Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Netcmd.exe


  • Please log in to reply
17 replies to this topic

#1 vitpapagul

vitpapagul

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 26 April 2007 - 01:18 AM

hi to all i delet netcmd.exe and back again and again...
any help...tanks

Logfile of HijackThis v1.99.1
Scan saved at 7:14:46, on 26-04-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\SYSTEM32\NETCMD.EXE
D:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
D:\Programas\LClock\LClock.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Programas\TuneUp Utilities 2007\MemOptimizer.exe
D:\Programas\Spyware Doctor\sdhelp.exe
D:\Programas\Analog Devices\SoundMAX\SMAgent.exe
D:\WINDOWS\system32\wdfmgr.exe
D:\WINDOWS\System32\alg.exe
D:\Programas\Internet Explorer\iexplore.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\taskmgr.exe
D:\WINDOWS\explorer.exe
D:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
D:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
F:\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://xoomer.alice.it/principe-hechicero/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://xoomer.alice.it/principe-hechicero/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Programas\Internet Download Manager\IDMIECC.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Programas\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - D:\Programas\FreshDevices\FreshDownload\fdcatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programas\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\PROGRA~1\Spyware Doctor\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programas\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\PROGRA~1\Spyware Doctor\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Programas\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - D:\Programas\FreshDevices\FreshDownload\fdiebar.dll
O4 - HKLM\..\Run: [LClock] D:\Programas\LClock\LClock.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "D:\Programas\TuneUp Utilities 2007\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [Spyware Doctor] "D:\Programas\Spyware Doctor\swdoctor.exe" /Q
O8 - Extra context menu item: Add to Anti-Banner - D:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Download All Links with IDM - D:\Programas\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - D:\Programas\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programas\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programas\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~1\Spyware Doctor\tools\iesdpb.dll
O9 - Extra button: FreshDownload - {D5E1F238-64FC-47BE-AFB5-2CF02016F14F} - D:\Programas\FreshDevices\FreshDownload\fd.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - D:\Programas\Ficheiros comuns\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: D:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll
O20 - Winlogon Notify: klogon - D:\WINDOWS\system32\klogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - D:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - D:\Programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - D:\Programas\Spyware Doctor\sdhelp.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Programas\Analog Devices\SoundMAX\SMAgent.exe

Edited by vitpapagul, 26 April 2007 - 01:22 AM.


BC AdBot (Login to Remove)

 


m

#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:03:23 AM

Posted 26 April 2007 - 06:05 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum vitpapagul :thumbsup:

Go here:http://virusscan.jotti.org/
Using the 'Browse' button,browse to:
D:\WINDOWS\SYSTEM32\NETCMD.EXE
Then press the 'Submit' button.
Wait while the file is scanned.
Post the results into your next reply.

If Jotti's too busy,try here:
Go here:http://www.virustotal.com/en/virustotalf.html
Using the 'Browse' button,browse to:
D:\WINDOWS\SYSTEM32\NETCMD.EXE
Then click on 'Send'.
Post the results into your next reply.

Also post a new Hijackthis log please.
Posted Image
Posted Image

#3 vitpapagul

vitpapagul
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 26 April 2007 - 06:36 AM

Service load: 0% 100%

File: netcmd.exe
Status: INFECTED/MALWARE
MD5 d6d1dc9f4d27a62baa3c2a8938f20595
Packers detected: FSG

Scanner results
Scan taken on 26 Apr 2007 11:29:34 (GMT)
A-Squared Found nothing
AntiVir Found PCK/FSG
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found a variant of Win32/Spy.VB.QJ
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
VirusBuster Found Packed/FSG
VBA32 Found nothing


Logfile of HijackThis v1.99.1
Scan saved at 12:33:18, on 26-04-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.exe
D:\WINDOWS\system32\netcmd.exe
D:\Programas\LClock\LClock.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Programas\TuneUp Utilities 2007\MemOptimizer.exe
D:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
D:\Programas\Spyware Doctor\sdhelp.exe
D:\Programas\Analog Devices\SoundMAX\SMAgent.exe
D:\WINDOWS\system32\wdfmgr.exe
D:\WINDOWS\System32\alg.exe
D:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
D:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
D:\WINDOWS\system32\svchost.exe
D:\Programas\Internet Explorer\iexplore.exe
F:\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://xoomer.alice.it/principe-hechicero/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://xoomer.alice.it/principe-hechicero/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Programas\Internet Download Manager\IDMIECC.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Programas\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - D:\Programas\FreshDevices\FreshDownload\fdcatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programas\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\PROGRA~1\Spyware Doctor\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programas\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\PROGRA~1\Spyware Doctor\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Programas\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - D:\Programas\FreshDevices\FreshDownload\fdiebar.dll
O4 - HKLM\..\Run: [LClock] D:\Programas\LClock\LClock.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "D:\Programas\TuneUp Utilities 2007\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [Spyware Doctor] "D:\Programas\Spyware Doctor\swdoctor.exe" /Q
O8 - Extra context menu item: Add to Anti-Banner - D:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Download All Links with IDM - D:\Programas\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - D:\Programas\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programas\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programas\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~1\Spyware Doctor\tools\iesdpb.dll
O9 - Extra button: FreshDownload - {D5E1F238-64FC-47BE-AFB5-2CF02016F14F} - D:\Programas\FreshDevices\FreshDownload\fd.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - D:\Programas\Ficheiros comuns\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: D:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll
O20 - Winlogon Notify: klogon - D:\WINDOWS\system32\klogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - D:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - D:\Programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - D:\Programas\Spyware Doctor\sdhelp.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Programas\Analog Devices\SoundMAX\SMAgent.exe

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:03:23 AM

Posted 26 April 2007 - 07:01 AM

Please download Combofix and save to the desktop:
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window whilst it's running.
That may cause the program to freeze/hang.

Posted Image
Posted Image

#5 vitpapagul

vitpapagul
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 26 April 2007 - 07:32 AM

"____vitor____" - 07-04-26 13:19:31 Service Pack 2
ComboFix 07-04-25.4V - Running from: "D:\Documents and Settings\____vitor____\Ambiente de trabalho\"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


D:\WINDOWS\system32\packet.dll
D:\WINDOWS\system32\pthreadVC.dll
D:\WINDOWS\system32\wanpacket.dll
D:\WINDOWS\system32\wpcap.dll
D:\WINDOWS\system32\server.exe
D:\WINDOWS\hosts
D:\WINDOWS\system32\drivers\npf.sys


((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\nm
-------\NPF
-------\LEGACY_NM
-------\LEGACY_NPF


((((((((((((((((((((((((((((((( Files Created from 2007-03-26 to 2007-04-26 ))))))))))))))))))))))))))))))))))


