• Announcements

    • LS.Andy

      Support for other products than adaware, ad block, web protection and Web Companion   05/05/2017

      Support for the following products is handled by the Lavasoft support team: Lavasoft Tuneup Kit Lavasoft PC Optimizer Lavasoft Driver Updater Lavasoft Registry Tuner Lavasoft Privacy Toolbox Lavasoft File Shredder Lavasoft Digital Lock

      For help with these products, contact the support team here: http://www.lavasoft.com/support/supportcenter/
       
Sign in to follow this  
tiagoludovice

Help please i dont't know what to do more

Recommended Posts

Hi,

 

I don´t know what happened but i got some kind of spyware that i can´t get ridd of , it keeps openig very strange chinese pop-ups , i blocked some of the sites that open, these ones:

 

265dm.com

21cnyl.com

xpha.com

42.db.la/s.asp

hohomm.com/

 

 

i think it was when i was buying stuff in ebay i opened a chinese page of mp3 players

i did the cleaning whit ad-aware and it didn´t resolved my problem, i don´t know what to do.

I hope some one can help me.

Sorry the english if there are some mistakes, i´m portuguese.

this is my ad-aware log

 

 

Ad-Aware SE Build 1.06r1

Logfile Created on:sexta-feira, 12 de Janeiro de 2007 17:14:00

Created with Ad-Aware SE Personal, free for private use.

Using definitions file:SE1R143 08.01.2007

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

References detected during the scan:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

MRU List(TAC index:0):15 total references

Tracking Cookie(TAC index:3):6 total references

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Ad-Aware SE Settings

===========================

Set : Search for negligible risk entries

Set : Safe mode (always request confirmation)

Set : Scan active processes

Set : Scan registry

Set : Deep-scan registry

Set : Scan my IE Favorites for banned URLs

Set : Scan my Hosts file

 

Extended Ad-Aware SE Settings

===========================

Set : Unload recognized processes & modules during scan

Set : Scan registry for all users instead of current user only

Set : Always try to unload modules before deletion

Set : During removal, unload Explorer and IE if necessary

Set : Let Windows remove files in use at next reboot

Set : Delete quarantined objects after restoring

Set : Include basic Ad-Aware settings in log file

Set : Include additional Ad-Aware settings in log file

Set : Include reference summary in log file

Set : Include alternate data stream details in log file

Set : Play sound at scan completion if scan locates critical objects

 

 

12-01-2007 17:14:00 - Scan started. (Full System Scan)

 

MRU List Object Recognized!

Location: : C:\Documents and Settings\mar de copias\Application Data\microsoft\office\recent

Description : list of recently opened documents using microsoft office

 

 

MRU List Object Recognized!

Location: : C:\Documents and Settings\mar de copias\recent

Description : list of recently opened documents

 

 

MRU List Object Recognized!

Location: : software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct3d

 

 

MRU List Object Recognized!

Location: : software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct X

 

 

MRU List Object Recognized!

Location: : software\microsoft\directdraw\mostrecentapplication

Description : most recent application to use microsoft directdraw

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1280042623-4220892230-1406903070-1005\software\microsoft\directinput\mostrecentapplication

Description : most recent application to use microsoft directinput

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1280042623-4220892230-1406903070-1005\software\microsoft\directinput\mostrecentapplication

Description : most recent application to use microsoft directinput

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1280042623-4220892230-1406903070-1005\software\microsoft\internet explorer

Description : last download directory used in microsoft internet explorer

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1280042623-4220892230-1406903070-1005\software\microsoft\internet explorer\typedurls

Description : list of recently entered addresses in microsoft internet explorer

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1280042623-4220892230-1406903070-1005\software\microsoft\office\11.0\powerpoint\recent file list

Description : list of recent files used by microsoft powerpoint

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1280042623-4220892230-1406903070-1005\software\microsoft\search assistant\acmru

Description : list of recent search terms used with the search assistant

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1280042623-4220892230-1406903070-1005\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru

Description : list of recent programs opened

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1280042623-4220892230-1406903070-1005\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru

Description : list of recently saved files, stored according to file extension

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1280042623-4220892230-1406903070-1005\software\microsoft\windows\currentversion\explorer\recentdocs

Description : list of recent documents opened

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1280042623-4220892230-1406903070-1005\software\microsoft\windows media\wmsdk\general

Description : windows media sdk

 

 

Listing running processes

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

#:1 [smss.exe]

FilePath : \SystemRoot\System32\

ProcessID : 472

ThreadCreationTime : 12-01-2007 9:44:56

BasePriority : Normal

 

 

#:2 [csrss.exe]

FilePath : \??\C:\WINDOWS\system32\

ProcessID : 520

ThreadCreationTime : 12-01-2007 9:44:58

BasePriority : Normal

 

 

#:3 [winlogon.exe]

FilePath : \??\C:\WINDOWS\system32\

ProcessID : 544

ThreadCreationTime : 12-01-2007 9:44:59

BasePriority : High

 

 

#:4 [services.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 588

ThreadCreationTime : 12-01-2007 9:44:59

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Sistema operativo Microsoft® Windows®

CompanyName : Microsoft Corporation

FileDescription : Aplicação de serviços e controlo

InternalName : services.exe

LegalCopyright : © Microsoft Corporation. Todos os direitos reservados.

