djfabo 0 Denunciar post Postado Maio 13, 2008 Então galera eu axo que consegui me livrar do tal Gusano bagle chato! + como não tenho certeza e não sei ver logs aí vão eles! se puderem me ajudar ficarei grato. Hijack this: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:54:19 PM, on 5/13/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe D:\Program Files\Alwil Software\Avast4\ashServ.exe D:\WINDOWS\system32\spoolsv.exe D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe D:\Program Files\Digidesign\Drivers\MMERefresh.exe D:\WINDOWS\eHome\ehRecvr.exe D:\WINDOWS\eHome\ehSched.exe D:\WINDOWS\system32\nvsvc32.exe D:\PROGRA~1\SPYWAR~1\sp_rsser.exe D:\WINDOWS\system32\svchost.exe D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe D:\Program Files\Alwil Software\Avast4\ashWebSv.exe D:\WINDOWS\system32\dllhost.exe D:\WINDOWS\Explorer.exe D:\Program Files\DAEMON Tools\daemon.exe D:\Program Files\PowerISO\SCDEmuApp.exe D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe D:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe D:\Program Files\SyncroSoft\Pos\H2O\cledx.exe D:\WINDOWS\system32\MAFWTray.exe D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe D:\WINDOWS\system32\ctfmon.exe D:\Program Files\CamSplitter\camsplitter.exe D:\WINDOWS\System32\svchost.exe D:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe D:\WINDOWS\system32\wscntfy.exe D:\WINDOWS\system32\wuauclt.exe D:\Program Files\Windows Live\Contacts\wlcomm.exe D:\Program Files\Mozilla Firefox 3 Beta 4\firefox.exe D:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG8\avgssie.dll (file missing) O2 - BHO: FlpLauncher Class - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - D:\Program Files\E-Book Systems\FlipViewer\fplaunch.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: &Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - D:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - D:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll O4 - HKLM\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [sCDEmuApp.exe] D:\Program Files\PowerISO\SCDEmuApp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [spywareTerminator] "D:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [H2O] D:\Program Files\SyncroSoft\Pos\H2O\cledx.exe O4 - HKLM\..\Run: [MAFWTaskbarApp] D:\WINDOWS\system32\MAFWTray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - Startup: Camsplitter.lnk = D:\Program Files\CamSplitter\camsplitter.exe O8 - Extra context menu item: &Clean Traces - D:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: &Download with &DAP - D:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - D:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: Download all by Rapidown... - D:\Program Files\Rapidown\rapidownGetAll.htm O8 - Extra context menu item: Download by Rapidown... - D:\Program Files\Rapidown\rapidownGet.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send to &Bluetooth Device... - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - D:\Program Files\Rapidown\rapidown.exe O9 - Extra 'Tools' menuitem: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - D:\Program Files\Rapidown\rapidown.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG8\avgpp.dll (file missing) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: D:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - D:\Program Files\Digidesign\Drivers\MMERefresh.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - D:\PROGRA~1\SPYWAR~1\sp_rsser.exe -- End of file - 9155 bytes COMBO FIX: ComboFix 08-05-12.1 - djfabopx 2008-05-13 16:10:30.1 - NTFSx86 NETWORK Running from: D:\Documents and Settings\djfabopx\Desktop\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . D:\autorun.inf D:\WINDOWS\system32\28463 D:\WINDOWS\system32\drivers\downld D:\WINDOWS\system32\drivers\downld\100062.exe D:\WINDOWS\system32\drivers\downld\100078.exe D:\WINDOWS\system32\drivers\downld\101625.exe D:\WINDOWS\system32\drivers\downld\101828.exe D:\WINDOWS\system32\drivers\downld\103109.exe D:\WINDOWS\system32\drivers\downld\103515.exe D:\WINDOWS\system32\drivers\downld\108203.exe D:\WINDOWS\system32\drivers\downld\108593.exe D:\WINDOWS\system32\drivers\downld\110750.exe D:\WINDOWS\system32\drivers\downld\113843.exe D:\WINDOWS\system32\drivers\downld\114921.exe D:\WINDOWS\system32\drivers\downld\118234.exe D:\WINDOWS\system32\drivers\downld\123296.exe D:\WINDOWS\system32\drivers\downld\128609.exe D:\WINDOWS\system32\drivers\downld\132609.exe D:\WINDOWS\system32\drivers\downld\137875.exe D:\WINDOWS\system32\drivers\downld\137921.exe D:\WINDOWS\system32\drivers\downld\139546.exe D:\WINDOWS\system32\drivers\downld\141000.exe D:\WINDOWS\system32\drivers\downld\144312.exe D:\WINDOWS\system32\drivers\downld\147156.exe D:\WINDOWS\system32\drivers\downld\148406.exe D:\WINDOWS\system32\drivers\downld\149593.exe D:\WINDOWS\system32\drivers\downld\153375.exe D:\WINDOWS\system32\drivers\downld\154781.exe D:\WINDOWS\system32\drivers\downld\157609.exe D:\WINDOWS\system32\drivers\downld\158406.exe