\Acer\OrbiCam\CameraAssistant.exe" [2005-11-29 438272]
"LogitechVideo[inspector]"="c:\programas\Acer\OrbiCam\InstallHelper.exe" [2005-11-29 13:51 73728]
"LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144]
"ImageItEncrypt"="c:\windows\system32\ImageItEncrypt.exe" [2005-12-30 40960]
"CTCheck"="c:\programas\Creative\ZEN Media Explorer\CTCheck.exe" [2007-11-06 397312]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-07 1601304]
"GrooveMonitor"="c:\programas\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"HP Software Update"="c:\programas\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
"SunJavaUpdateSched"="c:\programas\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"TkBellExe"="c:\programas\Ficheiros comuns\Real\Update_OB\realsched.exe" [2008-10-10 185872]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2006-03-16 88204]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-02-27 16005120]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Iniciar\Programas\Arranque\
Adobe Reader Speed Launch.lnk - c:\programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-3-27 45056]
HP Digital Imaging Monitor.lnk - c:\programas\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
Inicializa‡Æo r pida do HP Image Zone.lnk - c:\programas\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-28 53248]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programas\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 ----a-w c:\programas\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-07 14:00 10520 ----a-w c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Ad-Watch"=c:\programas\Lavasoft\Ad-Aware\AAWTray.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
"c:\\Programas\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programas\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Real\\RealPlayer\\RealPlay.exe"=
"c:\\Programas\\AVG\\AVG8\\avgupd.exe"=
"c:\\Programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programas\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R3 SASENUM;SASENUM;c:\programas\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-04-26 64160]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-02-07 325128]
S1 SASDIFSV;SASDIFSV;c:\programas\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-23 9968]
S1 SASKUTIL;SASKUTIL;c:\programas\SUPERAntiSpyware\SASKUTIL.sys [2009-03-23 72944]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-07 298264]
S2 EpmPsd;Acer EPM Power Scheme Driver;c:\windows\system32\drivers\epm-psd.sys [2005-04-22 4096]
S2 EpmShd;Acer EPM System Hardware Driver;c:\windows\system32\drivers\epm-shd.sys [2005-04-22 78208]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programas\Lavasoft\Ad-Aware\AAWService.exe [2009-04-26 953168]
S3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\Drivers\lv321av.sys [2005-11-30 1088896]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2319c0be-cb86-11dc-9dd4-00163648ebec}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b115a3e-89ba-11db-9d6a-00163648ebec}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(0)\command - Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b0547474-d0d7-11db-9d74-0013022ab5d6}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(0)\command - Recycled\ctfmon.exe
.
Conteúdo da pasta 'Tarefas Agendadas'

2009-04-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\programas\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 03:28]
.
- - - - ORFÃOS REMOVIDOS - - - -

Notify-WgaLogon - (no file)


.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.google.pt/
uInternet Settings,ProxyServer = 194.36.10.156:3128
IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\programas\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-01 16:45
Windows 5.1.2600 Service Pack 3 FAT NTAPI

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(516)
c:\programas\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3580)
c:\progra~1\WINDOW~2\wmpband.dll
c:\acer\Empowering Technology\ePower\SysHook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Outros Processos em Execução ------------------------
.
c:\programas\INTEL\WIRELESS\BIN\EVTENG.EXE
c:\programas\INTEL\WIRELESS\BIN\S24EVMON.EXE
c:\acer\EMPOWERING TECHNOLOGY\EPERFORMANCE\MEMCHECK.EXE
c:\programas\AVG\AVG8\AVGWDSVC.EXE
c:\program files\ACER\ACER ARCADE\KERNEL\TV\CLCAPSVC.EXE
c:\windows\SYSTEM32\CTSVCCDA.EXE
c:\program files\ACER\ACER ARCADE\KERNEL\CLML_NTSERVICE\CLMLSERVER.EXE
c:\program files\ACER\ACER ARCADE\KERNEL\CLML_NTSERVICE\CLMLSERVICE.EXE
c:\programas\JAVA\JRE6\BIN\JQS.EXE
c:\programas\FICHEIROS COMUNS\LIGHTSCRIBE\LSSRVC.EXE
c:\programas\INTEL\WIRELESS\BIN\REGSRVC.EXE
c:\programas\CYBERLINK\SHARED FILES\RICHVIDEO.EXE
c:\program files\ACER\ACER ARCADE\KERNEL\TV\CLSCHED.EXE
c:\programas\AVG\AVG8\AVGRSX.EXE
c:\windows\SYSTEM32\WBEM\UNSECAPP.EXE
c:\windows\SYSTEM32\WBEM\WMIAPSRV.EXE
c:\programas\LAUNCH MANAGER\QTZGACER.EXE
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\programas\HP\Digital Imaging\bin\hpqgalry.exe
c:\windows\SYSTEM32\WBEM\UNSECAPP.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Tempo para conclusão: 2009-05-01 16:49 - Máquina reiniciou
ComboFix-quarantined-files.txt 2009-05-01 15:49

Pré-execução: 23.094.689.792 bytes livres
Pós execução: 23.595.089.920 bytes livres

WindowsXP-KB310994-SP2-Home-BootDisk-PTG.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

258 --- E O F --- 2009-04-29 02:03

#12 skizzo

skizzo
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Local time:07:09 AM

Posted 01 May 2009 - 10:52 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:52:11, on 01-05-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programas\Intel\Wireless\Bin\EvtEng.exe
C:\Programas\Intel\Wireless\Bin\S24EvMon.exe
C:\Programas\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Programas\Java\jre6\bin\jqs.exe
C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe
C:\Programas\Intel\Wireless\Bin\RegSrvc.exe
C:\Programas\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programas\Realtek\InstallShield\AzMixerSel.exe
C:\Programas\Synaptics\SynTP\SynTPLpr.exe
C:\Programas\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programas\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\igfxext.exe
C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programas\HP\HP Software Update\HPWuSchd2.exe
C:\Programas\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe
C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programas\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Programas\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\André Caetano\Ambiente de trabalho\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 194.36.10.156:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programas\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programas\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programas\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programas\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programas\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Programas\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programas\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programas\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [ntiMUI] C:\Programas\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Programas\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Programas\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [ImageItEncrypt] C:\WINDOWS\system32\ImageItEncrypt.exe
O4 - HKLM\..\Run: [CTCheck] C:\Programas\Creative\ZEN Media Explorer\CTCheck.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Programas\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [swg] C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Inicialização rápida do HP Image Zone.lnk = C:\Programas\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_ind.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1217610202868
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programas\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programas\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Programas\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programas\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programas\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programas\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programas\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\programas\ficheiros comuns\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programas\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programas\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programas\WinPcap\rpcapd.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programas\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 13010 bytes

#13 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:02:09 PM

Posted 01 May 2009 - 11:01 AM

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated)

You have two antivirus.. Uninstall one of them..



1. Please open Notepad
  • If you don't know how, just go to Start >> Run >> copy/paste notepad.exe >> Enter
2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

File::
c:\programas\Ficheiros comuns\memo._dl
c:\programas\Ficheiros comuns\jitaqy.inf
c:\programas\Ficheiros comuns\moquciheci.db

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b115a3e-89ba-11db-9d6a-00163648ebec}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b0547474-d0d7-11db-9d74-0013022ab5d6}]

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#14 skizzo

skizzo
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Local time:07:09 AM

Posted 01 May 2009 - 07:11 PM

as I said before, I cant find Avira AntiVirus on my computer. How can I delete it?

#15 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:02:09 PM

Posted 02 May 2009 - 05:45 AM

Proceed with CFScript step :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users