OriginalFilename : services.exe

 

#:5 [lsass.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 600

ThreadCreationTime : 12-01-2007 9:44:59

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : LSA Shell (Export Version)

InternalName : lsass.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : lsass.exe

 

#:6 [ati2evxx.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 748

ThreadCreationTime : 12-01-2007 9:45:02

BasePriority : Normal

 

 

#:7 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 760

ThreadCreationTime : 12-01-2007 9:45:02

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:8 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 832

ThreadCreationTime : 12-01-2007 9:45:02

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:9 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 952

ThreadCreationTime : 12-01-2007 9:45:02

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:10 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 992

ThreadCreationTime : 12-01-2007 9:45:02

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:11 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1060

ThreadCreationTime : 12-01-2007 9:45:03

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:12 [ati2evxx.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1320

ThreadCreationTime : 12-01-2007 9:45:04

BasePriority : Normal

 

 

#:13 [spoolsv.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1440

ThreadCreationTime : 12-01-2007 9:45:05

BasePriority : Normal

FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)

ProductVersion : 5.1.2600.2696

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Spooler SubSystem App

InternalName : spoolsv.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : spoolsv.exe

 

#:14 [explorer.exe]

FilePath : C:\WINDOWS\

ProcessID : 1488

ThreadCreationTime : 12-01-2007 9:45:06

BasePriority : Normal

FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 6.00.2900.2180

ProductName : Sistema operativo Microsoft® Windows®

CompanyName : Microsoft Corporation

FileDescription : Explorador do Windows

InternalName : explorer

LegalCopyright : © Microsoft Corporation. Todos os direitos reservados.

OriginalFilename : EXPLORER.EXE

 

#:15 [rundll32.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1744

ThreadCreationTime : 12-01-2007 9:45:10

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Sistema operativo Microsoft® Windows®

CompanyName : Microsoft Corporation

FileDescription : Executar uma DLL como uma aplicação

InternalName : rundll

LegalCopyright : © Microsoft Corporation. Todos os direitos reservados.

OriginalFilename : RUNDLL.EXE

 

#:16 [atiptaxx.exe]

FilePath : C:\windows\ATI Technologies\ATI Control Panel\

ProcessID : 1756

ThreadCreationTime : 12-01-2007 9:45:10

BasePriority : Normal

FileVersion : 6.14.10.5071

ProductVersion : 6.14.10.5071

ProductName : ATI Desktop Component

CompanyName : ATI Technologies, Inc.

FileDescription : ATI Desktop Control Panel

InternalName : Atiptaxx.exe

LegalCopyright : Copyright © 1998-2002 ATI Technologies Inc.

OriginalFilename : Atiptaxx.exe

 

#:17 [dragdiag.exe]

FilePath : C:\Programas\Alcatel\SpeedTouch USB\

ProcessID : 1764

ThreadCreationTime : 12-01-2007 9:45:10

BasePriority : Normal

FileVersion : 200.7.0.0

ProductVersion : 200.7.0.0

ProductName : SpeedTouch USB

CompanyName : THOMSON multimedia

FileDescription : SpeedTouch Statistics

LegalCopyright : Copyright© THOMSON multimedia 1999-2002

 

#:18 [jusched.exe]

FilePath : C:\Programas\Java\jre1.5.0_09\bin\

ProcessID : 1788

ThreadCreationTime : 12-01-2007 9:45:10

BasePriority : Normal

 

 

#:19 [qttask.exe]

FilePath : C:\Programas\QuickTime\

ProcessID : 1820

ThreadCreationTime : 12-01-2007 9:45:11

BasePriority : Normal

FileVersion : 6.4

ProductVersion : QuickTime 6.4

ProductName : QuickTime

CompanyName : Apple Computer, Inc.

InternalName : QuickTime Task

LegalCopyright : © Apple Computer, Inc. 2001-2003

OriginalFilename : QTTask.exe

 

#:20 [msascui.exe]

FilePath : C:\Programas\Windows Defender\

ProcessID : 1832

ThreadCreationTime : 12-01-2007 9:45:11

BasePriority : Normal

FileVersion : 1.1.1593.0

ProductVersion : 1.1.1593.0

ProductName : Windows Defender

CompanyName : Microsoft Corporation

FileDescription : Windows Defender User Interface

InternalName : MSASCUI

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : MSASCUI.exe

 

#:21 [msnmsgr.exe]

FilePath : C:\Programas\MSN Messenger\

ProcessID : 1840

ThreadCreationTime : 12-01-2007 9:45:11

BasePriority : Normal

FileVersion : 7.5.0311

ProductVersion : 7.5.0311

ProductName : MSN Messenger

CompanyName : Microsoft Corporation

FileDescription : MSN Messenger

InternalName : msnmsgr

LegalCopyright : Copyright © Microsoft Corporation 1997-2004

LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.