D:\WINDOWS\system32\drivers\downld\160093.exe D:\WINDOWS\system32\drivers\downld\173093.exe D:\WINDOWS\system32\drivers\downld\177484.exe D:\WINDOWS\system32\drivers\downld\178375.exe D:\WINDOWS\system32\drivers\downld\186656.exe D:\WINDOWS\system32\drivers\downld\200078.exe D:\WINDOWS\system32\drivers\downld\205859.exe D:\WINDOWS\system32\drivers\downld\234953.exe D:\WINDOWS\system32\drivers\downld\236015.exe D:\WINDOWS\system32\drivers\downld\236468.exe D:\WINDOWS\system32\drivers\downld\258250.exe D:\WINDOWS\system32\drivers\downld\259031.exe D:\WINDOWS\system32\drivers\downld\259328.exe D:\WINDOWS\system32\drivers\downld\271250.exe D:\WINDOWS\system32\drivers\downld\271484.exe D:\WINDOWS\system32\drivers\downld\278343.exe D:\WINDOWS\system32\drivers\downld\287187.exe D:\WINDOWS\system32\drivers\downld\30071109.exe D:\WINDOWS\system32\drivers\downld\30073937.exe D:\WINDOWS\system32\drivers\downld\30084656.exe D:\WINDOWS\system32\drivers\downld\30115781.exe D:\WINDOWS\system32\drivers\downld\30144265.exe D:\WINDOWS\system32\drivers\downld\30154421.exe D:\WINDOWS\system32\drivers\downld\30207765.exe D:\WINDOWS\system32\drivers\downld\30248765.exe D:\WINDOWS\system32\drivers\downld\30283906.exe D:\WINDOWS\system32\drivers\downld\30304859.exe D:\WINDOWS\system32\drivers\downld\308296.exe D:\WINDOWS\system32\drivers\downld\321484.exe D:\WINDOWS\system32\drivers\downld\333484.exe D:\WINDOWS\system32\drivers\downld\352046.exe D:\WINDOWS\system32\drivers\downld\361265.exe D:\WINDOWS\system32\drivers\downld\373406.exe D:\WINDOWS\system32\drivers\downld\378437.exe D:\WINDOWS\system32\drivers\downld\379859.exe D:\WINDOWS\system32\drivers\downld\382937.exe D:\WINDOWS\system32\drivers\downld\391515.exe D:\WINDOWS\system32\drivers\downld\405406.exe D:\WINDOWS\system32\drivers\downld\417531.exe D:\WINDOWS\system32\drivers\downld\82000.exe D:\WINDOWS\system32\drivers\downld\86531.exe D:\WINDOWS\system32\drivers\downld\90968.exe D:\WINDOWS\system32\drivers\downld\95015.exe D:\WINDOWS\system32\drivers\downld\98093.exe D:\WINDOWS\system32\drivers\mdelk.exe D:\WINDOWS\system32\lsprst7.dll D:\WINDOWS\system32\plugin1.dat D:\WINDOWS\system32\ssprs.dll D:\WINDOWS\system32\SysPr.prx . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SROSA ((((((((((((((((((((((((( Files Created from 2008-04-13 to 2008-05-13 ))))))))))))))))))))))))))))))) . 2008-05-13 16:16 . 2008-05-13 16:16 <DIR> d-------- D:\WINDOWS\system32\drivers\downld 2008-05-13 04:27 . 2008-05-13 04:27 1,018,520 --a------ D:\fsbl.exe 2008-05-13 04:21 . 2008-05-13 04:21 <DIR> d-------- D:\Program Files\AVG 2008-05-13 04:21 . 2008-05-13 05:25 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\avg8 2008-05-13 02:53 . 2008-05-13 02:53 <DIR> d-------- D:\Program Files\Alwil Software 2008-05-13 00:53 . 2008-05-13 02:57 <DIR> d-------- D:\SDFix 2008-05-13 00:29 . 2008-05-13 05:13 <DIR> d-------- D:\!KillBox 2008-05-12 15:18 . 2008-05-12 15:18 <DIR> d-------- D:\Program Files\PowerQuest 2008-05-11 16:27 . 2008-05-11 16:27 <DIR> d-------- D:\Documents and Settings\djfabopx\Application Data\Cycling '74 2008-05-09 18:04 . 2008-05-09 18:04 <DIR> d-------- D:\Program Files\Cycling '74 2008-05-09 18:04 . 2008-05-09 18:04 <DIR> d-------- D:\Program Files\Common Files\C74 Plug-in Support 2008-05-06 15:01 . 2008-05-06 15:01 <DIR> d-------- D:\Program Files\Common Files\Adobe AIR 2008-05-06 15:01 . 2008-05-06 15:01 <DIR> d-------- D:\Program Files\BeatportDownloader 2008-05-06 15:01 . 2008-05-06 15:01 <DIR> d-------- D:\Documents and Settings\djfabopx\Application Data\BeatportDownloader.EE670286545758FAB4A69D4439CF6054F83E0AC2.1 2008-05-05 18:30 . 2008-05-05 18:30 15 --a------ D:\WINDOWS\minih.ini 2008-05-05 18:21 . 2008-05-06 01:50 22 --a------ D:\WINDOWS\scraph.ini 2008-05-05 18:16 . 2008-05-05 18:46 1,646 --a------ D:\WINDOWS\confh.ini 2008-05-04 20:13 . 2008-05-04 20:13 <DIR> d-------- D:\Program Files\M-Audio 2008-05-04 20:13 . 2008-05-04 20:13 <DIR> d-------- D:\Documents and Settings\djfabopx\Application Data\InstallShield 2008-04-26 00:53 . 2008-05-13 03:28 <DIR> d-------- D:\Documents and Settings\djfabopx\Application Data\Waves Preferences 2008-04-26 00:53 . 2008-04-26 00:53 <DIR> d-------- D:\Documents and Settings\djfabopx\Application Data\Waves 2008-04-23 19:00 . 2008-05-13 03:35 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\Spyware Terminator 2008-04-23 18:59 . 2008-05-13 03:43 <DIR> d-------- D:\Documents and Settings\Administrator 2008-04-23 18:59 . 2008-05-13 16:10 1,024 --ah----- D:\Documents and Settings\Administrator\NTUSER.DAT.LOG 2008-04-23 15:02 . 2008-04-23 15:02 0 --ah----- D:\Documents and Settings\djfabopx\Application Data\.AC4AA152C0ADD4DD.sys 2008-04-23 14:59 . 2008-04-23 14:59 <DIR> d-------- D:\Program Files\Elastik 2008-04-23 03:20 . 2008-04-23 03:20 41 --a------ D:\WINDOWS\system32\Filzip.ini . