[Resolvido!] run dll bkoeqewn e vmkqyykn.dll

rodolfo josé · Julho 24, 2008

galera é o seguinte...

eu nao sei muita coisa sobre computaçao pq estou entrando agora nesse ramo agora, de uns tempos pra ca meu pc quando

eu inicio aparece duas janelas escritas rundll e escrito erro ao carregar c:windows/system32/bkoeqewn.dll nao foi possivel

encontrar o modulo especificado e abre outra ao msm tempo escrita a msm coisa só q outra dll q é a vmkqyykn!!!!

jah tentei encontrar essas dlls em alguns sites,+ nao encontrei nenhuma das duas!!!!!!!!!!

isto esta me encomodando muito pq de vez enquendo o pc fica meio lento!!!!

e estou aq pedindo um auxilio e suas experiências para poder m ajudar!!!!!

muito obrigado pela atenção de vcs!!!!!!

Boa noite! :unsure:

DigRam · Julho 24, 2008

Bom Dia! rodolfo josé

>@< Faça o download do HijackThis.

>@< Baixe-o para o Disco Local-C e estabeleça uma pasta própria para o programa.

>@< Temos como exemplo: < C:\HijackThis.exe > ou < C:\HijackThis\HijackThis.exe >

>@< Mas,não execute-o ainda!

>@< Para que o Log do HijackThis saia completo,vá em Iniciar >> Executar.

>@< Digite: msconfig >> Ok.

>@< Na janela que abrir,marque: Inicialização normal - Carregar todos os drivers de dispositivo e serviços

>@< Clique em Aplicar >> Ok.

>@< Reinicie o computador!

>@< Abra o HijackThis e clique em Do a system scan and save a logfile.

>@< Abrir-se-á um Bloco de Notas!

>@< Selecione e copie o seu conteúdo para este Tópico. Não crie outro!

Abraços!

rodolfo josé · Julho 24, 2008

Fala ai amigo!!!fiz tudo oq você mandou!!!esta ai oq estava no bloco de notas!!!!

Logfile of HijackThis v1.99.1

Scan saved at 11:28:57, on 24/7/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\CyberLink\PowerDVD8\PDVD8Serv.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\Arquivos de programas\Cyberlink\Shared Files\brs.exe

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\Explorer.EXE

C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: NavigationEnhancer - {391C0909-C026-3B63-FFDB-93FFF4E81675} - C:\Arquivos de programas\NavigationEnhancer\NavigationEnhancer-2.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL

O2 - BHO: (no name) - {A75BF87F-A88D-4EF7-9943-D64F79B26AF2} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

O2 - BHO: (no name) - {F50B3F5E-856E-4757-9BB1-B35D46CA7719} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sMSERIAL] C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [RemoteControl8] "C:\Arquivos de programas\CyberLink\PowerDVD8\PDVD8Serv.exe"

O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD8\Language\Language.exe"

O4 - HKLM\..\Run: [bDRegion] C:\Arquivos de programas\Cyberlink\Shared Files\brs.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [bMb7ac8549] Rundll32.exe "C:\WINDOWS\system32\bkoeqewn.dll",s

O4 - HKLM\..\Run: [b49fb6d5] rundll32.exe "C:\WINDOWS\system32\vmkqyykn.dll",b

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU\..\Run: [uniblue RegistryBooster 2] C:\Arquivos de programas\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

O4 - HKCU\..\Run: [uniblue SpeedUpMyPC] C:\Arquivos de programas\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s

O4 - HKCU\..\Run: [uniblue SpyEraser] "C:\Arquivos de programas\Uniblue\SpyEraser\SpyEraser.exe" -m

O4 - Startup: BrOffice.org 2.2.lnk = C:\Arquivos de programas\BrOffice.org 2.2\program\quickstart.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: hamachi.lnk = C:\Arquivos de programas\Hamachi\hamachi.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{0080E1A5-CDAA-48EA-B0A1-8D4AB113D283}: NameServer = 200.152.50.4 200.152.58.9

O17 - HKLM\System\CS1\Services\Tcpip\..\{0080E1A5-CDAA-48EA-B0A1-8D4AB113D283}: NameServer = 200.152.50.4 200.152.58.9

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O20 - AppInit_DLLs: avgrsstx.dll

O20 - Winlogon Notify: awtqpQIB - awtqpQIB.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

espero q consiga me ajudar!!!!!abraços!!!!!!e um bom dia!!!!!! :thumbsup:

DigRam · Julho 24, 2008

Bom Dia! rodolfo josé

<@> Faça o download do ComboFix.

<@> Baixe-o para o Desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e Firewall.

<@> Feche todas as janelas e execute a ferramenta!

Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.
Salve-a no Desktop,renomeada como: Kombo.exe

Ps: Nomeie durante o salvamento,e não após salvá-la!