OriginalFilename : msnmsgr.exe

 

#:22 [drvmon.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1852

ThreadCreationTime : 12-01-2007 9:45:11

BasePriority : Normal

FileVersion : 1, 0, 0, 9

ProductVersion : 1, 0, 0, 9

ProductName : Alcor Micro, Corp. Drive Monitor

CompanyName : Alcor Micro, Corp.

FileDescription : Drive Monitor

InternalName : Drive Monitor

LegalCopyright : Copyright c 2003 Alcor Micro, Corp.

OriginalFilename : Monitor.exe

 

#:23 [ctfmon.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1868

ThreadCreationTime : 12-01-2007 9:45:11

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : CTF Loader

InternalName : CTFMON

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : CTFMON.EXE

 

#:24 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 184

ThreadCreationTime : 12-01-2007 9:45:14

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:25 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 236

ThreadCreationTime : 12-01-2007 9:45:14

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:26 [wdfmgr.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 276

ThreadCreationTime : 12-01-2007 9:45:15

BasePriority : Normal

FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)

ProductVersion : 5.2.3790.1230

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Windows User Mode Driver Manager

InternalName : WdfMgr

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : WdfMgr.exe

 

#:27 [lsass.exe]

FilePath : C:\WINDOWS\system32\com\

ProcessID : 344

ThreadCreationTime : 12-01-2007 9:45:15

BasePriority : Normal

 

 

#:28 [smss.exe]

FilePath : C:\WINDOWS\system32\com\

ProcessID : 300

ThreadCreationTime : 12-01-2007 9:45:16

BasePriority : Normal

FileVersion : 1.00

ProductVersion : 1.00

ProductName : smss

InternalName : smss

OriginalFilename : smss.exe

 

#:29 [winamp.exe]

FilePath : C:\Programas\Winamp\

ProcessID : 2424

ThreadCreationTime : 12-01-2007 10:09:03

BasePriority : Normal

FileVersion : 5.02

ProductVersion : 5.02

ProductName : Winamp

CompanyName : Nullsoft

FileDescription : Winamp

InternalName : WINAMP

LegalCopyright : Copyright © 1997-2004, Nullsoft, Inc.

LegalTrademarks : Nullsoft and Winamp are trademarks of Nullsoft, Inc.

OriginalFilename : Winamp.exe

Comments : Visit http://www.winamp.com/ for updates.

 

#:30 [iexplore.exe]

FilePath : C:\Programas\Internet Explorer\

ProcessID : 2660

ThreadCreationTime : 12-01-2007 15:35:28

BasePriority : Normal

FileVersion : 7.00.5450.4 (winmain(wmbla).060623-0309)

ProductVersion : 7.00.5450.4

ProductName : Windows® Internet Explorer

CompanyName : Microsoft Corporation

FileDescription : Internet Explorer

InternalName : iexplore

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : IEXPLORE.EXE

 

#:31 [msmpeng.exe]

FilePath : C:\Programas\Windows Defender\

ProcessID : 2380

ThreadCreationTime : 12-01-2007 16:20:19

BasePriority : Normal

FileVersion : 1.1.1593.0

ProductVersion : 1.1.1593.0

ProductName : Windows Defender

CompanyName : Microsoft Corporation

FileDescription : Service Executable

InternalName : MsMpEng.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : MsMpEng.exe

 

#:32 [hpqthb08.exe]

FilePath : C:\Programas\Hewlett-Packard\Digital Imaging\bin\

ProcessID : 2276

ThreadCreationTime : 12-01-2007 16:31:55

BasePriority : Normal

FileVersion : 4.2.0.138

ProductVersion : 002.000.000.138

ProductName : hp digital imaging - hp all-in-one series

CompanyName : Hewlett-Packard Co.

FileDescription : HP Photo & Imaging Gallery

InternalName : HPOTHB08

LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2001

OriginalFilename : HPOTHB08.EXE

Comments : HP Photo & Imaging Gallery

 

#:33 [wisptis.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 2356

ThreadCreationTime : 12-01-2007 16:35:38

BasePriority : High

FileVersion : 1.0.2201.0 (xpsp1.020820-1800)

ProductVersion : 1.0.2201.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Microsoft Tablet PC Platform Component

InternalName : WISPTIS.EXE

LegalCopyright : Copyright © 1998-2002 Microsoft Corporation.