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-13 17:30 --------- d-----w D:\Program Files\Mozilla Firefox 3 Beta 4 2008-05-13 08:23 --------- d-----w D:\Documents and Settings\All Users\Application Data\avg7 2008-05-13 06:24 --------- d-----w D:\Program Files\WinClamAVShield 2008-05-13 06:23 --------- d-----w D:\Program Files\Spyware Terminator 2008-05-13 06:23 --------- d-----w D:\Documents and Settings\djfabopx\Application Data\Spyware Terminator 2008-05-13 06:04 --------- d-----w D:\Documents and Settings\All Users\Application Data\Spyware Terminator 2008-05-13 00:14 --------- d-----w D:\Program Files\Mozilla Thunderbird 2008-05-11 19:27 --------- d-----w D:\Documents and Settings\djfabopx\Application Data\PACE Anti-Piracy 2008-05-11 19:27 --------- d-----w D:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy 2008-05-11 04:33 --------- d-----w D:\Program Files\Steam 2008-05-05 18:34 --------- d-----w D:\Program Files\Orkut Cute 2008-05-05 18:32 --------- d-----w D:\Program Files\Orkut Cute 9.4.44 2008-04-25 03:19 --------- d-----w D:\Program Files\Waves 2008-04-23 17:59 --------- d--h--w D:\Program Files\InstallShield Installation Information 2008-04-23 06:25 --------- d-----w D:\Program Files\iZotope 2008-04-20 05:38 --------- d-----w D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-04-12 19:58 --------- d-----w D:\Program Files\Tibia 2008-04-11 20:52 --------- d-----w D:\Program Files\FTP Commander 2008-04-07 03:50 --------- d-----w D:\Documents and Settings\djfabopx\Application Data\Steinberg 2008-04-03 20:24 --------- d-----w D:\Program Files\FriendBlasterPro 2008-04-03 05:15 --------- d-----w D:\Program Files\BitComet 2008-03-29 20:34 --------- d-----w D:\Program Files\WIDCOMM 2008-03-28 06:17 --------- d-----w D:\Program Files\Fantasy Codecs 2008-03-24 05:24 --------- d-----w D:\Program Files\WaveArts 2008-03-24 05:16 --------- d-----w D:\Documents and Settings\All Users\Application Data\Wave Arts 2008-03-24 05:10 --------- d-----w D:\Program Files\Rapidown 2008-03-24 00:49 --------- d-----w D:\Documents and Settings\djfabopx\Application Data\Microsoft Games 2008-03-24 00:44 --------- d-----w D:\Program Files\GameSpy Arcade 2008-03-24 00:40 --------- d-----w D:\Program Files\Microsoft Games 2008-03-24 00:37 --------- d-----w D:\Documents and Settings\djfabopx\Application Data\Skype 2008-03-23 23:47 --------- d-----w D:\Documents and Settings\djfabopx\Application Data\skypePM 2008-03-19 22:51 --------- d-----w D:\Program Files\FriendBot 2008-03-14 02:27 --------- d-----w D:\Program Files\eMule 2007-12-21 01:19 32 ----a-w D:\Documents and Settings\All Users\Application Data\ezsid.dat 2007-07-24 23:56 81,920 ----a-w D:\Documents and Settings\djfabopx\Application Data\ezpinst.exe 2007-07-24 23:56 47,360 ----a-w D:\Documents and Settings\djfabopx\Application Data\pcouffin.sys 2007-07-04 00:08 2,232,320 ----a-w D:\Program Files\Tibia.exe 2007-01-08 20:46 0 ---ha-w D:\Documents and Settings\djfabopx\Application Data\.AC4AA1524A06AB74.sys 2007-01-08 20:46 0 ---ha-w D:\Documents and Settings\djfabopx\Application Data\.AC4AA1524A06AB73.sys 2004-10-03 16:14 28,672 ----a-w D:\Program Files\jhg 2007-02-22 23:46 56 --sh--r D:\WINDOWS\system32\C1332C1D52.sys . ------- Sigcheck ------- 2006-05-10 02:25 663552 d94cffdb53e7ac867438e2dfd50e7cbc D:\WINDOWS\$hf_mig$\KB916281\SP2QFE\wininet.dll 2006-06-23 08:25 664576 64ce26db72810b30f7855ea51e1df836 D:\WINDOWS\$hf_mig$\KB918899\SP2QFE\wininet.dll 2006-09-14 05:31 664576 d207370287cf769aebebf03837784963 D:\WINDOWS\$hf_mig$\KB922760\SP2QFE\wininet.dll 2006-10-23 12:34 664576 231ef4179acabe486376b5ca893f1076 D:\WINDOWS\$hf_mig$\KB925454\SP2QFE\wininet.dll 2007-01-04 11:05 665088 3ffa1573fc274e5aa7467d03941c45ee D:\WINDOWS\$hf_mig$\KB928090\SP2QFE\wininet.dll 2007-02-20 06:52 665600 b258c922d22deec880b60720531d7627 D:\WINDOWS\$hf_mig$\KB931768\SP2QFE\wininet.dll 2007-04-18 09:46 665600 4261ba03afd659de04f0a17dfbdd454d D:\WINDOWS\$hf_mig$\KB933566\SP2QFE\wininet.dll 2007-06-26 11:35 665600 e1a3dd68b5380b360a7310a64d9bb188 D:\WINDOWS\$hf_mig$\KB937143\SP2QFE\wininet.dll 2007-08-22 09:55 665600 a1bc17eb3758d73c3938b2318820f5b4 D:\WINDOWS\$hf_mig$\KB939653\SP2QFE\wininet.dll 2007-10-11 02:57 666112 80d660a49e0d118144423099b2a9f5da D:\WINDOWS\$hf_mig$\KB942615\SP2QFE\wininet.dll 2004-08-03 23:56 656384 c0823fc5469663ba63e7db88f9919d70 D:\WINDOWS\$NtUninstallKB916281$\wininet.dll 2006-05-10 02:23 658432 38ab7a56f566d9aaad31812494944824 D:\WINDOWS\$NtUninstallKB918899$\wininet.dll 2006-06-23 08:02 658944 2b4db890936430c71419037039502752 D:\WINDOWS\$NtUninstallKB922760$\wininet.dll 2006-09-14 05:39 658944 621af3f6174a3f60677f5230e28bcc07 D:\WINDOWS\$NtUninstallKB925454$\wininet.dll 2006-10-23 12:17 658944 6b2735adff5a5d3b9130ca4a794722f0 D:\WINDOWS\$NtUninstallKB928090$\wininet.dll 2007-01-04 10:37 658944 8c393df5234cbcbff1ee31902d6b40ae D:\WINDOWS\$NtUninstallKB931768$\wininet.dll 2007-02-20 06:48 658944 30d1c47e40efbb792ff8d3c3b51ce507 D:\WINDOWS\$NtUninstallKB933566$\wininet.dll 2007-04-18 09:31 658944 b7156cd97e739f3014bc4d61758f868a D:\WINDOWS\$NtUninstallKB937143$\wininet.dll 2007-06-26 