Ps: Caso ocorra alguma mensagem de erro,rode o ComboFix em Modo de Segurança.

<@> Abrirá a janela Auto Scan. Aguarde!

<@> Digite a opção para continuar e < Enter >

<@> Aguarde a conclusão! Durante o scan,evite tocar no mouse ou teclado!

<@> Para parar ou sair do ComboFix,tecle "N".

-------------------------

<@> Poste os relatórios: C:\ComboFix.txt + Log do HJT,atualizado.

Abraços!

rodolfo josé · Julho 24, 2008

ai kra fiz tudo q você pediu!!!o do combofix ta ai:

ComboFix 08-07-23.4 - Administrador 2008-07-24 12:55:33.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1485 [GMT -3:00]

Executando de: C:\Documents and Settings\Administrador\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Arquivos de programas\ActivationManager

C:\Arquivos de programas\ActivationManager\Uninstall.exe

C:\Documents and Settings\Administrador\Meus documentos\jogos online\click-xiters\click-xiters\CCA1.4\CCA1.4\_desktop.ini

C:\Documents and Settings\Administrador\Meus documentos\jogos online\click-xiters\click-xiters\CCA1.4\CCA1.4\CCARoute\_desktop.ini

C:\Documents and Settings\Administrador\Meus documentos\jogos online\click-xiters\click-xiters\CCA1.4\CCA1.4\Config\_desktop.ini

C:\Documents and Settings\Administrador\Meus documentos\jogos online\click-xiters\click-xiters\CCA1.4\CCA1.4\Config\Ping\_desktop.ini

C:\WINDOWS\pskt.ini

C:\WINDOWS\system32\CLkRuBeg.ini

C:\WINDOWS\system32\CLkRuBeg.ini2

C:\WINDOWS\system32\nkyyqkmv.ini

.

((((((((((((((((((((((( Ficheiros criados de 2008-06-24 to 2008-07-24 ))))))))))))))))))))))))))))))))

.

2008-07-24 11:17 . 2008-07-24 11:28 <DIR> d-------- C:\hijackthis

2008-07-24 11:03 . 2008-07-24 11:03 <DIR> d-------- C:\Documents and Settings\LocalService\Menu Iniciar

2008-07-24 00:39 . 2008-07-24 00:58 <DIR> d-------- C:\Arquivos de programas\RegCure

2008-07-23 20:29 . 2008-07-23 20:29 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Uniblue

2008-07-23 14:03 . 2008-07-23 20:29 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Uniblue

2008-07-23 14:03 . 2008-07-23 20:28 <DIR> d-------- C:\Arquivos de programas\Uniblue

2008-07-20 18:27 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll

2008-07-20 18:27 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll

2008-07-20 18:27 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll

2008-07-20 18:27 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll

2008-07-20 18:27 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll

2008-07-20 18:27 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll

2008-07-20 18:27 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll

2008-07-20 18:27 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll

2008-07-19 20:04 . 2008-07-19 20:04 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-07-19 20:04 . 2008-07-19 20:04 1,409 --a------ C:\WINDOWS\QTFont.for

2008-07-10 20:50 . 2008-07-21 17:58 <DIR> d-------- C:\Arquivos de programas\WinAVI Video Converter

2008-07-10 20:50 . 2008-07-10 20:50 3,082 --a------ C:\WINDOWS\system32\affv208325p1now.sys

2008-07-06 01:39 . 2008-07-06 01:46 <DIR> d-------- C:\Arquivos de programas\AIMP2

2008-07-06 01:32 . 2000-05-22 17:58 140,488 --a------ C:\WINDOWS\system32\comdlg32.ocx

2008-07-06 01:32 . 2005-01-13 16:28 6,832 --a------ C:\WINDOWS\system32\PulseSoundTouchForVB.tlb

2008-07-03 10:20 . 2008-07-03 10:20 <DIR> d-------- C:\Arquivos de programas\WinAVI MP4 Converter

2008-07-02 23:45 . 2008-07-02 23:46 <DIR> d-------- C:\Arquivos de programas\GermaniX Transcoder

2008-07-02 23:41 . 2008-07-03 10:17 <DIR> d-------- C:\Arquivos de programas\Astonsoft

2008-06-26 22:21 . 2008-06-26 22:21 <DIR> d-------- C:\Arquivos de programas\Activision Value

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-24 14:27 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Hamachi

2008-07-24 14:27 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\BrOffice.org2

2008-07-24 14:13 --------- d-----w C:\Arquivos de programas\NavigationEnhancer

2008-07-23 21:32 --------- d-----w C:\Arquivos de programas\Windows Media Connect 2