OriginalFilename : WISPTIS.EXE

 

#:34 [winword.exe]

FilePath : C:\Program Files\Office\OFFICE11\

ProcessID : 1904

ThreadCreationTime : 12-01-2007 16:50:10

BasePriority : Normal

 

 

#:35 [ad-aware.exe]

FilePath : C:\Programas\Lavasoft\Ad-Aware SE Personal\

ProcessID : 3296

ThreadCreationTime : 12-01-2007 17:11:29

BasePriority : Normal

FileVersion : 6.2.0.236

ProductVersion : SE 106

ProductName : Lavasoft Ad-Aware SE

CompanyName : Lavasoft Sweden

FileDescription : Ad-Aware SE Core application

InternalName : Ad-Aware.exe

LegalCopyright : Copyright © Lavasoft AB Sweden

OriginalFilename : Ad-Aware.exe

Comments : All Rights Reserved

 

Memory scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 15

 

 

Started registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Registry Scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 15

 

 

Started deep registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Deep registry scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 15

 

 

Started Tracking Cookie scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:11

Value : Cookie:mar de [email protected]/

Expires : 11-01-2009 10:25:00

LastSync : Hits:11

UseCount : 0

Hits : 11

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:1

Value : Cookie:mar de [email protected]/

Expires : 11-01-2012

LastSync : Hits:1

UseCount : 0

Hits : 1

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:1

Value : Cookie:mar de [email protected]/

Expires : 22-06-2009

LastSync : Hits:1

UseCount : 0

Hits : 1

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:3

Value : Cookie:mar de [email protected]/

Expires : 11-01-2012 9:56:40

LastSync : Hits:3

UseCount : 0

Hits : 3

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:6

Value : Cookie:mar de [email protected]/

Expires : 11-01-2010 10:24:56

LastSync : Hits:6

UseCount : 0

Hits : 6

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:10

Value : Cookie:mar de [email protected]/

Expires : 30-12-2037 16:00:00

LastSync : Hits:10

UseCount : 0

Hits : 10

 

Tracking cookie scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 6

Objects found so far: 21

 

 

 

Deep scanning and examining files (C:)

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Disk Scan Result for C:\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 21

 

 

Scanning Hosts file......

Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Hosts file scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

1 entries scanned.

New critical objects:0

Objects found so far: 21

 

 

 

 

Performing conditional scans...

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Conditional scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 21

 

17:40:47 Scan Complete

 

Summary Of This Scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Total scanning time:00:26:46.630

Objects scanned:243307

Objects identified:6

Objects ignored:0

New critical objects:6

 

Thanks for your help

Share this post


Link to post
Share on other sites

Sorry i Forgot the hijackthis log

 

So this is my new ad-aware log and may hijackthis log, thanks a lot for your help.

 

 

Ad-Aware SE Build 1.06r1

Logfile Created on:terça-feira, 16 de Janeiro de 2007 10:57:44

Created with Ad-Aware SE Personal, free for private use.

Using definitions file:SE1R144 15.01.2007

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

References detected during the scan:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

MRU List(TAC index:0):15 total references

Tracking Cookie(TAC index:3):13 total references

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Ad-Aware SE Settings

===========================

Set : Search for negligible risk entries

Set : Safe mode (always request confirmation)

Set : Scan active processes

Set : Scan registry

Set : Deep-scan registry

Set : Scan my IE Favorites for banned URLs

Set : Scan my Hosts file

 

Extended Ad-Aware SE Settings

===========================

Set : Unload recognized processes & modules during scan

Set : Scan registry for all users instead of current user only

Set : Always try to unload modules before deletion

Set : During removal, unload Explorer and IE if necessary

Set : Let Windows remove files in use at next reboot

Set : Delete quarantined objects after restoring

Set : Include basic Ad-Aware settings in log file

Set : Include additional Ad-Aware settings in log file

Set : Include reference summary in log file

Set : Include alternate data stream details in log file

Set : Play sound at scan completion if scan locates critical objects

 

 

16-01-2007 10:57:44 - Scan started. (Full System Scan)

 

MRU List Object Recognized!

Location: : C:\Documents and Settings\mar de copias\Application Data\microsoft\office\recent

Description : list of recently opened documents using microsoft office

 

 

MRU List Object Recognized!

Location: : C:\Documents and Settings\mar de copias\recent

Description : list of recently opened documents

 

 

MRU List Object Recognized!

Location: : software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct3d

 

 

MRU List Object Recognized!

Location: : software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct X

 

 

MRU List Object Recognized!