2007-04-25 23:22 <DIR> d-a------ D:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-04-25 23:22 <DIR> d-------- D:\DOCUME~1\ADMINI~1\APPLIC~1\PC Tools
2007-04-25 23:12 51,072 --a------ D:\WINDOWS\system32\drivers\ikhlayer.sys
2007-04-25 23:12 30,592 --a------ D:\WINDOWS\system32\drivers\ikhfile.sys
2007-04-25 23:12 <DIR> d-------- D:\Programas\Spyware Doctor
2007-04-25 23:12 <DIR> d-------- D:\DOCUME~1\____VI~1\APPLIC~1\PC Tools
2007-04-25 23:04 <DIR> d-------- D:\DOCUME~1\ADMINI~1\APPLIC~1\WinRAR
2007-04-25 22:24 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-04-25 21:40 <DIR> d--hs---- D:\WINDOWS\CSC
2007-04-25 19:57 <DIR> d-------- D:\WINDOWS\uninstall
2007-04-25 17:01 5,206,016 --a------ D:\DOCUME~1\____VI~1\BHKCU.dat
2007-04-25 17:01 14,786,560 --a------ D:\DOCUME~1\____VI~1\BHKCR.dat
2007-04-25 17:01 0 --a------ D:\DOCUME~1\____VI~1\BHKU.dat
2007-04-25 17:01 0 --a------ D:\DOCUME~1\____VI~1\BHKLM.dat
2007-04-25 16:45 <DIR> d-------- D:\WINDOWS\system32\NtmsData
2007-04-25 15:19 <DIR> d-------- D:\Programas\PC Accelerator 2007
2007-04-25 15:18 32,768 --a------ D:\WINDOWS\system32\Speed.dll
2007-04-25 15:18 10,752 --------- D:\WINDOWS\system32\aamd532.dll
2007-04-25 15:18 <DIR> d-------- D:\Programas\PC Accelerator Professional
2007-04-24 01:00 <DIR> d-------- D:\Programas\Cain
2007-04-23 21:33 <DIR> d-------- D:\WINDOWS\system32\Logfiles
2007-04-23 20:18 <DIR> d-------- D:\Programas\Proxy Switcher Standard
2007-04-23 20:18 <DIR> d-------- D:\DOCUME~1\____VI~1\APPLIC~1\WNR
2007-04-23 16:33 <DIR> d-------- D:\Programas\RegCure
2007-04-23 15:42 <DIR> d-------- D:\Programas\FreshDevices
2007-04-23 02:23 <DIR> d-------- D:\DOCUME~1\____VI~1\APPLIC~1\WinRAR
2007-04-22 22:49 <DIR> d-------- D:\Programas\RegVac Registry Cleaner
2007-04-22 20:22 <DIR> d-------- D:\Programas\ElcomSoft
2007-04-22 18:21 <DIR> d--h----- D:\WINDOWS\system32\GroupPolicy
2007-04-22 11:47 <DIR> d-------- D:\Programas\XoftSpy
2007-04-21 00:00 <DIR> d-------- D:\Programas\YM Status Rotator
2007-04-20 19:58 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
2007-04-20 18:25 <DIR> d-------- D:\DOCUME~1\____VI~1\Defini‹¨«s locais
2007-04-20 18:24 <DIR> d-------- D:\DOCUME~1\____VI~1\APPLIC~1\Camfrog
2007-04-20 13:13 <DIR> d-------- D:\Programas\FDF
2007-04-20 13:00 <DIR> d-------- D:\WINDOWS\pss
2007-04-19 16:03 <DIR> d-------- D:\Programas\Internet Download Manager
2007-04-19 16:03 <DIR> d-------- D:\DOCUME~1\____VI~1\APPLIC~1\IDM
2007-04-19 16:03 <DIR> d-------- D:\DOCUME~1\____VI~1\APPLIC~1\DMCache
2007-04-19 03:19 <DIR> d-------- D:\Programas\DiskTrix
2007-04-18 10:55 1,247,744 --a------ D:\WINDOWS\system32\opasqic.dll
2007-04-18 10:55 <DIR> d-------- D:\Programas\WinPcap
2007-04-18 10:55 <DIR> d-------- D:\Programas\Advanced Spy
2007-04-17 21:19 80,666 --a------ D:\WINDOWS\system32\drivers\klin.dat
2007-04-17 21:19 80,666 --a------ D:\WINDOWS\system32\drivers\klick.dat
2007-04-17 21:19 <DIR> d-------- D:\Programas\Kaspersky Lab
2007-04-17 21:19 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-04-16 20:50 <DIR> d-------- D:\DOCUME~1\____VI~1\APPLIC~1\Uniblue
2007-04-16 19:19 <DIR> d-------- D:\Programas\Y!mLite
2007-04-16 00:10 <DIR> d-------- D:\WINDOWS\system32\appmgmt
2007-04-14 15:43 <DIR> d-------- D:\DOCUME~1\ADMINI~1\APPLIC~1\TuneUp Software
2007-04-14 12:04 786,432 --ah----- D:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-04-14 12:04 <DIR> dr------- D:\DOCUME~1\ADMINI~1\Menu Iniciar
2007-04-14 12:04 <DIR> d--h----- D:\DOCUME~1\ADMINI~1\Modelos
2007-04-14 12:04 <DIR> d--h----- D:\DOCUME~1\ADMINI~1\Defini‡äes locais
2007-04-14 12:04 <DIR> d-------- D:\DOCUME~1\ADMINI~1\Os meus documentos
2007-04-14 12:04 <DIR> d-------- D:\DOCUME~1\ADMINI~1\Favoritos
2007-04-14 12:04 <DIR> d-------- D:\DOCUME~1\ADMINI~1\Ambiente de trabalho
2007-04-10 20:12 <DIR> d-------- D:\DOCUME~1\____VI~1\APPLIC~1\Google
2007-04-10 15:58 <DIR> d-------- D:\Programas\Y- Chat
2007-04-09 22:07 85,376 --a------ D:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-04-09 22:07 5,504 --a------ D:\WINDOWS\system32\drivers\MSTEE.sys
2007-04-09 22:07 19,328 --a------ D:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-04-09 22:07 15,360 --a------ D:\WINDOWS\system32\drivers\StreamIP.sys
2007-04-09 22:07 11,136 --a------ D:\WINDOWS\system32\drivers\SLIP.sys
2007-04-09 22:07 10,880 --a------ D:\WINDOWS\system32\drivers\NdisIP.sys
2007-04-09 22:06 54,784 --a------ D:\WINDOWS\system32\vfwwdm32.dll
2007-04-09 22:06 17,024 --a------ D:\WINDOWS\system32\drivers\CCDECODE.sys
2007-04-08 10:10 49,424 --a------ D:\WINDOWS\system32\clspack.exe
2007-04-08 10:10 172,304 --a------ D:\WINDOWS\system32\jview.exe
2007-04-08 10:10 171,792 --a------ D:\WINDOWS\system32\wjview.exe
2007-04-07 19:08 <DIR> d-------- D:\Programas\Microsoft SQL Server
2007-04-07 18:53 <DIR> d-------- D:\Programas\Microsoft.NET
2007-04-07 18:53 <DIR> d-------- D:\Programas\Microsoft Visual Studio 8
2007-04-07 18:53 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
2007-04-07 18:07 947,472 --a------ D:\WINDOWS\system32\msjava.dll
2007-04-07 18:07 63,248 --a------ D:\WINDOWS\system32\javaprxy.dll
2007-04-07 18:07 6,550 --a------ D:\WINDOWS\jautoexp.dat
2007-04-07 18:07 46,352 --a------ D:\WINDOWS\setdebug.exe
2007-04-07 18:07 44,544 --a------ D:\WINDOWS\clspack.exe
2007-04-07 18:07 404,752 --a------ D:\WINDOWS\system32\javart.dll
2007-04-07 18:07 313,856 --a------ D:\WINDOWS\system32\dx3j.dll
2007-04-07 18:07 286,992 --a------ D:\WINDOWS\system32\vmhelper.dll
2007-04-07 18:07 21,264 --a------ D:\WINDOWS\system32\msjdbc10.dll
2007-04-07 18:07 187,152 --a------ D:\WINDOWS\system32\javacypt.dll
2007-04-07 18:07 171,280 --a------ D:\WINDOWS\system32\jit.dll
2007-04-07 18:07 154,384 --a------ D:\WINDOWS\system32\msawt.dll
2007-04-07 18:07 15,120 --a------ D:\WINDOWS\system32\jdbgmgr.exe
2007-04-07 18:07 139,536 --a------ D:\WINDOWS\system32\javaee.dll
2007-04-07 18:07 113 --a------ D:\WINDOWS\system32\zonedon.reg
2007-04-07 18:07 113 --a------ D:\WINDOWS\system32\zonedoff.reg
2007-04-07 18:07 103,424 --a------ D:\WINDOWS\extrac32.exe
2007-04-07 15:55 <DIR> d-------- D:\DOCUME~1\____VI~1\APPLIC~1\Help
2007-04-07 00:15 <DIR> d-------- D:\Programas\YTK Pro
2007-04-06 12:28 4,608 --a------ D:\WINDOWS\system32\pthxorcp.dll
2007-04-06 04:54 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
2007-04-05 22:12 <DIR> d-------- D:\WINDOWS\VB2_Skins
2007-04-05 09:26 8,704 --a------ D:\WINDOWS\system32\kbdjpn.dll
2007-04-05 09:26 8,192 --a------ D:\WINDOWS\system32\kbdkor.dll
2007-04-05 09:26 6,144 --a------ D:\WINDOWS\system32\kbd106.dll
2007-04-05 09:26 6,144 --a------ D:\WINDOWS\system32\kbd101c.dll
2007-04-05 09:26 6,144 --a------ D:\WINDOWS\system32\kbd101b.dll
2007-04-05 09:26 5,632 --a------ D:\WINDOWS\system32\kbd103.dll
2007-04-04 21:30 499,712 --a------ D:\WINDOWS\system32\msvcp71.dll
2007-04-04 21:30 348,160 --a------ D:\WINDOWS\system32\msvcr71.dll
2007-04-04 21:30 1,060,864 ----s---- D:\WINDOWS\system32\MFC71.dll
2007-04-04 21:29 <DIR> d-------- D:\Programas\Digital Asphyxia
2007-04-04 21:29 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Tarma Installer
2007-04-04 15:23 <DIR> d-------- D:\WINDOWS\vbSkinner
2007-04-03 14:14 <DIR> d-------- D:\DOCUME~1\____VI~1\APPLIC~1\FastStone
2007-04-01 22:00 36,528 --------- D:\WINDOWS\system32\drivers\PxHelp20.sys
2007-04-01 22:00 2,560 --------- D:\WINDOWS\system32\drivers\cdralw2k.sys
2007-04-01 22:00 2,432 --------- D:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-04-01 22:00 129,784 --------- D:\WINDOWS\system32\pxafs.dll
2007-04-01 22:00 115,880 --------- D:\WINDOWS\system32\pxinsi64.exe
2007-04-01 21:59 <DIR> d-------- D:\WINDOWS\RegisteredPackages
2007-04-01 21:58 <DIR> d-------- D:\Programas\Winamp
2007-04-01 21:50 <DIR> d-------- D:\Programas\YahELite
2007-04-01 21:39 6,400 --a------ D:\WINDOWS\system32\drivers\splitter.sys
2007-04-01 21:39 46,976 --a------ D:\WINDOWS\system32\drivers\R8139n51.sys
2007-04-01 21:38 991,232 --a------ D:\WINDOWS\system32\virtear.dll
2007-04-01 21:38 978,944 --a------ D:\WINDOWS\SynthCoreA.Dll
2007-04-01 21:38 82,944 --a------ D:\WINDOWS\system32\drivers\wdmaud.sys
2007-04-01 21:38 765,952 --a------ D:\WINDOWS\system\crlds3d.dll
2007-04-01 21:38 720,896 --a------ D:\WINDOWS\system32\Audio3d.dll
2007-04-01 21:38 720,896 --a------ D:\WINDOWS\system32\a3d.dll
2007-04-01 21:38 7,552 --a------ D:\WINDOWS\system32\drivers\MSKSSRV.sys
2007-04-01 21:38 60,800 --a------ D:\WINDOWS\system32\drivers\sysaudio.sys
2007-04-01 21:38 60,288 --a------ D:\WINDOWS\system32\drivers\drmk.sys
2007-04-01 21:38 578,304 --a------ D:\WINDOWS\system32\drivers\smwdm.sys
2007-04-01 21:38 54,272 --a------ D:\WINDOWS\system32\drivers\swmidi.sys
2007-04-01 21:38 52,864 --a------ D:\WINDOWS\system32\drivers\DMusic.sys
2007-04-01 21:38 5,376 --a------ D:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-04-01 21:38 49,152 --a------ D:\WINDOWS\system32\S11thk32.dll
2007-04-01 21:38 49,152 --a------ D:\WINDOWS\system32\DSndUp.exe
2007-04-01 21:38 45,056 --a------ D:\WINDOWS\system32\SynthCore11Resources.dll
2007-04-01 21:38 45,056 --a------ D:\WINDOWS\system32\CleanUp.exe
2007-04-01 21:38 44 --a------ D:\WINDOWS\system32\msssc.dll
2007-04-01 21:38 40,820 --a------ D:\WINDOWS\system32\Syncor11.dll
2007-04-01 21:38 4,992 --a------ D:\WINDOWS\system32\drivers\MSPQM.sys
2007-04-01 21:38 4,816 --a------ D:\WINDOWS\system32\drivers\aeaudio.sys
2007-04-01 21:38 4,096 --a------ D:\WINDOWS\system32\ksuser.dll
2007-04-01 21:38 30,208 --a------ D:\WINDOWS\system32\wdmioctl.dll
2007-04-01 21:38 3,744 --a------ D:\WINDOWS\system32\drivers\smsens.sys
2007-04-01 21:38 2,944 --a------ D:\WINDOWS\system32\drivers\drmkaud.sys
2007-04-01 21:38 172,416 --a------ D:\WINDOWS\system32\drivers\kmixer.sys
2007-04-01 21:38 145,792 --a------ D:\WINDOWS\system32\drivers\portcls.sys
2007-04-01 21:38 142,464 --a------ D:\WINDOWS\system32\drivers\aec.sys
2007-04-01 21:38 1,285,632 --a------ D:\WINDOWS\system32\SMMedia.dll
2007-04-01 21:38 <DIR> d-------- D:\WINDOWS\VirtualEar
2007-04-01 21:38 <DIR> d-------- D:\Programas\Analog Devices
2007-04-01 21:37 <DIR> d-------- D:\WINDOWS\system32\ReinstallBackups
2007-04-01 21:37 <DIR> d-------- D:\Programas\Intel
2007-04-01 21:36 5,824 --a------ D:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2007-04-01 21:35 61,440 --a------ D:\WINDOWS\system32\dcccp106.dll
2007-04-01 21:35 45,056 --a------ D:\WINDOWS\system32\vcccp106.dll
2007-04-01 21:35 45,056 --a------ D:\WINDOWS\Pcamr800.exe
2007-04-01 21:35 36,864 --a------ D:\WINDOWS\JPGL.DLL
2007-04-01 21:35 36,864 --a------ D:\WINDOWS\CleanDev.exe
2007-04-01 21:35 32,768 --a------ D:\WINDOWS\DIV_IYUV.DLL
2007-04-01 21:35 227,200 --a------ D:\WINDOWS\system32\drivers\cccp106.sys
2007-04-01 21:35 2,093,106 --a------ D:\WINDOWS\select.exe
2007-04-01 21:35 192,512 --a------ D:\WINDOWS\select2.exe
2007-04-01 21:35 127,038 --a------ D:\WINDOWS\Clement.exe
2007-04-01 21:35 <DIR> d--h----- D:\Programas\InstallShield Installation Information
2007-04-01 21:35 <DIR> d-------- D:\WINDOWS\Options
2007-04-01 21:35 <DIR> d-------- D:\Programas\ODM
2007-04-01 21:35 <DIR> d-------- D:\Programas\Ficheiros comuns\InstallShield
2007-04-01 21:35 <DIR> d-------- D:\Programas\directx
2007-04-01 21:26 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Digital Asphyxia
2007-04-01 21:26 <DIR> d-------- D:\DOCUME~1\____VI~1\APPLIC~1\Digital Asphyxia
2007-04-01 21:21 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2007-04-01 21:20 <DIR> d-------- D:\DOCUME~1\____VI~1\APPLIC~1\uTorrent