11:09 658944 184e47c8f7b331025e6dc92740db188f D:\WINDOWS\$NtUninstallKB939653$\wininet.dll 2007-08-22 10:12 658944 1901ad51da8be9f8b38d5d526e5d1788 D:\WINDOWS\$NtUninstallKB942615$\wininet.dll 2008-02-16 05:59 659456 0c690e77c0e924c45b4d7045b182fff1 D:\WINDOWS\SoftwareDistribution\Download\4f34fed83363df83031761e8fceb73ae\sp2gdr\wininet.dll 2008-02-16 06:32 666112 bb1eacd6ab47e78ebca02eb781550d55 D:\WINDOWS\SoftwareDistribution\Download\4f34fed83363df83031761e8fceb73ae\sp2qfe\wininet.dll 2007-10-11 03:13 804352 02dd11ab8c0dccd840e520cb5cb147ef D:\WINDOWS\system32\wininet.dll 2007-10-11 03:13 804352 02dd11ab8c0dccd840e520cb5cb147ef D:\WINDOWS\system32\dllcache\wininet.dll 2007-10-11 03:13 659456 2005ad86a22aee68e21ee59f9ccb77f2 D:\WINDOWS\VistaMizer\old\wininet.dll 2006-06-14 17:43 541696 73442592a30db34661bee4d70f01b0b0 D:\WINDOWS\system32\winlogon.exe 2006-06-14 17:43 502272 6e8ca4fcb30282f216f5db9dd58a5f81 D:\WINDOWS\VistaMizer\old\winlogon.exe 2005-03-01 21:36 2056832 d8aba3eab509627e707a3b14f00fbb6b D:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe 2006-12-19 13:12 2059392 ba4b97c00a437c1cc3da365d93ee1e9d D:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe 2007-02-28 06:15 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba D:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe 2004-08-10 03:32 2056832 947fb1d86d14afcffdb54bf837ec25d0 D:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe 2005-03-01 21:34 2056832 81013f36b21c7f72cf784cc6731e0002 D:\WINDOWS\$NtUninstallKB929338$\ntkrnlpa.exe 2006-12-19 09:55 2057600 1d659bfb788ed2ba45075624b748d249 D:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe 2007-02-28 05:38 2057600 515d30e2c90a3665a2739309334c9283 D:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe 2007-02-28 05:38 2314752 dec5e0d5185864e2beeef76daa3d38c2 D:\WINDOWS\system32\ntkrnlpa.exe 2007-02-28 05:38 2314752 dec5e0d5185864e2beeef76daa3d38c2 D:\WINDOWS\system32\dllcache\ntkrnlpa.exe 2007-02-28 05:38 2057600 515d30e2c90a3665a2739309334c9283 D:\WINDOWS\VistaMizer\old\ntkrnlpa.exe 2005-03-01 22:04 2179456 28187802b7c368c0d3aef7d4c382aabb D:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe 2006-12-19 13:51 2182016 cef243f6defd20be4adde26c7ecacb54 D:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe 2007-02-28 06:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 D:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe 2004-08-03 22:20 2180992 ce218bc7088681faa06633e218596ca7 D:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe 2005-03-01 21:59 2179328 4d4cf2c14550a4b7718e94a6e581856e D:\WINDOWS\$NtUninstallKB929338$\ntoskrnl.exe 2006-12-19 11:17 2180352 8f0deab1f81fb83f9c5995853ce48b9f D:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe 2007-02-28 06:10 2180352 582a8dbaa58c3b1f176eb2817daee77c D:\WINDOWS\Driver Cache\i386\ntoskrnl.exe 2007-02-28 06:10 2437504 9809aefbe836dfd733fd520a40d5f67c D:\WINDOWS\system32\ntoskrnl.exe 2007-02-28 06:10 2437504 9809aefbe836dfd733fd520a40d5f67c D:\WINDOWS\system32\dllcache\ntoskrnl.exe 2007-02-28 06:10 2180352 582a8dbaa58c3b1f176eb2817daee77c D:\WINDOWS\VistaMizer\old\ntoskrnl.exe 2007-06-13 07:23 1551360 4893afc1937e67f288983e23f36a9f48 D:\WINDOWS\explorer.exe 2007-06-13 08:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 D:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe 2004-08-03 23:56 1032192 a0732187050030ae399b241436565e64 D:\WINDOWS\$NtUninstallKB938828$\explorer.exe 2007-06-13 07:23 1551360 4893afc1937e67f288983e23f36a9f48 D:\WINDOWS\system32\dllcache\explorer.exe 2007-06-13 07:23 1033216 97bd6515465659ff8f3b7be375b2ea87 D:\WINDOWS\VistaMizer\old\explorer.exe 2004-08-03 23:56 25088 5f1724d0e11eb88c95a3b73a6dd72779 D:\WINDOWS\system32\ctfmon.exe 2004-08-03 23:56 25088 5f1724d0e11eb88c95a3b73a6dd72779 D:\WINDOWS\system32\dllcache\ctfmon.exe 2004-08-03 23:56 15360 24232996a38c0b0cf151c2140ae29fc8 D:\WINDOWS\VistaMizer\old\ctfmon.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="D:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-11-07 15:34 3739672] "ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 25088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools"="D:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 11:57 133016] "NeroFilterCheck"="D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2005-09-15 02:10 700416] "SCDEmuApp.exe"="D:\Program Files\PowerISO\SCDEmuApp.exe" [2005-10-15 22:15 167936] "SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "SpywareTerminator"="D:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe" [2008-03-05 17:14 2957824] "H2O"="D:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2005-12-18 14:18 307200] "MAFWTaskbarApp"="D:\WINDOWS\system32\MAFWTray.exe" [2007-10-24 14:37 245760] "NvCplDaemon"="D:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480] "avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-13 03:56 79224] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "AVG7_Run"="D:\PROGRA~1\Grisoft\AVG7\avgw.exe" [ ] "MySpaceIM"="D:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-01-11 22:45 4898816] D:\Documents and Settings\djfabopx\Start Menu\Programs\Startup\ Camsplitter.lnk - D:\Program Files\CamSplitter\camsplitter.exe [2007-09-20 02:29:04 86016] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= D:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= D:\WINDOWS\Resources\Themes\Royale.theme "EnableLUA"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegedit"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon] "Shell"="Explorer.exe \"\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=D:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "MSVideo9"= D:\PROGRA~1\CAMSPL~1\cs32.dll "vidc.DIVF"= DivX412.dll "vidc.avrn"= D:\PROGRA~1\ACEMEG~1\SystemS\AVIDAV~1.DLL "vidc.advj"= D:\PROGRA~1\ACEMEG~1\SystemS\AVIDAV~1.DLL "vidc.mszh"= D:\PROGRA~1\ACEMEG~1\SystemS\avimszh.dll "vidc.zlib"= D:\PROGRA~1\ACEMEG~1\SystemS\avizlib.dll "vidc.cscd"= D:\PROGRA~1\ACEMEG~1\SystemS\camcodec.dll "vidc.cvid"= D:\PROGRA~1\ACEMEG~1\SystemS\iccvid.dll "msacm.trspch"= D:\PROGRA~1\ACEMEG~1\SystemS\tssoft32.acm "vidc.em2v"= D:\PROGRA~1\ACEMEG~1\SystemS\etxcodec.dll "vidc.mkvc"= D:\PROGRA~1\ACEMEG~1\SystemS\kmvidc32.dll "vidc.hfyu"= D:\PROGRA~1\ACEMEG~1\SystemS\huffyuv.dll "msacm.lhacm"= D:\PROGRA~1\ACEMEG~1\SystemS\lhacm.acm "msacm.l3acm"= D:\PROGRA~1\ACEMEG~1\SystemS\l3codecp.acm "vidc.sjpg"= D:\PROGRA~1\ACEMEG~1\SystemS\pmjpeg32.dll "vidc.dmb2"= D:\PROGRA~1\ACEMEG~1\SystemS\pmjpeg32.dll "vidc.gepj"= D:\PROGRA~1\ACEMEG~1\SystemS\pmjpeg32.dll "vidc.qpeg"= D:\PROGRA~1\ACEMEG~1\SystemS\Qpeg32.dll "vidc.q1.0"= D:\PROGRA~1\ACEMEG~1\SystemS\Qpeg32.dll "vidc.tscc"= D:\PROGRA~1\ACEMEG~1\SystemS\tsccvid.dll "vidc.vifp"= D:\PROGRA~1\ACEMEG~1\SystemS\vfcodec.dll "vidc.wrpr"= D:\PROGRA~1\ACEMEG~1\SystemS\aviwrap.dll "vidc.wnv1"= D:\PROGRA~1\ACEMEG~1\SystemS\wnvplay1.dll "vidc.advs"= D:\PROGRA~1\ACEMEG~1\SystemS\Adaptec\Dvc.dll "vidc.aflc"= D:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\FLCCOD~1.DLL "vidc.afli"= D:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\FLCCOD~1.DLL "vidc.aasc"= D:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\Aasc32.dll "vidc.aas4"= D:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\Aasc32.dll "vidc.asv1"= D:\PROGRA~1\ACEMEG~1\SystemS\ASUS\asusasv1.dll "vidc.asv2"= D:\PROGRA~1\ACEMEG~1\SystemS\ASUS\asusasv2.dll "vidc.asvx"= D:\PROGRA~1\ACEMEG~1\SystemS\ASUS\asusasv2.dll "vidc.vcr1"= D:\PROGRA~1\ACEMEG~1\SystemS\ATI\ativcr1.dll "vidc.vcr2"= D:\PROGRA~1\ACEMEG~1\SystemS\ATI\ativcr2.dll "vidc.yv12"= D:\PROGRA~1\ACEMEG~1\SystemS\ATI\atiyuv12.DLL "vidc.mwv1"= D:\PROGRA~1\ACEMEG~1\SystemS\Aware\icmw_32.dll "vidc.bt20"= D:\PROGRA~1\ACEMEG~1\SystemS\BROOKT~1\btvvc32.drv "vidc.y41p"= D:\PROGRA~1\ACEMEG~1\SystemS\BROOKT~1\btvvc32.drv "msacm.pcdv"= D:\PROGRA~1\ACEMEG~1\SystemS\Canopus\pcdv.acm "vidc.cdvc"= D:\PROGRA~1\ACEMEG~1\SystemS\Canopus\CSCCDVC.DLL "vidc.ddvc"= D:\PROGRA~1\ACEMEG~1\SystemS\Canopus\CSCdvsd.DLL "vidc.png1"= D:\PROGRA~1\ACEMEG~1\SystemS\Core\COREPN~1.DLL "msacm.CoreFLAC_ACM"= D:\PROGRA~1\ACEMEG~1\SystemS\Core\COREFL~1.ACM "vidc.davc"= D:\PROGRA~1\ACEMEG~1\SystemS\dicas\davcvfw.dll "vidc.div3"= D:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll "vidc.div5"= D:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll "vidc.mpg3"= D:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll "vidc.div4"= D:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll "vidc.div6"= D:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll "vidc.ap41"= D:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll "vidc.dvx4"= D:\PROGRA~1\ACEMEG~1\SystemS\DivX\divx4.dll "vidc.divx"= D:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivX520.dll "msacm.divxa32"= D:\PROGRA~1\ACEMEG~1\SystemS\DivX\divxa32.acm "vidc.frwd"= D:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwd.dll "vidc.frwt"= D:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwd.dll "vidc.frwa"= D:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwt.dll "vidc.frwu"= D:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwu.dll "vidc.glzw"= D:\PROGRA~1\ACEMEG~1\SystemS\Gabest\GLZW.dll "vidc.gpeg"= D:\PROGRA~1\ACEMEG~1\SystemS\Gabest\GPEG.dll "vidc.i263"= D:\PROGRA~1\ACEMEG~1\SystemS\Intel\i263_32.drv "vidc.iv30"= D:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll "vidc.iv31"= D:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll "vidc.iv32"= D:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll "vidc.iv33"= D:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll "vidc.iv34"= D:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll "vidc.iv35"= D:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll "vidc.iv36"= D:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll "vidc.iv37"= D:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll "vidc.iv38"= D:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll "vidc.iv39"= D:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll "vidc.iv40"= D:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll "vidc.iv42"= D:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll "vidc.iv43"= D:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll "vidc.iv44"= D:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll "vidc.iv45"= D:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll "vidc.iv46"= D:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll "vidc.iv47"= D:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll "vidc.iv48"= D:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll "vidc.iv49"= D:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll "vidc.ir21"= D:\PROGRA~1\ACEMEG~1\SystemS\Intel\IR21_R.DLL "vidc.rt21"= D:\PROGRA~1\ACEMEG~1\SystemS\Intel\IR21_R.DLL "msacm.imc"= D:\PROGRA~1\ACEMEG~1\SystemS\Intel\IMC32.ACM "vidc.lead"= D:\PROGRA~1\ACEMEG~1\SystemS\LEAD\LCODCCMP.DLL "vidc.dvsd"= D:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL "vidc.dvc"= D:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL "vidc.dvcs"= D:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL "vidc.dcmj"= D:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL "vidc.avi1"= D:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL "vidc.avi2"= D:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL "msacm.msadpcm"= D:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msadp32.acm "msacm.imaadpcm"= D:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\imaadp32.acm "msacm.msg711"= D:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msg711.acm "msacm.msg723"= D:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msg723.acm "msacm.msgsm610"= D:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msgsm32.acm "vidc.m261"= D:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msh261.drv "vidc.m263"= D:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msh263.drv "vidc.mrle"= D:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msrle32.dll "vidc.msvc"= D:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msvidc32.dll "vidc.cram"= D:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msvidc32.dll "vidc.mpg4"= D:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll "vidc.mp41"= D:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll "vidc.mp42"= D:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll "vidc.mp43"= D:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll "vidc.mp4s"= D:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll "vidc.mp4v"= D:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll "vidc.wmv3"= D:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\WMV9VCM.dll "vidc.vixl"= D:\PROGRA~1\ACEMEG~1\SystemS\Miro\miroxl32.dll "vidc.nt00"= D:\PROGRA~1\ACEMEG~1\SystemS\Newtek\ntcodec.dll "vidc.vp30"= D:\PROGRA~1\ACEMEG~1\SystemS\ON2TEC~1\vp31vfw.dll "vidc.vp31"= D:\PROGRA~1\ACEMEG~1\SystemS\ON2TEC~1\vp31vfw.dll "vidc.vp60"= D:\PROGRA~1\ACEMEG~1\SystemS\ON2TEC~1\vp6vfw.dll "vidc.vp61"= D:\PROGRA~1\ACEMEG~1\SystemS\ON2TEC~1\vp6vfw.dll "vidc.pdvc"= D:\PROGRA~1\ACEMEG~1\SystemS\PANASO~1\idvcodec.dll "vidc.ipdv"= D:\PROGRA~1\ACEMEG~1\SystemS\PANASO~1\idvcodec.dll "vidc.pvw2"= D:\PROGRA~1\ACEMEG~1\SystemS\Pegasus\pvwv220.dll "vidc.pimj"= D:\PROGRA~1\ACEMEG~1\SystemS\Pegasus\pvljpg20.dll "vidc.mjpx"= D:\PROGRA~1\ACEMEG~1\SystemS\Pegasus\pvmjpg21.dll "vidc.miro"= D:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\MIRODV~1.DLL "vidc.dcap"= D:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\MIRODV~1.DLL "vidc.mjpa"= D:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\RTMJPG~1.DLL "vidc.gpjm"= D:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\RTMJPG~1.DLL "vidc.pim1"= D:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\pclepim1.dll "msacm.qmpeg"= D:\PROGRA~1\ACEMEG~1\SystemS\QDesign\qmpeg.acm "vidc.rmp4"= D:\PROGRA~1\ACEMEG~1\SystemS\REALMA~1\rmp4.dll "vidc.rud0"= D:\PROGRA~1\ACEMEG~1\SystemS\Rududu\rududu.dll "msacm.at3"= D:\PROGRA~1\ACEMEG~1\SystemS\SONY\atrac3.acm "vidc.sony"= D:\PROGRA~1\ACEMEG~1\SystemS\SONY\sonydv.dll "vidc.dvcp"= D:\PROGRA~1\ACEMEG~1\SystemS\SONY\sonydv.dll "vidc.s422"= D:\PROGRA~1\ACEMEG~1\SystemS\Tekram\tekyuv.dll "vidc.t420"= D:\PROGRA~1\ACEMEG~1\SystemS\Toshiba\tsbyuv.dll "vidc.y411"= D:\PROGRA~1\ACEMEG~1\SystemS\Toshiba\tsbyuv.dll "vidc.vssv"= D:\PROGRA~1\ACEMEG~1\SystemS\VANGUA~1\vsscodec.dll "msacm.voxacm160"= D:\PROGRA~1\ACEMEG~1\SystemS\VoxWare\vct3216.acm "vidc.xvid"= D:\PROGRA~1\ACEMEG~1\SystemS\XviD\xvidvfw.dll "msacm.l3codecp"= l3codecp.acm "Midi1"= MYokeNT.DLL [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys] @="Driver" [HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=D:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk] path=D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk backup=D:\WINDOWS\pss\Bluetooth.lnkCommon Startup [HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=D:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=D:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk] path=D:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk backup=D:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup [HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk] path=D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Google Web Accelerator.lnk backup=D:\WINDOWS\pss\Run Google Web Accelerator.lnkCommon Startup [HKLM\~\startupfolder\D:^Documents and Settings^djfabopx^Start Menu^Programs^Startup^BitComet.lnk] path=D:\Documents and Settings\djfabopx\Start Menu\Programs\Startup\BitComet.lnk backup=D:\WINDOWS\pss\BitComet.lnkStartup [HKLM\~\startupfolder\D:^Documents and Settings^djfabopx^Start Menu^Programs^Startup^Rapidown.lnk] path=D:\Documents and Settings\djfabopx\Start Menu\Programs\Startup\Rapidown.lnk backup=D:\WINDOWS\pss\Rapidown.