Location: : software\microsoft\directdraw\mostrecentapplication

Description : most recent application to use microsoft directdraw

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1280042623-4220892230-1406903070-1005\software\microsoft\directinput\mostrecentapplication

Description : most recent application to use microsoft directinput

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1280042623-4220892230-1406903070-1005\software\microsoft\directinput\mostrecentapplication

Description : most recent application to use microsoft directinput

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1280042623-4220892230-1406903070-1005\software\microsoft\internet explorer

Description : last download directory used in microsoft internet explorer

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1280042623-4220892230-1406903070-1005\software\microsoft\internet explorer\typedurls

Description : list of recently entered addresses in microsoft internet explorer

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1280042623-4220892230-1406903070-1005\software\microsoft\office\11.0\powerpoint\recent file list

Description : list of recent files used by microsoft powerpoint

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1280042623-4220892230-1406903070-1005\software\microsoft\search assistant\acmru

Description : list of recent search terms used with the search assistant

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1280042623-4220892230-1406903070-1005\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru

Description : list of recent programs opened

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1280042623-4220892230-1406903070-1005\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru

Description : list of recently saved files, stored according to file extension

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1280042623-4220892230-1406903070-1005\software\microsoft\windows\currentversion\explorer\recentdocs

Description : list of recent documents opened

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1280042623-4220892230-1406903070-1005\software\microsoft\windows media\wmsdk\general

Description : windows media sdk

 

 

Listing running processes

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

#:1 [smss.exe]

FilePath : \SystemRoot\System32\

ProcessID : 472

ThreadCreationTime : 16-01-2007 9:41:00

BasePriority : Normal

 

 

#:2 [csrss.exe]

FilePath : \??\C:\WINDOWS\system32\

ProcessID : 520

ThreadCreationTime : 16-01-2007 9:41:02

BasePriority : Normal

 

 

#:3 [winlogon.exe]

FilePath : \??\C:\WINDOWS\system32\

ProcessID : 544

ThreadCreationTime : 16-01-2007 9:41:03

BasePriority : High

 

 

#:4 [services.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 588

ThreadCreationTime : 16-01-2007 9:41:03

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Sistema operativo Microsoft® Windows®

CompanyName : Microsoft Corporation

FileDescription : Aplicação de serviços e controlo

InternalName : services.exe

LegalCopyright : © Microsoft Corporation. Todos os direitos reservados.

OriginalFilename : services.exe

 

#:5 [lsass.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 600

ThreadCreationTime : 16-01-2007 9:41:03

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : LSA Shell (Export Version)

InternalName : lsass.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : lsass.exe

 

#:6 [ati2evxx.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 752

ThreadCreationTime : 16-01-2007 9:41:06

BasePriority : Normal

 

 

#:7 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 764

ThreadCreationTime : 16-01-2007 9:41:06

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:8 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 824

ThreadCreationTime : 16-01-2007 9:41:06

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:9 [msmpeng.exe]

FilePath : C:\Programas\Windows Defender\

ProcessID : 904

ThreadCreationTime : 16-01-2007 9:41:06

BasePriority : Normal

FileVersion : 1.1.1593.0

ProductVersion : 1.1.1593.0

ProductName : Windows Defender

CompanyName : Microsoft Corporation

FileDescription : Service Executable

InternalName : MsMpEng.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : MsMpEng.exe

 

#:10 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 944

ThreadCreationTime : 16-01-2007 9:41:06

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:11 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 980

ThreadCreationTime : 16-01-2007 9:41:07

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:12 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1140

ThreadCreationTime : 16-01-2007 9:41:07

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:13 [ati2evxx.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1300

ThreadCreationTime : 16-01-2007 9:41:08

BasePriority : Normal

 

 

#:14 [spoolsv.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1436

ThreadCreationTime : 16-01-2007 9:41:09

BasePriority : Normal

FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)

ProductVersion : 5.1.2600.2696

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Spooler SubSystem App

InternalName : spoolsv.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : spoolsv.exe

 

#:15 [explorer.exe]

FilePath : C:\WINDOWS\

ProcessID : 1496

ThreadCreationTime : 16-01-2007 9:41:10

BasePriority : Normal

FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 6.00.2900.2180

ProductName : Sistema operativo Microsoft® Windows®

CompanyName : Microsoft Corporation

FileDescription : Explorador do Windows

InternalName : explorer

LegalCopyright : © Microsoft Corporation. Todos os direitos reservados.

OriginalFilename : EXPLORER.EXE

 

#:16 [rundll32.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1748

ThreadCreationTime : 16-01-2007 9:41:14

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Sistema operativo Microsoft® Windows®

CompanyName : Microsoft Corporation

FileDescription : Executar uma DLL como uma aplicação

InternalName : rundll

LegalCopyright : © Microsoft Corporation. Todos os direitos reservados.

OriginalFilename : RUNDLL.EXE

 

#:17 [atiptaxx.exe]

FilePath : C:\windows\ATI Technologies\ATI Control Panel\

ProcessID : 1756

ThreadCreationTime : 16-01-2007 9:41:14

BasePriority : Normal

FileVersion : 6.14.10.5071

ProductVersion : 6.14.10.5071

ProductName : ATI Desktop Component

CompanyName : ATI Technologies, Inc.