2008-07-23 19:02 --------- d-----w C:\Arquivos de programas\Google

2008-07-23 05:02 --------- d-----w C:\Arquivos de programas\Java

2008-07-23 05:00 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-07-23 05:00 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\CyberLink

2008-07-23 05:00 --------- d-----w C:\Arquivos de programas\CyberLink

2008-07-23 05:00 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-07-23 04:58 87,608 ----a-w C:\Documents and Settings\Administrador\Dados de aplicativos\inst.exe

2008-07-23 04:58 47,360 ----a-w C:\Documents and Settings\Administrador\Dados de aplicativos\pcouffin.sys

2008-07-23 04:58 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Vso

2008-07-23 04:58 --------- d-----w C:\Arquivos de programas\DVDFab Gold 4

2008-07-20 22:44 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\LimeWire

2008-07-18 00:45 --------- d-----w C:\Arquivos de programas\Windows Live Safety Center

2008-07-04 01:36 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys

2008-07-04 01:36 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys

2008-07-04 01:36 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll

2008-06-29 14:44 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\MegauploadToolbar

2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-06-14 17:59 272,384 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-06-07 02:14 --------- d-----w C:\Arquivos de programas\LimeWire

2008-06-03 22:39 --------- d-----w C:\Arquivos de programas\Native Instruments

2008-05-31 02:06 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\AVGTOOLBAR

2008-05-07 05:15 1,292,288 ----a-w C:\WINDOWS\system32\quartz.dll

2008-04-25 20:38 29,480 ----a-w C:\WINDOWS\system32\msxml3a.dll

2008-04-07 01:18 22,328 ----a-w C:\Documents and Settings\Administrador\Dados de aplicativos\PnkBstrK.sys

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

REGEDIT4

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-08-16 16:19 5728112]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2004-10-13 13:24 1694208]

"DAEMON Tools"="C:\Arquivos de programas\DAEMON Tools\daemon.exe" [2007-08-16 08:24 167368]

"swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-04 17:33 68856]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 17:07 1828136]

"Uniblue RegistryBooster 2"="C:\Arquivos de programas\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2008-07-03 15:09 1923352]

"Uniblue SpeedUpMyPC"="C:\Arquivos de programas\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe" [2008-04-02 09:50 9442584]

"Uniblue SpyEraser"="C:\Arquivos de programas\Uniblue\SpyEraser\SpyEraser.exe" [2008-04-02 09:50 1424648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-05-10 19:03 8429568]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-05-10 19:03 81920]

"SMSERIAL"="C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-29 17:22 638976]

"HP Software Update"="C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 20:34 49152]

"NeroFilterCheck"="C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664]

"NBKeyScan"="C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]

"RemoteControl8"="C:\Arquivos de programas\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 20:23 83240]

"PDVD8LanguageShortcut"="C:\Arquivos de programas\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 11:36 50472]

"BDRegion"="C:\Arquivos de programas\Cyberlink\Shared Files\brs.exe" [2008-03-21 10:21 91432]

"AVG8_TRAY"="C:\ARQUIV~1\AVG\AVG8\avgtray.exe" [2008-07-03 22:36 1232152]

"TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2008-05-15 00:48 185896]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

"SkyTel"="SkyTel.EXE" [2006-05-16 07:04 2879488 C:\WINDOWS\SkyTel.exe]

"RTHDCPL"="RTHDCPL.EXE" [2006-12-19 00:12 16062464 C:\WINDOWS\RTHDCPL.exe]

"nwiz"="nwiz.exe" [2007-05-10 19:03 1626112 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Inicializar\

BrOffice.org 2.2.lnk - C:\Arquivos de programas\BrOffice.org 2.2\program\quickstart.exe [2007-03-31 09:58:36 393216]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Reader Speed Launch.lnk - C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]

hamachi.lnk - C:\Arquivos de programas\Hamachi\hamachi.exe [2008-03-14 21:00:30 597544]

HP Digital Imaging Monitor.lnk - C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 20:26:24 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=

"C:\\Arquivos de programas\\Ares\\Ares.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\WINDOWS\\system32\\PnkBstrA.exe"=

"C:\\WINDOWS\\system32\\PnkBstrB.exe"=

"C:\\Games\\Counter-Strike Source\\hl2.exe"=

"C:\\Arquivos de programas\\Valve\\hl.exe"=

"C:\\Arquivos de programas\\Valve\\hlds.exe"=

"C:\\Arquivos de programas\\Hamachi\\hamachi.exe"=

"C:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"C:\\Arquivos de programas\\LevelUpGames\\The Duel\\theduel.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=

"C:\\Arquivos de programas\\Arquivos comuns\\Nero\\Nero Web\\SetupX.exe"=

"C:\\Arquivos de programas\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=