2007-04-01 21:12 <DIR> d--hs---- D:\RECYCLER
2007-04-01 21:05 24,072 --a------ D:\WINDOWS\system32\uxtuneup.dll
2007-04-01 21:05 <DIR> d-------- D:\Programas\TuneUp Utilities 2007
2007-04-01 21:05 <DIR> d-------- D:\Programas\Ficheiros comuns\Wise Installation Wizard
2007-04-01 21:05 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\APPLIC~1\TuneUp Software
2007-04-01 21:05 <DIR> d-------- D:\DOCUME~1\____VI~1\APPLIC~1\TuneUp Software
2007-04-01 21:02 5,888 --------- D:\WINDOWS\system32\drivers\imagedrv.sys
2007-04-01 21:02 476,320 --------- D:\WINDOWS\system32\ImagXpr7.dll
2007-04-01 21:02 471,040 --------- D:\WINDOWS\system32\ImagXRA7.dll
2007-04-01 21:02 364,544 --------- D:\WINDOWS\system32\TwnLib4.dll
2007-04-01 21:02 262,144 --------- D:\WINDOWS\system32\ImagXR7.dll
2007-04-01 21:02 155,648 --a------ D:\WINDOWS\system32\NeroCheck.exe
2007-04-01 21:02 127,488 --------- D:\WINDOWS\system32\drivers\imagesrv.sys
2007-04-01 21:02 106,496 --a------ D:\WINDOWS\system32\TwnLib20.dll
2007-04-01 21:02 1,568,768 --------- D:\WINDOWS\system32\ImagX7.dll
2007-04-01 21:02 <DIR> d-------- D:\Programas\Ficheiros comuns\Ahead
2007-04-01 21:02 <DIR> d-------- D:\Programas\Ahead
2007-04-01 20:56 <DIR> d-------- D:\DOCUME~1\____VI~1\APPLIC~1\Yahoo! Messenger
2007-04-01 20:54 <DIR> d-------- D:\Programas\ZakFromAnotherPlanet
2007-04-01 20:52 <DIR> d-------- D:\Programas\soft cam
2007-04-01 20:51 <DIR> d-------- D:\Programas\RegSupreme
2007-04-01 20:48 <DIR> d-------- D:\Programas\Ficheiros comuns\Agnitum Shared
2007-04-01 20:45 <DIR> d-------- D:\Programas\LimeWire
2007-04-01 20:42 <DIR> d-------- D:\DOCUME~1\____VI~1\.limewire
2007-04-01 20:40 <DIR> d-------- D:\Programas\Messenger Plus! Live
2007-04-01 20:39 <DIR> d-------- D:\DOCUME~1\____VI~1\Contacts
2007-04-01 20:38 <DIR> d----c--- D:\WINDOWS\system32\DRVSTORE
2007-04-01 20:38 <DIR> d-------- D:\Programas\MSN Messenger
2007-04-01 20:37 <DIR> d-------- D:\Programas\FastStone Capture
2007-04-01 20:33 119,568 --a------ D:\WINDOWS\system32\VB6FR.DLL
2007-04-01 20:33 118,784 --a------ D:\WINDOWS\system32\msstdfmt.dll
2007-04-01 20:18 720,412 --a------ D:\WINDOWS\system32\MGB_ScreenSaver.scr
2007-04-01 20:18 5,214,208 --a------ D:\WINDOWS\system32\vistaui.exe
2007-04-01 20:18 382,976 --a------ D:\WINDOWS\system32\Vista.scr
2007-04-01 20:17 413,518 --a------ D:\WINDOWS\system32\vimc.exe
2007-04-01 20:17 <DIR> d-------- D:\Programas\LClock
2007-04-01 20:14 <DIR> d-------- D:\WINDOWS\system32\VITrans
2007-04-01 20:13 81,920 --a------ D:\WINDOWS\system32\closeapp.exe
2007-04-01 20:13 8,636 --a------ D:\WINDOWS\system32\modifype.exe
2007-04-01 20:13 19,968 --a------ D:\WINDOWS\system32\reico.exe
2007-04-01 20:13 111,104 --a------ D:\WINDOWS\system32\Uharc.exe
2007-04-01 20:13 <DIR> d-------- D:\VTPFiles
2007-04-01 20:09 <DIR> d-------- D:\Programas\Yahoo!
2007-04-01 20:09 <DIR> d-------- D:\Programas\CCleaner
2007-04-01 17:00 58,496 --a------ D:\WINDOWS\system32\drivers\redbook.sys
2007-04-01 17:00 3,072 --a------ D:\WINDOWS\system32\drivers\audstub.sys
2007-04-01 16:59 870,784 --a------ D:\WINDOWS\system32\ati3d1ag.dll
2007-04-01 16:59 77,312 --a------ D:\WINDOWS\system32\usbui.dll
2007-04-01 16:59 701,440 --a------ D:\WINDOWS\system32\drivers\ati2mtag.sys
2007-04-01 16:59 516,768 --a------ D:\WINDOWS\system32\ativvaxx.dll
2007-04-01 16:59 5,632 --a------ D:\WINDOWS\system32\drivers\intelide.sys
2007-04-01 16:59 42,368 --a------ D:\WINDOWS\system32\drivers\AGP440.SYS
2007-04-01 16:59 229,376 --a------ D:\WINDOWS\system32\ati2cqag.dll
2007-04-01 16:59 201,728 --a------ D:\WINDOWS\system32\ati2dvag.dll
2007-04-01 16:59 20,992 --a------ D:\WINDOWS\system32\drivers\RTL8139.sys
2007-04-01 16:59 1,888,992 --a------ D:\WINDOWS\system32\ati3duag.dll
2007-04-01 16:57 <DIR> d--hs---- D:\WINDOWS\Installer
2007-04-01 16:56 9,936 --a------ D:\WINDOWS\system\LZEXPAND.DLL
2007-04-01 16:56 9,163 --a------ D:\WINDOWS\system\VER.DLL
2007-04-01 16:56 86,044 --a------ D:\WINDOWS\system32\dgsetup.dll
2007-04-01 16:56 82,944 --a------ D:\WINDOWS\system\OLECLI.DLL
2007-04-01 16:56 8,704 --a------ D:\WINDOWS\system32\batt.dll
2007-04-01 16:56 8,192 -ra------ D:\WINDOWS\system32\kbdhept.dll
2007-04-01 16:56 76,288 --a------ D:\WINDOWS\system32\storprop.dll
2007-04-01 16:56 70,656 --a------ D:\WINDOWS\NOTEPAD.EXE
2007-04-01 16:56 70,272 --a------ D:\WINDOWS\system\AVICAP.DLL
2007-04-01 16:56 70,192 --a------ D:\WINDOWS\system\MMSYSTEM.DLL
2007-04-01 16:56 7,168 -ra------ D:\WINDOWS\system32\kbdcz.dll
2007-04-01 16:56 6,656 -ra------ D:\WINDOWS\system32\kbdycl.dll
2007-04-01 16:56 6,656 -ra------ D:\WINDOWS\system32\kbdsl1.dll
2007-04-01 16:56 6,656 -ra------ D:\WINDOWS\system32\kbdsl.dll
2007-04-01 16:56 6,656 -ra------ D:\WINDOWS\system32\kbdpl.dll
2007-04-01 16:56 6,656 -ra------ D:\WINDOWS\system32\kbdhu.dll
2007-04-01 16:56 6,656 -ra------ D:\WINDOWS\system32\kbdhela3.dll
2007-04-01 16:56 6,656 -ra------ D:\WINDOWS\system32\kbdcz2.dll
2007-04-01 16:56 6,656 -ra------ D:\WINDOWS\system32\kbdcz1.dll
2007-04-01 16:56 6,656 -ra------ D:\WINDOWS\system32\kbdcr.dll
2007-04-01 16:56 6,656 -ra------ D:\WINDOWS\system32\KBDAL.DLL
2007-04-01 16:56 6,144 -ra------ D:\WINDOWS\system32\kbdtuq.dll
2007-04-01 16:56 6,144 -ra------ D:\WINDOWS\system32\kbdtuf.dll
2007-04-01 16:56 6,144 -ra------ D:\WINDOWS\system32\kbdlv1.dll
2007-04-01 16:56 6,144 -ra------ D:\WINDOWS\system32\kbdlv.dll
2007-04-01 16:56 6,144 -ra------ D:\WINDOWS\system32\kbdhela2.dll
2007-04-01 16:56 6,144 -ra------ D:\WINDOWS\system32\kbdgkl.dll
2007-04-01 16:56 6,144 -ra------ D:\WINDOWS\system32\kbdest.dll
2007-04-01 16:56 5,632 -ra------ D:\WINDOWS\system32\kbdro.dll
2007-04-01 16:56 5,632 -ra------ D:\WINDOWS\system32\kbdpl1.dll
2007-04-01 16:56 5,632 -ra------ D:\WINDOWS\system32\kbdmon.dll
2007-04-01 16:56 5,632 -ra------ D:\WINDOWS\system32\kbdlt1.dll
2007-04-01 16:56 5,632 -ra------ D:\WINDOWS\system32\kbdlt.dll
2007-04-01 16:56 5,632 -ra------ D:\WINDOWS\system32\kbdkyr.dll
2007-04-01 16:56 5,632 -ra------ D:\WINDOWS\system32\kbdhu1.dll
2007-04-01 16:56 5,632 -ra------ D:\WINDOWS\system32\kbdhe319.dll
2007-04-01 16:56 5,632 -ra------ D:\WINDOWS\system32\kbdhe220.dll
2007-04-01 16:56 5,632 -ra------ D:\WINDOWS\system32\kbdhe.dll
2007-04-01 16:56 5,632 -ra------ D:\WINDOWS\system32\kbdazel.dll
2007-04-01 16:56 5,120 --a------ D:\WINDOWS\system\SHELL.DLL
2007-04-01 16:56 33,888 --a------ D:\WINDOWS\system\COMMDLG.DLL
2007-04-01 16:56 24,661 --a------ D:\WINDOWS\system32\spxcoins.dll
2007-04-01 16:56 24,064 --a------ D:\WINDOWS\system\OLESVR.DLL
2007-04-01 16:56 19,200 --a------ D:\WINDOWS\system\TAPI.DLL
2007-04-01 16:56 176,157 --a------ D:\WINDOWS\system32\dgrpsetu.dll
2007-04-01 16:56 15,872 --a------ D:\WINDOWS\TASKMAN.EXE
2007-04-01 16:56 13,312 --a------ D:\WINDOWS\system32\irclass.dll
2007-04-01 16:56 127,168 --a------ D:\WINDOWS\system\MSVIDEO.DLL
2007-04-01 16:56 11,264 --a------ D:\WINDOWS\system32\drivers\irenum.sys
2007-04-01 16:56 109,536 --a------ D:\WINDOWS\system\AVIFILE.DLL
2007-04-01 16:56 103,424 --a------ D:\WINDOWS\system32\EqnClass.Dll
2007-04-01 16:56 <DIR> dr-h----- D:\DOCUME~1\DEFAUL~1\Defini‡äes locais
2007-04-01 16:56 <DIR> dr------- D:\Programas
2007-04-01 16:56 <DIR> dr------- D:\DOCUME~1\DEFAUL~1\Menu Iniciar
2007-04-01 16:56 <DIR> dr------- D:\DOCUME~1\ALLUSE~1\Menu Iniciar
2007-04-01 16:56 <DIR> dr------- D:\DOCUME~1\ALLUSE~1\Documentos
2007-04-01 16:56 <DIR> d--h----- D:\DOCUME~1\DEFAUL~1\Modelos
2007-04-01 16:56 <DIR> d--h----- D:\DOCUME~1\ALLUSE~1\Modelos
2007-04-01 16:56 <DIR> d-------- D:\Programas\Ficheiros comuns\SpeechEngines
2007-04-01 16:56 <DIR> d-------- D:\Programas\Ficheiros comuns\ODBC
2007-04-01 16:56 <DIR> d-------- D:\DOCUME~1\DEFAUL~1\Os meus documentos
2007-04-01 16:56 <DIR> d-------- D:\DOCUME~1\DEFAUL~1\Favoritos
2007-04-01 16:56 <DIR> d-------- D:\DOCUME~1\DEFAUL~1\Ambiente de trabalho
2007-04-01 16:56 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\Favoritos
2007-04-01 16:56 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\Ambiente de trabalho
2007-04-01 16:55 <DIR> d--hs---- D:\System Volume Information
2007-04-01 16:55 <DIR> d-------- D:\WINDOWS\system32\CatRoot2
2007-04-01 16:55 <DIR> d-------- D:\WINDOWS\system32\CatRoot
2007-04-01 16:55 <DIR> d-------- D:\Documents and Settings
2007-04-01 16:52 <DIR> d-------- D:\WINDOWS\system32\pt-pt
2007-04-01 16:50 <DIR> d-------- D:\WINDOWS\network diagnostic
2007-04-01 16:48 <DIR> dr-hsc--- D:\WINDOWS\system32\dllcache
2007-04-01 16:48 <DIR> dr--s---- D:\WINDOWS\Fonts
2007-04-01 16:48 <DIR> dr------- D:\WINDOWS\Web
2007-04-01 16:48 <DIR> d--h----- D:\WINDOWS\inf
2007-04-01 16:48 <DIR> d-------- D:\WINDOWS\WinSxS
2007-04-01 16:48 <DIR> d-------- D:\WINDOWS\twain_32
2007-04-01 16:48 <DIR> d-------- D:\WINDOWS\system32\wins
2007-04-01 16:48 <DIR> d-------- D:\WINDOWS\system32\wbem
2007-04-01 16:48 <DIR> d-------- D:\WINDOWS\system32\usmt
2007-04-01 16:48 <DIR> d-------- D:\WINDOWS\system32\spool
2007-04-01 16:48 <DIR> d-------- D:\WINDOWS\system32\ShellExt
2007-04-01 16:48 <DIR> d-------- D:\WINDOWS\system32\Setup
2007-04-01 16:48 <DIR> d-------- D:\WINDOWS\system32\ras
2007-04-01 16:48 <DIR> d-------- D:\WINDOWS\system32\oobe
2007-04-01 16:48 <DIR> d-------- D:\WINDOWS\system32\npp
2007-04-01 16:48 <DIR> d-------- D:\WINDOWS\system32\mui
2007-04-01 16:48 <DIR> d-------- D:\WINDOWS\system32\inetsrv
2007-04-01 16:48 <DIR> d-------- D:\WINDOWS\system32\IME
2007-04-01 16:48 <DIR> d-------- D:\WINDOWS\system32\icsxml
2007-04-01 16:48 <DIR> d-------- D:\WINDOWS\system32\ias
2007-04-01 16:48 <DIR> d-------- D:\WINDOWS\system32\export
2007-04-01 16:48 <DIR> d-------- D:\WINDOWS\system32\drivers\etc
2007-04-01 16:48 <DIR> d-------- D:\WINDOWS\system32\drivers\disdn
2007-04-01 16:48 <DIR> d-------- D:\WINDOWS\system32\drivers
2007-04-01 16:48 <DIR> d-------- D:\WINDOWS\system32\dhcp
2007-04-01 16:48 <DIR> d-------- D:\WINDOWS\system32\config
2007-04-01 16:48 <DIR> d-------- D:\WINDOWS\system32\3com_dmi
2007-04-01 16:48 <DIR> d-------- D:\WINDOWS\system32\3076
2007-04-01 16:48 <DIR> d-------- D:\WINDOWS\system32\2070
2007-04-01 16:48 <DIR> d-------- D:\WINDOWS\system32\2052
2007-04-01 16:48 <DIR> d-------- D:\WINDOWS\system32\1054
2007-04-01 16:48 <DIR> d-------- D:\WINDOWS\system32\1042
2007-04-01 16:48 <DIR> d-------- D:\WINDOWS\system32\1041
2007-04-01 16:48 <DIR> d-------- D:\WINDOWS\system32\1037
2007-04-01 16:48 <DIR> d-------- D:\WINDOWS\system32\1033
2007-04-01 16:48 <DIR> d-------- D:\WINDOWS\system32\1031
2007-04-01 16:48 <DIR> d-------- D:\WINDOWS\system32\1028
2007-04-01 16:48 <DIR> d-------- D:\WINDOWS\system32\1025
2007-04-01 16:48 <DIR> d-------- D:\WINDOWS\system32
2007-04-01 16:48 <DIR> d-------- D:\WINDOWS\system
2007-04-01 16:48 <DIR> d-------- D:\WINDOWS\security
2007-04-01 16:48 <DIR> d-------- D:\WINDOWS\Resources
2007-04-01 16:48 <DIR> d-------- D:\WINDOWS\repair
2007-04-01 16:48 <DIR> d-------- D:\WINDOWS\Provisioning
2007-04-01 16:48 <DIR> d-------- D:\WINDOWS\PeerNet
2007-04-01 16:48 <DIR> d-------- D:\WINDOWS\pchealth
2007-04-01 16:48 <DIR> d-------- D:\WINDOWS\mui
2007-04-01 16:48 <DIR> d-------- D:\WINDOWS\msapps
2007-04-01 16:48 <DIR> d-------- D:\WINDOWS\msagent
2007-04-01 16:48 <DIR> d-------- D:\WINDOWS\Media
2007-04-01 16:48 <DIR> d-------- D:\WINDOWS\ime
2007-04-01 16:48 <DIR> d-------- D:\WINDOWS\Help
2007-04-01 16:48 <DIR> d-------- D:\WINDOWS\ehome
2007-04-01 16:48 <DIR> d-------- D:\WINDOWS\Driver Cache
2007-04-01 16:48 <DIR> d-------- D:\WINDOWS\Debug
2007-04-01 16:48 <DIR> d-------- D:\WINDOWS\Cursors