FileDescription : ATI Desktop Control Panel

InternalName : Atiptaxx.exe

LegalCopyright : Copyright © 1998-2002 ATI Technologies Inc.

OriginalFilename : Atiptaxx.exe

 

#:18 [dragdiag.exe]

FilePath : C:\Programas\Alcatel\SpeedTouch USB\

ProcessID : 1764

ThreadCreationTime : 16-01-2007 9:41:14

BasePriority : Normal

FileVersion : 200.7.0.0

ProductVersion : 200.7.0.0

ProductName : SpeedTouch USB

CompanyName : THOMSON multimedia

FileDescription : SpeedTouch Statistics

LegalCopyright : Copyright© THOMSON multimedia 1999-2002

 

#:19 [jusched.exe]

FilePath : C:\Programas\Java\jre1.5.0_09\bin\

ProcessID : 1796

ThreadCreationTime : 16-01-2007 9:41:14

BasePriority : Normal

 

 

#:20 [qttask.exe]

FilePath : C:\Programas\QuickTime\

ProcessID : 1804

ThreadCreationTime : 16-01-2007 9:41:14

BasePriority : Normal

FileVersion : 6.4

ProductVersion : QuickTime 6.4

ProductName : QuickTime

CompanyName : Apple Computer, Inc.

InternalName : QuickTime Task

LegalCopyright : © Apple Computer, Inc. 2001-2003

OriginalFilename : QTTask.exe

 

#:21 [msascui.exe]

FilePath : C:\Programas\Windows Defender\

ProcessID : 1828

ThreadCreationTime : 16-01-2007 9:41:15

BasePriority : Normal

FileVersion : 1.1.1593.0

ProductVersion : 1.1.1593.0

ProductName : Windows Defender

CompanyName : Microsoft Corporation

FileDescription : Windows Defender User Interface

InternalName : MSASCUI

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : MSASCUI.exe

 

#:22 [msnmsgr.exe]

FilePath : C:\Programas\MSN Messenger\

ProcessID : 1840

ThreadCreationTime : 16-01-2007 9:41:15

BasePriority : Normal

FileVersion : 7.5.0311

ProductVersion : 7.5.0311

ProductName : MSN Messenger

CompanyName : Microsoft Corporation

FileDescription : MSN Messenger

InternalName : msnmsgr

LegalCopyright : Copyright © Microsoft Corporation 1997-2004

LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.

OriginalFilename : msnmsgr.exe

 

#:23 [drvmon.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1860

ThreadCreationTime : 16-01-2007 9:41:15

BasePriority : Normal

FileVersion : 1, 0, 0, 9

ProductVersion : 1, 0, 0, 9

ProductName : Alcor Micro, Corp. Drive Monitor

CompanyName : Alcor Micro, Corp.

FileDescription : Drive Monitor

InternalName : Drive Monitor

LegalCopyright : Copyright c 2003 Alcor Micro, Corp.

OriginalFilename : Monitor.exe

 

#:24 [ctfmon.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1872

ThreadCreationTime : 16-01-2007 9:41:15

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : CTF Loader

InternalName : CTFMON

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : CTFMON.EXE

 

#:25 [lsass.exe]

FilePath : C:\WINDOWS\system32\com\

ProcessID : 164

ThreadCreationTime : 16-01-2007 9:41:18

BasePriority : Normal

 

 

#:26 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 196

ThreadCreationTime : 16-01-2007 9:41:18

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:27 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 252

ThreadCreationTime : 16-01-2007 9:41:19

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:28 [wdfmgr.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 356

ThreadCreationTime : 16-01-2007 9:41:19

BasePriority : Normal

FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)

ProductVersion : 5.2.3790.1230

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Windows User Mode Driver Manager

InternalName : WdfMgr

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : WdfMgr.exe

 

#:29 [smss.exe]

FilePath : C:\WINDOWS\system32\com\

ProcessID : 880

ThreadCreationTime : 16-01-2007 9:41:22

BasePriority : Normal

FileVersion : 1.00

ProductVersion : 1.00

ProductName : smss

InternalName : smss

OriginalFilename : smss.exe

 

#:30 [iexplore.exe]

FilePath : C:\Programas\Internet Explorer\

ProcessID : 2508

ThreadCreationTime : 16-01-2007 10:54:27

BasePriority : Normal

FileVersion : 7.00.5450.4 (winmain(wmbla).060623-0309)

ProductVersion : 7.00.5450.4

ProductName : Windows® Internet Explorer

CompanyName : Microsoft Corporation

FileDescription : Internet Explorer

InternalName : iexplore

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : IEXPLORE.EXE

 

#:31 [ad-aware.exe]