"C:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"=

"C:\\Arquivos de programas\\AVG\\AVG8\\avgemc.exe"=

"C:\\Arquivos de programas\\Windows Media Player\\wmplayer.exe"=

"C:\\Arquivos de programas\\CapCom\\Lost Planet Extreme Condition\\LostPlanetDx9.exe"=

"C:\\Arquivos de programas\\Activision Value\\Soldier of Fortune Payback\\sof3.exe"=

"C:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-15 20:20]

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-03 22:36]

R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};C:\Arquivos de programas\CyberLink\PowerDVD8\000.fcl [2008-02-01 17:24]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-15 20:16]

R2 avg8emc;AVG8 E-mail Scanner;C:\ARQUIV~1\AVG\AVG8\avgemc.exe [2008-07-03 22:36]

R2 avg8wd;AVG8 WatchDog;C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe [2008-07-03 22:36]

R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-03 22:36]

S3 XDva032;XDva032;C:\WINDOWS\system32\XDva032.sys []

S3 XDva095;XDva095;C:\WINDOWS\system32\XDva095.sys []

S3 XDva120;XDva120;C:\WINDOWS\system32\XDva120.sys []

S3 XDva168;XDva168;C:\WINDOWS\system32\XDva168.sys []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{15059a26-9cb9-11dc-a0a0-001bfc6c655b}]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe

\Shell\Open(&0)\command - Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{402b62ca-c122-11dc-a125-001bfc6c655b}]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sal.xls.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bdd36f7e-317d-11dd-a26d-001bfc6c655b}]

\Shell\AutoRun\command - wscript.exe .\.vbs

\Shell\open\command - wscript.exe .\.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bdd3fbc8-c06a-11dc-a124-001bfc6c655b}]

\Shell\AutoRun\command - SVCH0ST.EXE

\Shell\explore\Command - SVCH0ST.EXE

\Shell\open\Command - SVCH0ST.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{be1ac560-9c04-11dc-a09c-001bfc6c655b}]

\Shell\AutoRun\command - uidxnpxv.exe

\Shell\explore\Command - uidxnpxv.exe

\Shell\open\Command - uidxnpxv.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd910c6a-e28c-11dc-a195-001bfc6c655b}]

\Shell\AutoRun\command - SVCH0ST.EXE

\Shell\explore\Command - SVCH0ST.EXE

\Shell\open\Command - SVCH0ST.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dea9ba92-47ad-11dd-a292-001bfc6c655b}]

\Shell\AutoRun\command - WScript.exe .\`.vbs

\Shell\open\Command - WScript.exe .\`.vbs

.

Conte£do da pasta 'Tarefas Agendadas'

"2008-07-24 16:05:15 C:\WINDOWS\Tasks\RegCure Program Check.job"

- C:\Arquivos de programas\RegCure\RegCure.exe

"2008-07-24 06:24:41 C:\WINDOWS\Tasks\RegCure.job"

- C:\Arquivos de programas\RegCure\RegCure.exe

"2008-07-23 17:51:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"

- C:\Arquivos de programas\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe

"2008-07-23 17:51:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"

- C:\Arquivos de programas\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe

"2008-07-23 23:33:57 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"

- C:\Arquivos de programas\Uniblue\SpyEraser\SpyEraser.exe

.

- - - - ORFAOS REMOVIDOS - - - -

BHO-{A75BF87F-A88D-4EF7-9943-D64F79B26AF2} - (no file)

HKLM-Run-BMb7ac8549 - C:\WINDOWS\system32\bkoeqewn.dll

HKLM-Run-b49fb6d5 - C:\WINDOWS\system32\vmkqyykn.dll

Notify-awtqpQIB - awtqpQIB.dll

.

------- Ccan Suplementar -------

.

R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s

O8 -: Add to AMV Converter...

O8 -: MediaManager tool grab multimedia file

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-24 12:59:44

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializ veis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]

"ImagePath"="\??\C:\Arquivos de programas\CyberLink\PowerDVD8\000.fcl"

.

------------------------ Outros Processos em Execu‡Æo ------------------------

.

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe

C:\Arquivos de programas\AVG\AVG8\avgrsx.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqste08.exe

.

**************************************************************************

.

Tempo para conclusÆo: 2008-07-24 13:06:02 - Maquina reiniciou

ComboFix-quarantined-files.txt 2008-07-24 16:05:57

Pre-Run: 14 pasta(s) 76,218,302,464 bytes disponíveis

Post-Run: 18 pasta(s) 76,299,440,128 bytes dispon¡veis

248 --- E O F --- 2008-07-10 03:57:14

e agora o do hijackthis:

Logfile of HijackThis v1.99.1

Scan saved at 13:11:30, on 24/7/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\CyberLink\PowerDVD8\PDVD8Serv.exe

C:\Arquivos de programas\Cyberlink\Shared Files\brs.exe

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\NOTEPAD.EXE