2007-04-01 16:48 <DIR> d-------- D:\WINDOWS\Connection Wizard
2007-04-01 16:48 <DIR> d-------- D:\WINDOWS\Config
2007-04-01 16:48 <DIR> d-------- D:\WINDOWS\AppPatch
2007-04-01 16:48 <DIR> d-------- D:\WINDOWS\addins
2007-04-01 16:48 <DIR> d-------- D:\WINDOWS
2007-04-01 16:30 <DIR> d--hs---- D:\$RECYCLE.BIN
2007-04-01 16:27 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-04-01 16:24 22,752 --a------ D:\WINDOWS\system32\spupdsvc.exe
2007-04-01 16:24 <DIR> d--h----- D:\WINDOWS\$hf_mig$
2007-04-01 16:24 <DIR> d-------- D:\WINDOWS\system32\PreInstall
2007-04-01 16:21 <DIR> d--hs---- D:\DOCUME~1\____VI~1\UserData
2007-04-01 16:20 6,553,600 --ah----- D:\DOCUME~1\____VI~1\NTUSER.DAT
2007-04-01 16:20 <DIR> dr------- D:\DOCUME~1\____VI~1\Os meus documentos
2007-04-01 16:20 <DIR> dr------- D:\DOCUME~1\____VI~1\Menu Iniciar
2007-04-01 16:20 <DIR> dr------- D:\DOCUME~1\____VI~1\Favoritos
2007-04-01 16:20 <DIR> d--h----- D:\DOCUME~1\____VI~1\Modelos
2007-04-01 16:20 <DIR> d--h----- D:\DOCUME~1\____VI~1\Defini‡äes locais
2007-04-01 16:20 <DIR> d-------- D:\DOCUME~1\____VI~1\Ambiente de trabalho
2007-04-01 16:19 <DIR> d-------- D:\WINDOWS\system32\SoftwareDistribution
2007-04-01 16:19 <DIR> d-------- D:\WINDOWS\SoftwareDistribution
2007-04-01 16:18 229,376 --ah----- D:\DOCUME~1\NETWOR~1\NTUSER.DAT
2007-04-01 16:18 229,376 --ah----- D:\DOCUME~1\LOCALS~1\NTUSER.DAT
2007-04-01 16:18 <DIR> d--h----- D:\DOCUME~1\NETWOR~1\Defini‡äes locais
2007-04-01 16:18 <DIR> d--h----- D:\DOCUME~1\LOCALS~1\Defini‡äes locais
2007-04-01 16:18 <DIR> d-------- D:\WINDOWS\Prefetch
2007-04-01 16:13 229,376 ---h----- D:\DOCUME~1\DEFAUL~1\NTUSER.DAT
2007-04-01 16:13 112,128 --a------ D:\WINDOWS\system32\mapi32.dll
2007-04-01 16:13 <DIR> d-------- D:\WINDOWS\system32\xircom
2007-04-01 16:13 <DIR> d-------- D:\Programas\microsoft frontpage
2007-04-01 16:12 <DIR> dr------- D:\WINDOWS\Offline Web Pages
2007-04-01 16:12 <DIR> d--hs---- D:\DOCUME~1\ALLUSE~1\DRM
2007-04-01 16:12 <DIR> d---s---- D:\WINDOWS\Downloaded Program Files
2007-04-01 16:11 8,192 --a------ D:\WINDOWS\system32\bitsprx2.dll
2007-04-01 16:11 71,680 --a------ D:\WINDOWS\system32\acctres.dll
2007-04-01 16:11 7,168 --a------ D:\WINDOWS\system32\bitsprx3.dll
2007-04-01 16:11 6,656 --a------ D:\WINDOWS\system32\wuauserv.dll
2007-04-01 16:11 466,200 --a------ D:\WINDOWS\system32\wuapi.dll
2007-04-01 16:11 41,240 --a------ D:\WINDOWS\system32\wups.dll
2007-04-01 16:11 382,464 --a------ D:\WINDOWS\system32\qmgr.dll
2007-04-01 16:11 195,352 --a------ D:\WINDOWS\system32\wuaueng1.dll
2007-04-01 16:11 18,944 --a------ D:\WINDOWS\system32\qmgrprxy.dll
2007-04-01 16:11 175,896 --a------ D:\WINDOWS\system32\wuauclt1.exe
2007-04-01 16:11 173,536 --a------ D:\WINDOWS\system32\wuweb.dll
2007-04-01 16:11 16,384 --a------ D:\WINDOWS\system32\icfgnt5.dll
2007-04-01 16:11 128,280 --a------ D:\WINDOWS\system32\wucltui.dll
2007-04-01 16:11 125,208 --a------ D:\WINDOWS\system32\wuauclt.exe
2007-04-01 16:11 12,288 --a------ D:\WINDOWS\system32\nmevtmsg.dll
2007-04-01 16:11 11,264 --a------ D:\WINDOWS\system32\atrace.dll
2007-04-01 16:11 1,343,768 --a------ D:\WINDOWS\system32\wuaueng.dll
2007-04-01 16:11 <DIR> d--h----- D:\Programas\WindowsUpdate
2007-04-01 16:11 <DIR> d---s---- D:\WINDOWS\Tasks
2007-04-01 16:11 <DIR> d-------- D:\WINDOWS\system32\Macromed
2007-04-01 16:11 <DIR> d-------- D:\WINDOWS\system32\DirectX
2007-04-01 16:11 <DIR> d-------- D:\WINDOWS\srchasst
2007-04-01 16:11 <DIR> d-------- D:\Programas\Servi‡os online
2007-04-01 16:11 <DIR> d-------- D:\Programas\Movie Maker
2007-04-01 16:11 <DIR> d-------- D:\Programas\Ficheiros comuns\MSSoap
2007-04-01 16:10 86,016 --a------ D:\WINDOWS\system32\isign32.dll
2007-04-01 16:10 81,920 --a------ D:\WINDOWS\system32\ils.dll
2007-04-01 16:10 73,728 --a------ D:\WINDOWS\system32\icwdial.dll
2007-04-01 16:10 73,600 --a------ D:\WINDOWS\system32\drivers\sr.sys
2007-04-01 16:10 69,632 --a------ D:\WINDOWS\system32\msconf.dll
2007-04-01 16:10 679,424 --a------ D:\WINDOWS\system32\inetcomm.dll
2007-04-01 16:10 67,584 --a------ D:\WINDOWS\system32\srclient.dll
2007-04-01 16:10 65,536 --a------ D:\WINDOWS\system32\icwphbk.dll
2007-04-01 16:10 50,176 --a------ D:\WINDOWS\system32\inetres.dll
2007-04-01 16:10 45,568 --a------ D:\WINDOWS\system32\safrslv.dll
2007-04-01 16:10 43,520 --a------ D:\WINDOWS\system32\safrcdlg.dll
2007-04-01 16:10 43,520 --a------ D:\WINDOWS\system32\racpldlg.dll
2007-04-01 16:10 34,560 --a------ D:\WINDOWS\system32\mnmdd.dll
2007-04-01 16:10 32,768 --a------ D:\WINDOWS\system32\mnmsrvc.exe
2007-04-01 16:10 32,768 --a------ D:\WINDOWS\system32\isrdbg32.dll
2007-04-01 16:10 29,696 --a------ D:\WINDOWS\system32\safrdm.dll
2007-04-01 16:10 282,624 --a------ D:\WINDOWS\system32\inetcfg.dll
2007-04-01 16:10 28,672 --a------ D:\WINDOWS\system32\nmmkcert.dll
2007-04-01 16:10 279,552 --a------ D:\WINDOWS\system32\mstask.dll
2007-04-01 16:10 252,928 --a------ D:\WINDOWS\system32\msoeacct.dll
2007-04-01 16:10 241,152 --a------ D:\WINDOWS\system32\srrstr.dll
2007-04-01 16:10 23,040 --a------ D:\WINDOWS\system32\fltmc.exe
2007-04-01 16:10 21,924 --a------ D:\WINDOWS\system32\emptyregdb.dat
2007-04-01 16:10 192,512 --a------ D:\WINDOWS\system32\schedsvc.dll
2007-04-01 16:10 171,008 --a------ D:\WINDOWS\system32\srsvc.dll
2007-04-01 16:10 16,896 --a------ D:\WINDOWS\system32\fltlib.dll
2007-04-01 16:10 128,896 --a------ D:\WINDOWS\system32\drivers\fltmgr.sys
2007-04-01 16:10 12,288 --a------ D:\WINDOWS\system32\mstinit.exe
2007-04-01 16:10 105,984 --a------ D:\WINDOWS\system32\msoert2.dll
2007-04-01 16:10 <DIR> d-------- D:\WINDOWS\system32\Restore
2007-04-01 16:10 <DIR> d-------- D:\WINDOWS\Registration
2007-04-01 16:09 97,792 --a------ D:\WINDOWS\system32\comrepl.dll
2007-04-01 16:09 956,416 --a------ D:\WINDOWS\system32\msdtctm.dll
2007-04-01 16:09 93,696 --a------ D:\WINDOWS\system32\tscfgwmi.dll
2007-04-01 16:09 91,136 --a------ D:\WINDOWS\system32\mtxoci.dll
2007-04-01 16:09 87,176 --a------ D:\WINDOWS\system32\rdpwsx.dll
2007-04-01 16:09 85,504 --a------ D:\WINDOWS\system32\catsrvps.dll
2007-04-01 16:09 84,480 --a------ D:\WINDOWS\system32\charmap.exe
2007-04-01 16:09 73,216 --a------ D:\WINDOWS\system32\avwav.dll
2007-04-01 16:09 685,568 --a------ D:\WINDOWS\system32\getuname.dll
2007-04-01 16:09 67,072 --a------ D:\WINDOWS\system32\rdshost.exe
2007-04-01 16:09 655,360 --a------ D:\WINDOWS\system32\mstscax.dll
2007-04-01 16:09 625,152 --a------ D:\WINDOWS\system32\catsrvut.dll
2007-04-01 16:09 62,464 --a------ D:\WINDOWS\system32\rdpclip.exe
2007-04-01 16:09 61,440 --a------ D:\WINDOWS\system32\remotepg.dll
2007-04-01 16:09 60,416 --a------ D:\WINDOWS\system32\colbact.dll
2007-04-01 16:09 6,144 --a------ D:\WINDOWS\system32\msdtc.exe
2007-04-01 16:09 58,880 --a------ D:\WINDOWS\system32\msdtclog.dll
2007-04-01 16:09 58,880 --a------ D:\WINDOWS\system32\licwmi.dll
2007-04-01 16:09 57,344 --a------ D:\WINDOWS\system32\sol.exe
2007-04-01 16:09 56,320 --a------ D:\WINDOWS\system32\servdeps.dll
2007-04-01 16:09 55,296 --a------ D:\WINDOWS\system32\freecell.exe
2007-04-01 16:09 540,160 --a------ D:\WINDOWS\system32\comuid.dll
2007-04-01 16:09 54,272 --a------ D:\WINDOWS\system32\stclient.dll
2007-04-01 16:09 539,136 --a------ D:\WINDOWS\system32\spider.exe
2007-04-01 16:09 5,632 --a------ D:\WINDOWS\system32\write.exe
2007-04-01 16:09 5,120 --a------ D:\WINDOWS\system32\dcomcnfg.exe
2007-04-01 16:09 498,688 --a------ D:\WINDOWS\system32\clbcatq.dll
2007-04-01 16:09 44,544 --a------ D:\WINDOWS\system32\tscupgrd.exe
2007-04-01 16:09 44,544 --a------ D:\WINDOWS\system32\hticons.dll
2007-04-01 16:09 426,496 --a------ D:\WINDOWS\system32\msdtcprx.dll
2007-04-01 16:09 409,600 --a------ D:\WINDOWS\system32\mstsc.exe
2007-04-01 16:09 40,840 --a------ D:\WINDOWS\system32\drivers\termdd.sys
2007-04-01 16:09 4,608 --a------ D:\WINDOWS\system32\rdpcfgex.dll
2007-04-01 16:09 4,096 --a------ D:\WINDOWS\system32\mtxex.dll
2007-04-01 16:09 39,424 --a------ D:\WINDOWS\system32\cfgbkend.dll
2007-04-01 16:09 364,032 --a------ D:\WINDOWS\system32\mspaint.exe
2007-04-01 16:09 353,280 --a------ D:\WINDOWS\system32\hypertrm.dll
2007-04-01 16:09 35,328 --a------ D:\WINDOWS\system32\winchat.exe
2007-04-01 16:09 33,792 --a------ D:\WINDOWS\system32\regini.exe
2007-04-01 16:09 297,984 --a------ D:\WINDOWS\system32\termsrv.dll
2007-04-01 16:09 25,600 --a------ D:\WINDOWS\system32\comaddin.dll
2007-04-01 16:09 25,088 --a------ D:\WINDOWS\system32\mtxlegih.dll
2007-04-01 16:09 231,936 --a------ D:\WINDOWS\system32\avtapi.dll
2007-04-01 16:09 225,792 --a------ D:\WINDOWS\system32\catsrv.dll
2007-04-01 16:09 22,528 --a------ D:\WINDOWS\system32\qwinsta.exe
2007-04-01 16:09 22,528 --a------ D:\WINDOWS\system32\msg.exe
2007-04-01 16:09 21,896 --a------ D:\WINDOWS\system32\drivers\tdtcp.sys
2007-04-01 16:09 20,480 --a------ D:\WINDOWS\system32\qprocess.exe
2007-04-01 16:09 20,480 --a------ D:\WINDOWS\system32\mtxdm.dll
2007-04-01 16:09 196,864 --a------ D:\WINDOWS\system32\drivers\rdpdr.sys
2007-04-01 16:09 19,968 --a------ D:\WINDOWS\system32\rdpsnd.dll
2007-04-01 16:09 188,928 --a------ D:\WINDOWS\system32\cmprops.dll
2007-04-01 16:09 188,416 --a------ D:\WINDOWS\system32\accwiz.exe
2007-04-01 16:09 17,408 --a------ D:\WINDOWS\system32\tsshutdn.exe
2007-04-01 16:09 17,408 --a------ D:\WINDOWS\system32\qappsrv.exe
2007-04-01 16:09 17,408 --a------ D:\WINDOWS\system32\mmfutil.dll
2007-04-01 16:09 161,280 --a------ D:\WINDOWS\system32\msdtcuiu.dll
2007-04-01 16:09 16,384 --a------ D:\WINDOWS\system32\tskill.exe
2007-04-01 16:09 16,384 --a------ D:\WINDOWS\system32\rwinsta.exe
2007-04-01 16:09 16,384 --a------ D:\WINDOWS\system32\avmeter.dll
2007-04-01 16:09 15,872 --a------ D:\WINDOWS\system32\logoff.exe
2007-04-01 16:09 15,872 --a------ D:\WINDOWS\system32\cdmodem.dll
2007-04-01 16:09 15,360 --a------ D:\WINDOWS\system32\tscon.exe
2007-04-01 16:09 15,360 --a------ D:\WINDOWS\system32\shadow.exe
2007-04-01 16:09 147,968 --a------ D:\WINDOWS\system32\rdchost.dll
2007-04-01 16:09 147,456 --a------ D:\WINDOWS\system32\comsnap.dll
2007-04-01 16:09 142,336 --a------ D:\WINDOWS\system32\sessmgr.exe
2007-04-01 16:09 14,848 --a------ D:\WINDOWS\system32\tsdiscon.exe
2007-04-01 16:09 139,776 --a------ D:\WINDOWS\system32\sndvol32.exe
2007-04-01 16:09 139,528 --a------ D:\WINDOWS\system32\drivers\rdpwd.sys
2007-04-01 16:09 133,120 --a------ D:\WINDOWS\system32\sndrec32.exe
2007-04-01 16:09 13,824 --a------ D:\WINDOWS\system32\rdsaddin.exe
2007-04-01 16:09 128,000 --a------ D:\WINDOWS\system32\mshearts.exe
2007-04-01 16:09 124,928 --a------ D:\WINDOWS\system32\mplay32.exe
2007-04-01 16:09 12,040 --a------ D:\WINDOWS\system32\drivers\tdpipe.sys
2007-04-01 16:09 119,808 --a------ D:\WINDOWS\system32\winmine.exe
2007-04-01 16:09 118,272 --a------ D:\WINDOWS\system32\calc.exe
2007-04-01 16:09 110,080 --a------ D:\WINDOWS\system32\clbcatex.dll
2007-04-01 16:09 11,776 --a------ D:\WINDOWS\system32\xolehlp.dll
2007-04-01 16:09 11,264 --a------ D:\WINDOWS\system32\icaapi.dll
2007-04-01 16:09 105,472 --a------ D:\WINDOWS\system32\clipbrd.exe
2007-04-01 16:09 10,240 --a------ D:\WINDOWS\system32\reset.exe
2007-04-01 16:09 1,267,200 --a------ D:\WINDOWS\system32\comsvcs.dll
2007-04-01 16:09 1,251 --a------ D:\WINDOWS\system32\usrlogon.cmd
2007-04-01 16:09 <DIR> d-------- D:\WINDOWS\system32\MsDtc
2007-04-01 16:09 <DIR> d-------- D:\WINDOWS\system32\Com
2007-04-01 16:09 <DIR> d-------- D:\Programas\Windows NT
2007-04-01 16:09 <DIR> d-------- D:\Programas\MSN Gaming Zone
2007-04-01 16:09 <DIR> d-------- D:\Programas\Messenger