FilePath : C:\Programas\Lavasoft\Ad-Aware SE Personal\

ProcessID : 3216

ThreadCreationTime : 16-01-2007 10:55:16

BasePriority : Normal

FileVersion : 6.2.0.236

ProductVersion : SE 106

ProductName : Lavasoft Ad-Aware SE

CompanyName : Lavasoft Sweden

FileDescription : Ad-Aware SE Core application

InternalName : Ad-Aware.exe

LegalCopyright : Copyright © Lavasoft AB Sweden

OriginalFilename : Ad-Aware.exe

Comments : All Rights Reserved

 

Memory scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 15

 

 

Started registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Registry Scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 15

 

 

Started deep registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Deep registry scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 15

 

 

Started Tracking Cookie scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:8

Value : Cookie:mar de [email protected]/

Expires : 11-01-2009 21:26:34

LastSync : Hits:8

UseCount : 0

Hits : 8

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:1

Value : Cookie:mar de [email protected]/

Expires : 13-01-2007 18:12:26

LastSync : Hits:1

UseCount : 0

Hits : 1

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:9

Value : Cookie:mar de [email protected]/

Expires : 12-01-2012

LastSync : Hits:9

UseCount : 0

Hits : 9

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:4

Value : Cookie:mar de [email protected]/

Expires : 12-01-2012 15:01:06

LastSync : Hits:4

UseCount : 0

Hits : 4

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:1

Value : Cookie:mar de [email protected]/

Expires : 22-06-2009

LastSync : Hits:1

UseCount : 0

Hits : 1

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:25

Value : Cookie:mar de [email protected]/

Expires : 12-01-2012 17:36:34

LastSync : Hits:25

UseCount : 0

Hits : 25

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:17

Value : Cookie:mar de [email protected]/

Expires : 11-01-2010 21:24:56

LastSync : Hits:17

UseCount : 0

Hits : 17

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:5

Value : Cookie:mar de [email protected]/

Expires : 12-01-2017 15:02:28

LastSync : Hits:5

UseCount : 0

Hits : 5

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:2

Value : Cookie:mar de [email protected]/

Expires : 12-01-2009 17:09:36

LastSync : Hits:2

UseCount : 0

Hits : 2

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:5

Value : Cookie:mar de [email protected]/

Expires : 10-01-2029

LastSync : Hits:5

UseCount : 0

Hits : 5

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected]adbureau[1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:1

Value : Cookie:mar de [email protected]/

Expires : 28-02-2008

LastSync : Hits:1

UseCount : 0

Hits : 1

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:1

Value : Cookie:mar de [email protected]/

Expires : 13-01-2017 10:48:56

LastSync : Hits:1

UseCount : 0

Hits : 1

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:23

Value : Cookie:mar de [email protected]/

Expires : 30-12-2037 16:00:00

LastSync : Hits:23

UseCount : 0

Hits : 23

 

Tracking cookie scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 13

Objects found so far: 28

 

 

 

Deep scanning and examining files (C:)

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Disk Scan Result for C:\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 28

 

 

Scanning Hosts file......

Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Hosts file scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

1 entries scanned.

New critical objects:0

Objects found so far: 28

 

 

 

 

Performing conditional scans...

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Conditional scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 28

 

11:21:47 Scan Complete

 

Summary Of This Scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Total scanning time:00:24:03.95

Objects scanned:245965

Objects identified:13

Objects ignored:0

New critical objects:13

 

Hijackthis log:

 

Logfile of HijackThis v1.99.1

Scan saved at 11:37:46, on 16-01-2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5450.0004)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\rundll32.exe

C:\windows\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Programas\Alcatel\SpeedTouch USB\Dragdiag.exe

C:\Programas\Java\jre1.5.0_09\bin\jusched.exe

C:\Programas\QuickTime\qttask.exe

C:\Programas\Windows Defender\MSASCui.exe

C:\Programas\MSN Messenger\msnmsgr.exe

C:\WINDOWS\system32\DrvMon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\com\lsass.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\com\smss.exe

C:\Programas\Internet Explorer\iexplore.exe

C:\Program Files\Office\OFFICE11\WINWORD.EXE

C:\Documents and Settings\mar de copias\Os meus documentos\downloads\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sapo.pt/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=552...cid={SUB_CLCID}

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.5.0_09\bin\ssv.dll

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [ATIPTA] C:\windows\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Programas\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Windows Defender] "C:\Programas\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE

O4 - HKCU\..\Run: [msnmsgr] "C:\Programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [updateMgr] "C:\Programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1

O4 - Startup: ~(2).pif = ?