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM] --a------ 2004-08-10 12:37 61440 D:\Program Files\AIM\aim.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6] --a------ 2007-01-09 15:58 50736 D:\Program Files\AIM6\aim6.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIMWDInstallFilename] --------- 2004-01-12 17:29 102400 D:\PROGRA~1\AIM\AIMWDI~1.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC] D:\PROGRA~1\Grisoft\AVG7\avgcc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CoolSMS] D:\Program Files\CoolSMS\CoolSMS.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-03 23:56 25088 D:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DigidesignMMERefresh] --a------ 2005-10-25 23:21 61440 D:\Program Files\Digidesign\Drivers\MMERefresh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray] --a------ 2004-08-10 04:04 59392 D:\WINDOWS\ehome\ehtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlipViewer Library] --a------ 2006-12-29 14:53 390936 D:\Program Files\E-Book Systems\FlipViewer\FlipViewerLibrary.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] --a------ 2006-08-10 00:57 169984 D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk] --a------ 2007-01-01 18:22 3739648 D:\Program Files\Google\Google Talk\googletalk.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O] --a------ 2005-12-18 14:18 307200 D:\Program Files\SyncroSoft\Pos\H2O\cledx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] D:\Program Files\Common Files\AOL\1151168913\ee\AOLHostManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a------ 2005-05-11 23:12 49152 D:\Program Files\HP\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InternetCalls] --a------ 2006-08-25 08:32 7046720 D:\Program Files\InternetCalls.com\InternetCalls\InternetCalls.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a------ 2005-08-11 16:30 249856 D:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a------ 2005-08-11 16:30 81920 D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2006-10-30 09:36 256576 D:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] D:\WINDOWS\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KOUQ Agent] D:\WINDOWS\system32\28463\KOUQ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LowRateVoip] --a------ 2006-11-07 16:05 7431736 D:\Program Files\LowRateVoip\LowRateVoip.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] D:\Program Files\MSN Messenger\MsnMsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM] --a------ 2007-01-11 22:45 4898816 D:\Program Files\MySpace\IM\MySpaceIM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2006-10-22 12:22 7700480 D:\WINDOWS\system32\NvCpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2006-10-22 12:22 86016 D:\WINDOWS\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2006-10-22 12:22 1622016 D:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb] --a------ 2007-10-07 21:18 360448 D:\Program Files\Winamp Remote\bin\OrbTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-06-29 06:24 286720 D:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScratchAmp] --a------ 2004-11-18 07:51 1363968 D:\Program Files\Stanton\FinalScratch\ScratchAmpControl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd] --a------ 2004-06-10 13:48 286720 D:\WINDOWS\vsnpstd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SparVoip] D:\Program Files\SparVoip\SparVoip.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\startkey] D:\WINDOWS\system32\svhost.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tweak UI] --a------ 2003-03-25 05:49 106544 D:\WINDOWS\system32\tweakui.cpl [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipBuster] D:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vssms32] D:\WINDOWS\system32\vssms32.