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-04-25 23:12 -------- d-------- D:\DOCUME~1\____VI~1\APPLIC~1\pc tools
2007-04-25 13:00 -------- d-------- D:\DOCUME~1\____VI~1\APPLIC~1\dmcache
2007-04-23 21:36 87198 --a------ D:\WINDOWS\system32\perfc016.dat
2007-04-23 21:36 486382 --a------ D:\WINDOWS\system32\perfh016.dat
2007-04-23 20:18 -------- d-------- D:\DOCUME~1\____VI~1\APPLIC~1\wnr
2007-04-23 19:59 -------- d-------- D:\DOCUME~1\____VI~1\APPLIC~1\utorrent
2007-04-23 02:23 -------- d-------- D:\DOCUME~1\____VI~1\APPLIC~1\winrar
2007-04-20 14:02 -------- d-------- D:\DOCUME~1\____VI~1\APPLIC~1\idm
2007-04-17 14:58 -------- d-------- D:\DOCUME~1\____VI~1\APPLIC~1\yahoo! messenger
2007-04-16 20:50 -------- d-------- D:\DOCUME~1\____VI~1\APPLIC~1\uniblue
2007-04-10 20:12 -------- d-------- D:\DOCUME~1\____VI~1\APPLIC~1\google
2007-04-07 15:55 -------- d-------- D:\DOCUME~1\____VI~1\APPLIC~1\help
2007-04-03 14:14 -------- d-------- D:\DOCUME~1\____VI~1\APPLIC~1\faststone
2007-04-01 21:05 -------- d-------- D:\DOCUME~1\____VI~1\APPLIC~1\tuneup software
2007-04-01 20:36 359808 --a------ D:\WINDOWS\system32\drivers\TCPIP.SYS
2007-04-01 20:14 219648 --a------ D:\WINDOWS\system32\uxtheme.dll
2007-04-01 16:56 62 --ahs---- D:\DOCUME~1\____VI~1\APPLIC~1\desktop.ini
2007-03-21 16:58 110360 --a------ D:\WINDOWS\system32\drivers\kl1.sys
2007-03-17 14:43 293376 --a------ D:\WINDOWS\system32\winsrv.dll
2007-03-08 16:37 578560 --a------ D:\WINDOWS\system32\user32.dll
2007-03-08 16:37 40960 --a------ D:\WINDOWS\system32\mf3216.dll
2007-03-08 16:37 281600 --a------ D:\WINDOWS\system32\gdi32.dll
2007-03-08 16:33 1843712 --a------ D:\WINDOWS\system32\win32k.sys
2007-02-19 15:53 202424 --a------ D:\WINDOWS\system32\idmmbc.dll
2007-02-05 21:18 185344 --a------ D:\WINDOWS\system32\upnphost.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{0055C089-8582-441B-A0BF-17B458C2A3A8} D:\Programas\Internet Download Manager\IDMIECC.dll
{02478D38-C3F9-4EFB-9B51-7695ECA05670} D:\Programas\Yahoo!\Companion\Installs\cpn\yt.dll
{206E52E0-D52E-11D4-AD54-0000E86C26F6} D:\Programas\FreshDevices\FreshDownload\fdcatch.dll
{53707962-6F74-2D53-2644-206D7942484F} D:\Programas\Spybot - Search & Destroy\SDHelper.dll
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} D:\PROGRA~1\Spyware Doctor\tools\iesdsg.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} D:\Programas\Java\jre1.5.0_11\bin\ssv.dll
{B56A7D7D-6927-48C8-A975-17DF180C71AC} D:\PROGRA~1\Spyware Doctor\tools\iesdpb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"LClock"="D:\\Programas\\LClock\\LClock.exe"
"PCPerf"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="D:\\WINDOWS\\system32\\ctfmon.exe"
"TuneUp MemOptimizer"="\"D:\\Programas\\TuneUp Utilities 2007\\MemOptimizer.exe\" autostart"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="\"D:\\Programas\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"RunStartupScriptSync"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"openplz"=dword:00000001
"NoSecCPL"=dword:00000000
"NoConfigPage"=dword:00000000
"NoVirtMemPage"=dword:00000000
"NoDevMgrPage"=dword:00000000
"DisableLockWorkstation"=dword:00000000
"NoCommonGroups"=dword:00000000
"DisableRegedit"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeAnimation"=dword:00000001
"NoStrCmpLogical"=dword:00000001
"NoLowDiskSpaceChecks"=dword:00000000
"NoChangeKeyboardNavigationIndicators"=dword:00000000
"NoSMConfigurePrograms"=dword:00000000
"NoSharedDocuments"=dword:00000000
"NoTrayContextMenu"=dword:00000000
"LockTaskbar"=dword:00000000
"NoTrayItemsDisplay"=dword:00000000
"NoUserNameInStartMenu"=dword:00000000
"NoSetTaskbar"=dword:00000000
"NoStartMenuEjectPC"=dword:00000000
"StartMenuLogoff"=dword:00000000
"ForceStartMenuLogoff"=dword:00000000
"NoRecentDocsNetHood"=dword:00000000
"NoStartMenuNetworkPlaces"=dword:00000000
"NoNetworkConnections"=dword:00000000
"DisablePersonalDirChange"=dword:00000000
"DisableMyPicturesDirChange"=dword:00000000
"DisableMyMusicDirChange"=dword:00000000
"DisableFavoritesDirChange"=dword:00000000
"NoSMMyDocs"=dword:00000000
"NoWindowsUpdate"=dword:00000000
"GreyMSIAds"=dword:00000000
"NoStartMenuPinnedList"=dword:00000000
"NoPropertiesRecycleBin"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"=dword:00000000
"NoStrCmpLogical"=dword:00000000
"NoActiveDesktopChanges"=dword:00000000
"NoRecentDocsHistory"=dword:00000000
"ClearRecentDocsOnExit"=dword:00000000
"NoSMHelp"=dword:00000000
"NoFavoritesMenu"=dword:00000000
"NoLogOff"=dword:00000000
"NoRecentDocsMenu"=dword:00000000
"NoResolveTrack"=dword:00000001
"NoInstrumentation"=dword:00000000
"NoStartBanner"=hex:01,00,00,00
"NoFileUrl"=dword:00000000
"NoSimpleStartMenu"=dword:00000000
"NoStartMenuMFUprogramsList"=dword:00000000
"NoStartMenuMorePrograms"=dword:00000000
"NoDFSTab"=dword:00000000
"NoSecurityTab"=dword:00000000
"NoHardwareTab"=dword:00000000
"NoResolveSearch"=dword:00000000
"NoSMConfigurePrograms"=dword:00000000
"NoSharedDocuments"=dword:00000000
"NoTrayContextMenu"=dword:00000000
"LockTaskbar"=dword:00000000
"NoTrayItemsDisplay"=dword:00000000
"NoToolbarsOnTaskbar"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="D:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0