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2007-10-10 02:28 36352 D:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ose"=3 (0x3) "odserv"=3 (0x3) "Viewpoint Manager Service"=2 (0x2) "WLSetupSvc"=3 (0x3) "MDM"=2 (0x2) "iPod Service"=3 (0x3) "Bonjour Service"=2 (0x2) "Pml Driver HPZ12"=2 (0x2) "digiSPTIService"=3 (0x3) "usnjsvc"=3 (0x3) "FLEXnet Licensing Service"=3 (0x3) "AVGEMS"=2 (0x2) "avg8wd"=2 (0x2) "avast! Web Scanner"=3 (0x3) "avast! Mail Scanner"=3 (0x3) "avast! Antivirus"=2 (0x2) "aswUpdSv"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "D:\\Program Files\\BitComet\\BitComet.exe"= "D:\\Program Files\\Soulseek\\slsk.exe"= "D:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "D:\\Program Files\\AIM\\aim.exe"= "D:\\Program Files\\eMule\\emule.exe"= "D:\\Program Files\\FTP Commander\\ftpcomm.exe"= "C:\\Program Files\\Neoact\\Carom3D\\update.exe"= "D:\\Program Files\\Messenger\\msmsgs.exe"= "D:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"= "D:\\Program Files\\DAP\\DAP.exe"= "D:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "D:\\Program Files\\iTunes\\iTunes.exe"= "D:\\Program Files\\Ocean Technology\\GG E-Sports Platform\\GGclient.exe"= "D:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "D:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "D:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "D:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "D:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "D:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "D:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "D:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "D:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"= "D:\\WINDOWS\\system32\\sessmgr.exe"= "D:\\Program Files\\VirtualDJ\\virtualdj_trial.exe"= "D:\\Program Files\\Steam\\steamapps\\fenix550\\counter-strike\\hl.exe"= "D:\\Program Files\\InternetCalls.com\\InternetCalls\\InternetCalls.exe"= "D:\\Program Files\\Bonjour\\mDNSResponder.exe"= "D:\\Program Files\\LowRateVoip\\LowRateVoip.exe"= "D:\\Program Files\\FX Teleport\\Configure.exe"= "D:\\Program Files\\Winamp Remote\\bin\\Orb.exe"= "D:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"= "D:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"= "D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "D:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "D:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "17781:TCP"= 17781:TCP:BitComet 17781 TCP "17781:UDP"= 17781:UDP:BitComet 17781 UDP "4662:TCP"= 4662:TCP:192.168.0.102 "4672:UDP"= 4672:UDP:192.168.0.102 R0 DigiFilter;DigiFilter;D:\WINDOWS\system32\drivers\DigiFilt.sys [2005-10-25 23:19] R1 Asapi;Asapi;D:\WINDOWS\system32\drivers\Asapi.sys [2002-04-17 20:27] R1 aswSP;avast! Self Protection;D:\WINDOWS\system32\drivers\aswSP.sys [2008-05-12 13:36] R1 oreans32;oreans32;D:\WINDOWS\system32\drivers\oreans32.sys [2007-05-02 23:00] R1 sp_rsdrv2;Spyware Terminator Driver 2;D:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-03-05 17:14] R2 aswFsBlk;aswFsBlk;D:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-12 13:38] R2 MobiCap;Fix8 Live Cam, WDM Video Capture;D:\WINDOWS\system32\DRIVERS\MobiCap.sys [2007-11-15 11:52] R3 CLEDX;Team H2O CLEDX service;D:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 20:08] R3 MAFW;MAFW;D:\WINDOWS\system32\DRIVERS\mafw.sys [2007-10-24 14:37] S3 fs2_1394;fs2_1394;D:\WINDOWS\system32\Drivers\fs2_1394.sys [2004-11-18 07:51] S3 fs2_avs;fs2_avs;D:\WINDOWS\system32\Drivers\fs2_avs.sys [2004-11-18 07:51] S3 kxwdmdrv;kX WDM Driver Service;D:\WINDOWS\system32\drivers\kx.sys [] S3 SynasUSB;SynasUSB;D:\WINDOWS\system32\drivers\SynasUSB.sys [2006-11-23 18:20] S4 avg8wd;AVG8 WatchDog;D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-13 05:25] S4 Viewpoint Manager Service;Viewpoint Manager Service;"D:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 18:38] . Contents of the 'Scheduled Tasks' folder "2008-05-10 00:56:01 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - D:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-13 16:16:01 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... D:\WINDOWS\system32\drivers\downld scan completed successfully hidden files: 1 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe D:\WINDOWS\ehome\ehRecvr.exe D:\WINDOWS\ehome\ehSched.exe D:\WINDOWS\system32\nvsvc32.exe D:\PROGRA~1\SPYWAR~1\sp_rsser.exe D:\WINDOWS\system32\dllhost.exe D:\WINDOWS\system32\wscntfy.exe D:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe D:\Program Files\Mozilla Firefox 3 Beta 4\firefox.exe . ************************************************************************** . Completion time: 2008-05-13 16:24:42 - machine was rebooted ComboFix-quarantined-files.txt 2008-05-13 19:24:14 Pre-Run: 18,043,408,384 bytes free Post-Run: 16,893,161,472 bytes free 598 --- E O F --- 2008-05-08 05:19:53 Compartilhar este post Link para o post Compartilhar em outros sites
Silas Martins 0 Denunciar post Postado Maio 16, 2008 D:\Program Files\CamSplitter\camsplitter.exe Reconhece a entrada acima como sendo de algum software de uso seu? caso sim/não comunique para poder proceder de forma correta na análise. Aguardo o retorno. Compartilhar este post Link para o post Compartilhar em outros sites
Mário Monteiro 179 Denunciar post Postado Junho 13, 2008 Tópico Arquivado Como o autor não respondeu por mais de 20 dias, o tópico foi arquivado. Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura. Compartilhar este post Link para o post Compartilhar em outros sites