hklm\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
UxTuneUp




~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20070420-201732-814
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
backup-20070420-201732-868
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
backup-20070420-185851-573
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programas\Messenger\msmsgs.exe
backup-20070420-185851-721
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programas\Messenger\msmsgs.exe
backup-20070420-185851-500
O4 - HKLM\..\Run: [yspyJGC\XPSrv] "c:\windows\system32\svchost.exe" /WAITSERVICE
backup-20070420-185851-105
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.camfrog.com/ie
backup-20070420-185851-877
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.camfrog.com/ie
backup-20070420-185851-325
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.camfrog.com
backup-20070420-104201-563
O4 - HKLM\..\Run: [EXPLORER] svshost.exe
backup-20070420-104056-973
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\
backup-20070420-103554-804
O4 - HKCU\..\Run: [svchost.exe] D:\WINDOWS\system\svchost.exe

Contents of the 'Scheduled Tasks' folder
D:\WINDOWS\tasks\1-Click Maintenance.job
D:\WINDOWS\tasks\RegCure Program Check.job
D:\WINDOWS\tasks\RegCure.job
D:\WINDOWS\tasks\XoftSpy.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-04-26 13:23:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 07-04-26 13:23:35
D:\ComboFix-quarantined-files.txt ... 07-04-26 13:23


the quarentine log


04-01-15 07:01	  53299	--a------	D:\Qoobox\Quarantine\D\WINDOWS\system32\pthreadVC.dll.vir
04-05-14 11:30	  61440	--a------	D:\Qoobox\Quarantine\D\WINDOWS\system32\wanpacket.dll.vir
04-05-14 11:30	  81920	--a------	D:\Qoobox\Quarantine\D\WINDOWS\system32\packet.dll.vir
04-05-14 11:37	  32896	--a------	D:\Qoobox\Quarantine\D\WINDOWS\system32\drivers\npf.sys.vir
04-05-14 13:02	  225280	--a------	D:\Qoobox\Quarantine\D\WINDOWS\system32\wpcap.dll.vir
06-05-19 00:00	  902	--a------	D:\Qoobox\Quarantine\D\WINDOWS\hosts.vir
07-04-21 13:54	  0	--a------	D:\Qoobox\Quarantine\D\WINDOWS\system32\server.exe.vir
07-04-26 13:21	  1054	--a------	D:\Qoobox\Quarantine\Registry_backups\LEGACY_NPF.reg.cf
07-04-26 13:21	  1212	--a------	D:\Qoobox\Quarantine\Registry_backups\LEGACY_NM.reg.cf
07-04-26 13:21	  2426	--a------	D:\Qoobox\Quarantine\Registry_backups\services_NPF.reg.cf
07-04-26 13:21	  8512	--a------	D:\Qoobox\Quarantine\Registry_backups\services_nm.reg.cf


Lista de caminhos de pasta
O n£mero de s‚rie do volume ‚ 381F-D93E
D:\QOOBOX
\---Quarantine
	+---D
	|   \---WINDOWS
	|	   |   hosts.vir
	|	   |   
	|	   \---system32
	|		   |   packet.dll.vir
	|		   |   pthreadVC.dll.vir
	|		   |   server.exe.vir
	|		   |   wanpacket.dll.vir
	|		   |   wpcap.dll.vir
	|		   |   
	|		   \---drivers
	|				   npf.sys.vir
	|				   
	\---Registry_backups
			LEGACY_NM.reg.cf
			LEGACY_NPF.reg.cf
			services_nm.reg.cf
			services_NPF.reg.cf


#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:03:23 AM

Posted 26 April 2007 - 07:49 AM

Download Registry Search Tool:
http://billsway.com/vbspage/
Unzip the contents of RegSrch.zip to a convenient location.
Double-click on RegSrch.vbs.
If you have an anti-virus installed it might prompt you about a running script.
Please ignore this warning and allow the script to run.
In the "Enter search string (case insensitive) and click OK..." box, paste in the following:

netcmd

Click "OK" to search the registry for that string.
Wait for a few minutes while it completes the search.
Click "OK" to open the results in WordPad.
Copy and paste the entire results into your next reply.

********************************

Please download Sophos Anti-Rootkit,and save it on your desktop.
1. Double-click sarsfx.exe to extract the files and leave the default settings.
2. Open the folder C:\SOPHTEMP and double-click sargui.exe to start the program.
3. Make sure the following are checked:
- Running processes
- Windows Registry
- Local Hard Drives
4. Click the "Start Scan" button.
5. Click the "OK" button after you get the notification that the scan has finished and close the program.
6. Click on Start>Run and type, or copy and paste: %temp%\sarscan.log then press Enter.
7. This should open the log from the rootkit scan.
Post this log into your next reply.

Note:
If the scan is performed while the computer is in use, false positives may appear in the scan results.
This is caused by files or registry entries being deleted,including temporary files being deleted automatically.
It has also been reported that Trojan Hunter is detecting Sophos Anti-rootkit as Trojan.Dropper.Interlac.100
So if you have Trojan Hunter installed you will need to disable it prior to running a scan.

Also post a new Hijackthis log please.
Posted Image
Posted Image

#7 vitpapagul

vitpapagul
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 26 April 2007 - 08:26 AM

REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "netcmd" 26-04-2007 14:08:32

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_USERS\S-1-5-21-861567501-1123561945-1177238915-1003\Software\Microsoft\Search Assistant\ACMru\5603]
"000"="netcmd.exe"

[HKEY_USERS\S-1-5-21-861567501-1123561945-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]
"b"="D:\\WINDOWS\\system32\\netcmd.exe"

[HKEY_USERS\S-1-5-21-861567501-1123561945-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\exe]
"d"="D:\\WINDOWS\\system32\\netcmd.exe"

[HKEY_USERS\S-1-5-21-861567501-1123561945-1177238915-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"D:\\WINDOWS\\SYSTEM32\\NETCMD.EXE"="NETCMD"

[HKEY_USERS\S-1-5-21-861567501-1123561945-1177238915-1003\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="Explorer.exe netcmd.exe s"


Sophos Anti-Rootkit Version 1.3RC (data 1.06) © 2006 Sophos Plc
Started logging on 26-04-2007 at 14:14:34
Hidden: file C:\Program Files:$TXF_DATA
Hidden: file C:\Program Files\Windows Mail:$TXF_DATA
Hidden: file C:\ProgramData:$TXF_DATA
Hidden: file C:\ProgramData\Microsoft:$TXF_DATA
Hidden: file C:\ProgramData\Microsoft\Crypto:$TXF_DATA
Hidden: file C:\ProgramData\Microsoft\Crypto\RSA:$TXF_DATA
Hidden: file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys:$TXF_DATA
Hidden: file C:\Windows\System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan:$TXF_DATA
Hidden: file C:\Windows:$TXF_DATA
Hidden: file C:\Windows\AppPatch:$TXF_DATA
Hidden: file C:\Windows\servicing:$TXF_DATA
Hidden: file C:\Windows\servicing\Packages:$TXF_DATA
Hidden: file C:\Windows\System32:$TXF_DATA
Hidden: file C:\Windows\System32\Tasks:$TXF_DATA
Hidden: file C:\Windows\System32\Tasks\Microsoft:$TXF_DATA
Hidden: file C:\Windows\System32\Tasks\Microsoft\Windows:$TXF_DATA
Hidden: file C:\Windows\System32\Tasks\Microsoft\Windows\MUI:$TXF_DATA
Hidden: file C:\Windows\System32\Tasks\Microsoft\Windows\SideShow:$TXF_DATA
Hidden: file C:\Windows\System32\Tasks\Microsoft\Windows Defender:$TXF_DATA
Hidden: file C:\Windows\Temp:$TXF_DATA
Hidden: file C:\Windows\winsxs:$TXF_DATA
Hidden: file C:\Windows\winsxs\Backup:$TXF_DATA
Hidden: file C:\Windows\winsxs\Catalogs:$TXF_DATA
Hidden: file C:\Windows\winsxs\FileMaps:$TXF_DATA
Hidden: file C:\Windows\winsxs\Manifests:$TXF_DATA
Hidden: file C:\Windows\winsxs\Temp:$TXF_DATA
Hidden: file C:\Windows\winsxs\Temp\PendingRenames:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6000.16386_none_47403923c16007bf:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16386_none_09eb762df5615af9:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6000.16386_none_09ec7677f5607450:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.16386_none_09ed76c1f55f8da7:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.16386_none_09ee770bf55ea6fe:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16386_none_09ef7755f55dc055:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.0.6000.16386_none_5938ffdfe0e8b606:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-e..ortingcompatibility_31bf3856ad364e35_6.0.6000.16386_none_fc68e358f899a090:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16386_none_3fc98d12c451f0a7:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16386_none_f95b545b6ed37b65:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16386_none_110c50a0253e6a48:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-drm_31bf3856ad364e35_6.0.6000.16386_none_6bf75946c7e1dd75:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16386_none_f05158286e8f4253:$TXF_DATA
Hidden: file C:\Windows\servicing\Packages\Package_1_for_KB929399~31bf3856ad364e35~x86~~6.0.1.1.cat:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16386_none_f05158286e8f4253\OESpamFilter.dat:$TXF_DATA
Hidden: file C:\Windows\winsxs\Catalogs\6b6d814796004179703596a802ca33c898eb5877ab6c85876b6b25fa17a4fabc.cat:$TXF_DATA
Hidden: file C:\Windows\servicing\Packages\Package_1_for_KB929399~31bf3856ad364e35~x86~~6.0.1.1.mum:$TXF_DATA
Hidden: file C:\Windows\winsxs\Catalogs\bf00a31d7b2af5bc968e8a512b798d834bee50e10c39ea837b58575b0ff2fa75.cat:$TXF_DATA
Hidden: file C:\Windows\winsxs\Catalogs\292c9db87fe656f048e0d0010ab47530505a65783406eb8da7d577b992066f10.cat:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.16386_none_09ed76c1f55f8da7\AcGenral.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16386_none_09ef7755f55dc055\AcLayers.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16386_none_09eb762df5615af9\AcRes.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.16386_none_09ee770bf55ea6fe\AcSpecfc.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16386_none_09ef7755f55dc055\AcXtrnal.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16386_none_09ef7755f55dc055\drvmain.sdb:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6000.16386_none_09ec7677f5607450\msimain.sdb:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6000.16386_none_47403923c16007bf\pcamain.sdb:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16386_none_09eb762df5615af9\sysmain.sdb:$TXF_DATA
Hidden: file C:\Windows\winsxs\cleanup.xml:$TXF_DATA
Hidden: file C:\Windows\servicing\Packages\Package_for_KB932246~31bf3856ad364e35~x86~~6.0.1.2.cat:$TXF_DATA
Hidden: file C:\Windows\System32\Tasks\Microsoft\Windows\MUI\LPRemove:$TXF_DATA
Hidden: file C:\Windows\servicing\Packages\Package_for_KB932246~31bf3856ad364e35~x86~~6.0.1.2.mum:$TXF_DATA
Hidden: file C:\Windows\servicing\Packages\Package_2_for_KB932246~31bf3856ad364e35~x86~~6.0.1.2.cat:$TXF_DATA
Hidden: file C:\Windows\servicing\Packages\Package_2_for_KB932246~31bf3856ad364e35~x86~~6.0.1.2.mum:$TXF_DATA
Hidden: file C:\Windows\servicing\Packages\Package_1_for_KB932246~31bf3856ad364e35~x86~~6.0.1.2.cat:$TXF_DATA
Hidden: file C:\Windows\servicing\Packages\Package_1_for_KB932246~31bf3856ad364e35~x86~~6.0.1.2.mum:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.0.6000.16386_none_5938ffdfe0e8b606\crypt32.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-e..ortingcompatibility_31bf3856ad364e35_6.0.6000.16386_none_fc68e358f899a090\DWWIN.EXE:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16386_none_3fc98d12c451f0a7\gameux.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16386_none_3fc98d12c451f0a7\GameUXLegacyGDFs.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16386_none_f95b545b6ed37b65\ieapfltr.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16386_none_110c50a0253e6a48\mshtml.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-drm_31bf3856ad364e35_6.0.6000.16386_none_6bf75946c7e1dd75\msscp.dll:$TXF_DATA
Hidden: file C:\Windows\System32\Tasks\Microsoft\Windows\SideShow\SessionAgent:$TXF_DATA
Hidden: file C:\Windows\System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders:$TXF_DATA
Hidden: file C:\Windows\servicing\Packages\Package_1_for_KB931573~31bf3856ad364e35~x86~~6.0.1.0.cat:$TXF_DATA
Hidden: file C:\Windows\System32\catroot2:$TXF_DATA
Hidden: file C:\Windows\System32\catroot2\dberr.txt:$TXF_DATA
Hidden: file C:\Windows\winsxs\Catalogs\f072bd9cabcc08d7c69c7233dbd8250f135108961d8ff8329077109ceba3670a.cat:$TXF_DATA
Hidden: file C:\Windows\servicing\Packages\Package_1_for_KB931573~31bf3856ad364e35~x86~~6.0.1.0.mum:$TXF_DATA
Hidden: file C:\Windows\winsxs\Temp\PendingRenames\0a867d7e7374c70168000000d80d3c09._0000000000000000.cdf-ms:$TXF_DATA
Hidden: file C:\Windows\AppPatch\pcamain.sdb:$TXF_DATA
Hidden: file C:\Windows\servicing\Packages\Package_for_KB928089~31bf3856ad364e35~x86~~6.0.1.1.cat:$TXF_DATA
Hidden: file C:\Windows\winsxs\Catalogs\af33616f5bc0f29c02dd361196760c61f4a5d0675f815556474b2428526e4381.cat:$TXF_DATA
Hidden: file C:\Windows\winsxs\Catalogs\ad9f0b431da6f224b659f0fe2809f1514b0c914df2b996c24bd31655454ea9dd.cat:$TXF_DATA
Hidden: file C:\Windows\servicing\Packages\Package_for_KB928089~31bf3856ad364e35~x86~~6.0.1.1.mum:$TXF_DATA
Hidden: file C:\Windows\servicing\Packages\Package_2_for_KB928089~31bf3856ad364e35~x86~~6.0.1.1.cat:$TXF_DATA
Hidden: file C:\Windows\servicing\Packages\Package_2_for_KB928089~31bf3856ad364e35~x86~~6.0.1.1.mum:$TXF_DATA
Hidden: file C:\Windows\servicing\Packages\Package_1_for_KB928089~31bf3856ad364e35~x86~~6.0.1.1.cat:$TXF_DATA
Hidden: file C:\Windows\servicing\Packages\Package_1_for_KB928089~31bf3856ad364e35~x86~~6.0.1.1.mum:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6000.16444_none_47697a25c1416274:$TXF_DATA
Hidden: file C:\Windows\servicing\Packages\Package_1_for_KB905866~31bf3856ad364e35~x86~~6.0.5.0.cat:$TXF_DATA
Hidden: file C:\Windows\winsxs\Catalogs\da11ad01affb1bee8d5e134624cd4a1be8b7c2179082a44fe2d2558dee87f91f.cat:$TXF_DATA
Hidden: file C:\Windows\servicing\Packages\Package_1_for_KB905866~31bf3856ad364e35~x86~~6.0.5.0.mum:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16444_none_3ff2ce14c4334b5c:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16444_none_3ff2ce14c4334b5c\gameux.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16444_none_3ff2ce14c4334b5c\GameUXLegacyGDFs.dll:$TXF_DATA
Hidden: file C:\Windows\servicing\Packages\Package_1_for_KB930857~31bf3856ad364e35~x86~~6.0.1.0.cat:$TXF_DATA
Hidden: file C:\Windows\winsxs\Catalogs\f0b9a1bfe7438cb7278a67b3ed92e8672ca3ab8625a5a003df342919b341d5e4.cat:$TXF_DATA
Hidden: file C:\Windows\servicing\Packages\Package_1_for_KB930857~31bf3856ad364e35~x86~~6.0.1.0.mum:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16444_none_0a18b857f53f1b0a\AcXtrnal.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16444_none_0a18b857f53f1b0a:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16444_none_0a18b857f53f1b0a\AcLayers.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16444_none_0a18b857f53f1b0a\drvmain.sdb:$TXF_DATA
Hidden: file C:\Windows\AppPatch\AcGenral.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.16444_none_0a16b7c3f540e85c:$TXF_DATA
Hidden: file C:\Windows\AppPatch\sysmain.sdb:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16444_none_0a14b72ff542b5ae:$TXF_DATA
Hidden: file C:\Windows\AppPatch\AcRes.dll:$TXF_DATA
Hidden: file C:\Windows\AppPatch\AcSpecfc.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.16444_none_0a17b80df54001b3:$TXF_DATA
Hidden: file C:\Windows\AppPatch\msimain.sdb:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6000.16444_none_0a15b779f541cf05:$TXF_DATA
Hidden: file C:\Windows\winsxs\Temp\PendingRenames\0a867d7e7374c70169000000d80d3c09.$$.cdf-ms:$TXF_DATA
Hidden: file C:\Windows\winsxs\Temp\PendingRenames\c6f9b17e7374c7016a000000d80d3c09.$$_system32_21f9a9c4a2f8b514.cdf-ms:$TXF_DATA
Hidden: file C:\Windows\winsxs\Temp\PendingRenames\88e5bd7e7374c7016b000000d80d3c09.$$_apppatch_1143992cbbbebcab.cdf-ms:$TXF_DATA
Hidden: file C:\Windows\winsxs\FileMaps\$$_apppatch_1143992cbbbebcab.cdf-ms:$TXF_DATA
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.0.6000.16425_none_5978e103e0b8f230.manifest:$TXF_DATA
Hidden: file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\capilock.dat:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.0.6000.16425_none_5978e103e0b8f230:$TXF_DATA
Hidden: file C:\Windows\System32\crypt32.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.0.6000.16425_none_5978e103e0b8f230_capilock.dat_79d31fad:$TXF_DATA
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.0.6000.16425_none_5978e103e0b8f230_crypt32.dll_9c3ccf73:$TXF_DATA
Hidden: file C:\Windows\winsxs\FileMaps\programdata_microsoft_crypto_rsa_machinekeys_aa739417efae0d58.cdf-ms:$TXF_DATA
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16397_none_110280fe25459f90.manifest:$TXF_DATA
Hidden: file C:\Windows\System32\ieapfltr.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16397_none_f95184b96edab0ad:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16397_none_110280fe25459f90:$TXF_DATA
Hidden: file C:\Windows\System32\mshtml.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16397_none_110280fe25459f90_mshtml.tlb_fab8f577:$TXF_DATA
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16397_none_110280fe25459f90_mshtml.dll_fab8f891:$TXF_DATA
Hidden: file C:\Program Files\Windows Mail\OESpamFilter.dat:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16450_none_f06bc8166e7c539d:$TXF_DATA
Hidden: file C:\Windows\winsxs\FileMaps\program_files_ffd0cbfc813cc4f1.cdf-ms:$TXF_DATA
Hidden: file C:\Windows\winsxs\FileMaps\program_files_windows_mail_e07902f329fe05e9.cdf-ms:$TXF_DATA
Hidden: file C:\Windows\System32\DWWIN.EXE:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-e..ortingcompatibility_31bf3856ad364e35_6.0.6000.16416_none_fcb494b2f860da20:$TXF_DATA
Hidden: file C:\Windows\winsxs\FileMaps\_0000000000000000.cdf-ms:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-drm_31bf3856ad364e35_6.0.6000.16404_none_6c4bd9f8c7a2c866\msscp.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-drm_31bf3856ad364e35_6.0.6000.16404_none_6c4bd9f8c7a2c866:$TXF_DATA
Hidden: file C:\Windows\winsxs\FileMaps\$$.cdf-ms:$TXF_DATA
Hidden: file C:\Windows\winsxs\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms:$TXF_DATA
Hidden: file C:\Windows\winsxs\Manifests\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_none_10b3ea459bfee365.manifest:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_none_10b3ea459bfee365\msvcr80.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_none_10b3ea459bfee365\msvcp80.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_none_10b3ea459bfee365\msvcm80.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\Catalogs\3582cf91bea0e0e7b5f4b8a168a2e4bf248a01f764aa3c5d7c4f352ebc681e9d.cat:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_none_10b3ea459bfee365:$TXF_DATA
Hidden: file C:\Windows\winsxs\Manifests\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_none_91949b06671d08ae.manifest:$TXF_DATA
Hidden: file C:\Windows\winsxs\Catalogs\70f19edeeb8e3329aad18f744094ea0319d2ecc78dd6a12559a1e765c42418f7.cat:$TXF_DATA
Stopped logging on 26-04-2007 at 14:19:58

Logfile of HijackThis v1.99.1
Scan saved at 14:22:58, on 26-04-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.exe
D:\WINDOWS\SYSTEM32\NETCMD.EXE
D:\Programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
D:\Programas\Spyware Doctor\sdhelp.exe
D:\Programas\LClock\LClock.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Programas\TuneUp Utilities 2007\MemOptimizer.exe
D:\Programas\Analog Devices\SoundMAX\SMAgent.exe
D:\WINDOWS\system32\wdfmgr.exe
D:\WINDOWS\System32\alg.exe
D:\Programas\Internet Explorer\iexplore.exe
D:\WINDOWS\system32\wscntfy.exe
F:\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://xoomer.alice.it/principe-hechicero/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Programas\Internet Download Manager\IDMIECC.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Programas\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - D:\Programas\FreshDevices\FreshDownload\fdcatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programas\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\PROGRA~1\Spyware Doctor\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programas\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\PROGRA~1\Spyware Doctor\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Programas\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - D:\Programas\FreshDevices\FreshDownload\fdiebar.dll
O4 - HKLM\..\Run: [LClock] D:\Programas\LClock\LClock.exe
O4 - HKLM\..\Run: [AVP] "D:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "D:\Programas\TuneUp Utilities 2007\MemOptimizer.exe" autostart
O8 - Extra context menu item: Download All Links with IDM - D:\Programas\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - D:\Programas\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programas\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programas\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~1\Spyware Doctor\tools\iesdpb.dll
O9 - Extra button: FreshDownload - {D5E1F238-64FC-47BE-AFB5-2CF02016F14F} - D:\Programas\FreshDevices\FreshDownload\fd.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - D:\Programas\Ficheiros comuns\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: D:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll
O20 - Winlogon Notify: klogon - D:\WINDOWS\system32\klogon.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - D:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - D:\Programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - D:\Programas\Spyware Doctor\sdhelp.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Programas\Analog Devices\SoundMAX\SMAgent.exe

#8 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:03:23 AM

Posted 26 April 2007 - 09:42 AM

I'm not 100% sure about this one,being as NOD32 detected netcmd.exe as a variant of Win32/Spy.VB.QJ i suggest you download the free 30-Day trial of NOD32 Antivirus from the link below:
Free 30-Day Trial of NOD32 Antivirus Software:
http://www.eset.com/download/index.php

Once downloaded,uninstall Kaspersky Internet Security 7.0 via Add or Remove Programs,then restart your pc.
Install NOD32,update its definitions and run a full system virus scan.
Let me know how you get on please.
Posted Image
Posted Image

#9 vitpapagul

vitpapagul
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 26 April 2007 - 10:24 AM

hi again and tanks for your time..before you tell me to upload to jotti and virustotal i have uninstal kaspersky and run nod 32 2.70 update and not detect the netcmd,i have to make 2 click on netcmd and not detect so,i have to just scan system 32 and nothing...i dont scan in safe mode.. in the moment i have tis problem to ie open end tell me this D:\Documents%20and%20Settings\____vitor____\Definições%20locais\Temp\t801.htm...tanks

Edited by vitpapagul, 26 April 2007 - 10:27 AM.


#10 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:03:23 AM

Posted 26 April 2007 - 12:46 PM

Download ATF Cleaner by Atribune:
http://www.atribune.org/ccount/click.php?id=1

Double-click ATF-Cleaner.exe to run the program.
Click 'Select All' found at the bottom of the list.
Click the 'Empty Selected' button.

If you use Firefox browser, do this also:
Click Firefox at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.

If you use Opera browser,do this also:
Click Opera at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.

Click 'Exit' on the Main menu to close the program.

**********************************

Download\install 'SuperAntiSpyware Home Edition Free Version' from here:
http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE

Launch SuperAntiSpyware and click on 'Check for updates'.
Once the updates have been installed,on the main screen click on 'Scan your computer'.
Check: 'Perform Complete Scan'.
Click 'Next' to start the scan.

Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
Make sure everything found has a checkmark next to it,then press 'Next'.
Click on 'Finish' when you've done.

It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
Click on 'Preferences'.
Click on the 'Statistics/Logs' tab.
Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad.
Copy and paste the contents of that report into your next reply.
Also post a new Hijackthis log,let me know how your pc is running now.

Posted Image
Posted Image

#11 vitpapagul

vitpapagul
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 26 April 2007 - 05:00 PM

sorry the delay but i have problem with the scan..i trie to make a full scan in all drives but the scan in drive C: that i have vista just take 2 hors scan the sames folder again and again so i stop the scan and start again a new full scan just in drive D: that i have xp...i still have netcmd and i can delete...ther is the result from scan...i tink if is not better just format the drive D: i just want a 2 tink...tanks again for your time and help..in the moment i send this kaspersky detected a hidden data sending from netcmd.exe so that give the action to put in quarantine....

SUPERAntiSpyware Scan Log
Generated 04/26/2007 at 10:35 PM

Application Version : 3.6.1000

Core Rules Database Version : 3225
Trace Rules Database Version: 1236

Scan type : Complete Scan
Total Scan Time : 00:32:56

Memory items scanned : 335
Memory threats detected : 0
Registry items scanned : 5118
Registry threats detected : 0
File items scanned : 17756
File threats detected : 1

Adware.Tracking Cookie
D:\Documents and Settings\____vitor____\Cookies\____vitor____@imrworldwide[1].txt

this is the log before the warning from kaskersky
Logfile of HijackThis v1.99.1
Scan saved at 22:36:18, on 26-04-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
D:\Programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
D:\Programas\Spyware Doctor\sdhelp.exe
D:\WINDOWS\Explorer.exe
D:\WINDOWS\system32\wdfmgr.exe
D:\WINDOWS\SYSTEM32\NETCMD.EXE
D:\WINDOWS\System32\alg.exe
D:\Programas\LClock\LClock.exe
D:\Programas\LClock\LClock.exe
D:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Programas\TuneUp Utilities 2007\MemOptimizer.exe
D:\Programas\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\WINDOWS\system32\taskmgr.exe
D:\WINDOWS\system32\notepad.exe
F:\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://xoomer.alice.it/principe-hechicero/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Programas\Internet Download Manager\IDMIECC.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Programas\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - D:\Programas\FreshDevices\FreshDownload\fdcatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programas\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\PROGRA~1\Spyware Doctor\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programas\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\PROGRA~1\Spyware Doctor\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Programas\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - D:\Programas\FreshDevices\FreshDownload\fdiebar.dll
O4 - HKLM\..\Run: [LClock] D:\Programas\LClock\LClock.exe
O4 - HKLM\..\Run: [AVP] "D:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "D:\Programas\TuneUp Utilities 2007\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Programas\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: Add to Anti-Banner - D:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Download All Links with IDM - D:\Programas\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - D:\Programas\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programas\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programas\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~1\Spyware Doctor\tools\iesdpb.dll
O9 - Extra button: FreshDownload - {D5E1F238-64FC-47BE-AFB5-2CF02016F14F} - D:\Programas\FreshDevices\FreshDownload\fd.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - D:\Programas\Ficheiros comuns\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: D:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll
O20 - Winlogon Notify: !SASWinLogon - D:\Programas\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: klogon - D:\WINDOWS\system32\klogon.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - D:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - D:\Programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - D:\Programas\Spyware Doctor\sdhelp.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Programas\Analog Devices\SoundMAX\SMAgent.exe

this log is after the warning

Logfile of HijackThis v1.99.1
Scan saved at 22:55:53, on 26-04-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
D:\Programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
D:\Programas\Spyware Doctor\sdhelp.exe
D:\WINDOWS\Explorer.exe
D:\WINDOWS\system32\wdfmgr.exe
D:\WINDOWS\System32\alg.exe
D:\Programas\LClock\LClock.exe
D:\Programas\LClock\LClock.exe
D:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Programas\TuneUp Utilities 2007\MemOptimizer.exe
D:\Programas\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\WINDOWS\system32\taskmgr.exe
D:\Programas\Internet Explorer\iexplore.exe
D:\Programas\YahELite\YahXlate.exe
F:\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://xoomer.alice.it/principe-hechicero/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Programas\Internet Download Manager\IDMIECC.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Programas\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - D:\Programas\FreshDevices\FreshDownload\fdcatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programas\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\PROGRA~1\Spyware Doctor\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programas\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\PROGRA~1\Spyware Doctor\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Programas\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - D:\Programas\FreshDevices\FreshDownload\fdiebar.dll
O4 - HKLM\..\Run: [LClock] D:\Programas\LClock\LClock.exe
O4 - HKLM\..\Run: [AVP] "D:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "D:\Programas\TuneUp Utilities 2007\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Programas\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: Add to Anti-Banner - D:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Download All Links with IDM - D:\Programas\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - D:\Programas\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programas\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programas\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~1\Spyware Doctor\tools\iesdpb.dll
O9 - Extra button: FreshDownload - {D5E1F238-64FC-47BE-AFB5-2CF02016F14F} - D:\Programas\FreshDevices\FreshDownload\fd.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - D:\Programas\Ficheiros comuns\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: D:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll
O20 - Winlogon Notify: !SASWinLogon - D:\Programas\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: klogon - D:\WINDOWS\system32\klogon.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - D:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - D:\Programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - D:\Programas\Spyware Doctor\sdhelp.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Programas\Analog Devices\SoundMAX\SMAgent.exe


Possibly infected: riskware Hidden data sending D:\WINDOWS\SYSTEM32\NETCMD.EXE 27,9 KB 26-04-2007 22:51:03

Edited by vitpapagul, 26 April 2007 - 05:04 PM.


#12 vitpapagul

vitpapagul
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 26 April 2007 - 05:51 PM

sorry the netcmd.exe star again when i reboot my pc and my ie star this page without click in ie ... http://kurdsofts.com/win.htm

Edited by vitpapagul, 26 April 2007 - 05:57 PM.


#13 vitpapagul

vitpapagul
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 27 April 2007 - 03:19 AM

i tink my pc is better now netcmd is gone i search in my drive and find nothing i searh in regedit and is clean...

Logfile of HijackThis v1.99.1
Scan saved at 9:11:46, on 27-04-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
D:\Programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
D:\Programas\Spyware Doctor\sdhelp.exe
D:\Programas\Analog Devices\SoundMAX\SMAgent.exe
D:\WINDOWS\system32\wdfmgr.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\alg.exe
D:\Programas\LClock\LClock.exe
D:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Programas\TuneUp Utilities 2007\MemOptimizer.exe
D:\WINDOWS\system32\taskmgr.exe
D:\Programas\Internet Explorer\iexplore.exe
D:\Programas\FastStone Capture\FSCapture.exe
F:\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://xoomer.alice.it/principe-hechicero/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Programas\Internet Download Manager\IDMIECC.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Programas\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - D:\Programas\FreshDevices\FreshDownload\fdcatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programas\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\PROGRA~1\Spyware Doctor\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programas\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\PROGRA~1\Spyware Doctor\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Programas\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - D:\Programas\FreshDevices\FreshDownload\fdiebar.dll
O4 - HKLM\..\Run: [LClock] D:\Programas\LClock\LClock.exe
O4 - HKLM\..\Run: [AVP] "D:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "D:\Programas\TuneUp Utilities 2007\MemOptimizer.exe" autostart
O8 - Extra context menu item: Add to Anti-Banner - D:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Download All Links with IDM - D:\Programas\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - D:\Programas\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programas\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programas\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~1\Spyware Doctor\tools\iesdpb.dll
O9 - Extra button: FreshDownload - {D5E1F238-64FC-47BE-AFB5-2CF02016F14F} - D:\Programas\FreshDevices\FreshDownload\fd.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - D:\Programas\Ficheiros comuns\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: D:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll
O20 - Winlogon Notify: !SASWinLogon - D:\Programas\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: klogon - D:\WINDOWS\system32\klogon.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - D:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - D:\Programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - D:\Programas\Spyware Doctor\sdhelp.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Programas\Analog Devices\SoundMAX\SMAgent.exe

#14 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:03:23 AM

Posted 27 April 2007 - 03:24 AM

Backup the registry first by doing the following.
Click on Start>Run,type regedit then press Enter.
Click on 'File' at the top,then 'Export'.
In the opening 'Export Registry File' box,place a check in 'ALL' at the bottom left.
In the 'File name:' space,type back.reg
Make sure 'Desktop' is selected in the left hand column.
Then press 'Save'.

********************************

Download RegSeeker 1.52.zip
Right click on a blank area of your desktop,click 'New'>'Folder',rename it 'RegSeeker'.
Unzip/extract RegSeeker.zip to that new folder.
Launch RegSeeker.
Click on 'Find in Registry' at the top.
In the 'Search for:' space,copy and paste:
netcmd.exe
Then press 'Search!'.
Once the search has finished,highlight any one entry with a single left click.
Then click on 'Select' at the bottom.
In the menu that pops up click on 'Select all'.
Now right click anywhere on the yellow highlighted area 'Delete selected items'.
Once they've all been deleted,search again.
Keep searching and deleting until all the netcmd.exe entries are gone.
Close the program when it's finished.

Restart your pc,post a new Hijackthis log in your next reply.
Let me know how your pc is running now please.
Posted Image
Posted Image

#15 vitpapagul

vitpapagul
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 27 April 2007 - 04:18 AM

i find 4 more entries and i have delte...i tink my pc is better...i just have a litle problem when i reboot,kaspersky dont close and xp open the tipical box to finish the prog the rest is ok.

Logfile of HijackThis v1.99.1
Scan saved at 10:08:55, on 27-04-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
D:\Programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
D:\Programas\Spyware Doctor\sdhelp.exe
D:\Programas\Analog Devices\SoundMAX\SMAgent.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\wdfmgr.exe
D:\WINDOWS\System32\alg.exe
D:\Programas\LClock\LClock.exe
D:\Programas\LClock\LClock.exe
D:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Programas\TuneUp Utilities 2007\MemOptimizer.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\taskmgr.exe
F:\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://xoomer.alice.it/principe-hechicero/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Programas\Internet Download Manager\IDMIECC.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Programas\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - D:\Programas\FreshDevices\FreshDownload\fdcatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programas\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\PROGRA~1\Spyware Doctor\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programas\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\PROGRA~1\Spyware Doctor\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Programas\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - D:\Programas\FreshDevices\FreshDownload\fdiebar.dll
O4 - HKLM\..\Run: [LClock] D:\Programas\LClock\LClock.exe
O4 - HKLM\..\Run: [AVP] "D:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "D:\Programas\TuneUp Utilities 2007\MemOptimizer.exe" autostart
O8 - Extra context menu item: Add to Anti-Banner - D:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Download All Links with IDM - D:\Programas\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - D:\Programas\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programas\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programas\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~1\Spyware Doctor\tools\iesdpb.dll
O9 - Extra button: FreshDownload - {D5E1F238-64FC-47BE-AFB5-2CF02016F14F} - D:\Programas\FreshDevices\FreshDownload\fd.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - D:\Programas\Ficheiros comuns\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: D:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll
O20 - Winlogon Notify: !SASWinLogon - D:\Programas\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: klogon - D:\WINDOWS\system32\klogon.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - D:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - D:\Programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - D:\Programas\Spyware Doctor\sdhelp.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Programas\Analog Devices\SoundMAX\SMAgent.exe




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users