O8 - Extra context menu item: &Search - http://kc.bar.need2find.com/KC/menusearch.html?p=KC

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\Office\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\Office\OFFICE11\REFIEBAR.DLL

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: START_PAGE_URL=http://www.citydesk.pt

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{75FA91C8-1BB4-4181-ACF4-E4810D9894B1}: NameServer = 195.23.129.126 194.79.69.222

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programas\Ficheiros comuns\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programas\Ficheiros comuns\Macromedia Shared\Service\Macromedia Licensing.exe

 

 

 

Thanks for your help

Share this post


Link to post
Share on other sites

Hi,tiagoludovice

 

 

Download The Avenger Copyright © Swandog46

You must extract avenger.exe to your desktop, before you run it.

 

CLOSE ALL WINDOWS (even this one) AND PROGRAMS!!!!

 

 

Copy all the text contained in the code box below to your Clipboard.

NOTE: don't copy the word quote

 

Files to delete:

C:\WINDOWS\system32\com\lsass.exe

C:\WINDOWS\system32\com\smss.exe

 

The above script is for this user only, if you need help please start your own thread.

 

Start the Avenger.

Under "Script file to execute" choose "Input Script Manually".

Click on the Magnifying Glass icon which will open a new window titled "View/edit script".

Paste the entire text in into this window.

Click done, now click on the Green Light

Answer "Yes" twice when prompted.

Your computer shoud reboot, and briefly open a black command window on your desktop, this is normal.

 

After the restart, it will create a log file that should open.

This log file will be located at C:\avenger.txt

 

Paste the contents of C:\avenger.txt into your reply along with a fresh HijackThis! log.

 

Also: Avenger has made backups of all the files, etc., that you asked it to delete, located at C:\avenger\backup.zip.

 

 

================

 

Please download ComboFix and save it to your desktop.

 

Double click combofix.exe and follow the prompts.

 

When it's done running it will produce a log for you. Please post that log in your next reply.

 

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

 

Gogo ;)

Share this post


Link to post
Share on other sites

thanks for your help,

I did all the procedures and this are the 3 logs from hijackthis, avenger and combofix

 

HIJACKTHIS:

 

Logfile of HijackThis v1.99.1

Scan saved at 15:48:47, on 17-01-2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5450.0004)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\rundll32.exe

C:\windows\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Programas\Alcatel\SpeedTouch USB\Dragdiag.exe

C:\Programas\Java\jre1.5.0_09\bin\jusched.exe

C:\Programas\QuickTime\qttask.exe

C:\Programas\Windows Defender\MSASCui.exe

C:\Programas\MSN Messenger\msnmsgr.exe

C:\WINDOWS\system32\DrvMon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\com\lsass.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\com\smss.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Programas\Internet Explorer\iexplore.exe

C:\Documents and Settings\mar de copias\Ambiente de trabalho\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sapo.pt/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.5.0_09\bin\ssv.dll

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [ATIPTA] C:\windows\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Programas\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Windows Defender] "C:\Programas\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE

O4 - HKCU\..\Run: [msnmsgr] "C:\Programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [updateMgr] "C:\Programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1

O4 - Startup: ~(2).pif = ?

O8 - Extra context menu item: &Search - http://kc.bar.need2find.com/KC/menusearch.html?p=KC

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\Office\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\Office\OFFICE11\REFIEBAR.DLL

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: START_PAGE_URL=http://www.citydesk.pt

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{75FA91C8-1BB4-4181-ACF4-E4810D9894B1}: NameServer = 195.23.129.126 194.79.69.222

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programas\Ficheiros comuns\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programas\Ficheiros comuns\Macromedia Shared\Service\Macromedia Licensing.exe

 

 

AVENGER:

 

 

Logfile of The Avenger version 1, by Swandog46

Running from registry key:

\Registry\Machine\System\CurrentControlSet\Services\slvcevpi

 

*******************

 

Script file located at: \??\C:\WINDOWS\system32\vhbqmvxl.txt

Script file opened successfully.

 

Script file read successfully

 

Backups directory opened successfully at C:\Avenger

 

*******************

 

Beginning to process script file:

 

File C:\WINDOWS\system32\com\lsass.exe deleted successfully.

File C:\WINDOWS\system32\com\smss.exe deleted successfully.

 

Completed script processing.

 

*******************

 

Finished! Terminate.

 

 

COMBOFIX

 

 

"mar de copias" - 07-01-17 15:33:51 Service Pack 2

ComboFix 07-01-16.2 - Running from: "C:\Documents and Settings\mar de copias\Ambiente de trabalho"

 

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

c:\pagefile.pif

C:\autorun.inf

C:\pagefile.pif

 

 

((((((((((((((((((((((((((((((( Files Created from 2006-12-17 to 2007-01-17 ))))))))))))))))))))))))))))))))))

 

 

2007-01-17 15:32 <DIR> d-------- C:\avenger

2007-01-11 18:41 <DIR> d-------- C:\Programas\Lavasoft

2007-01-11 18:41 <DIR> d-------- C:\DOCUME~1\MARDEC~1\Application Data\Lavasoft

 

 

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

2007-01-16 19:39 -------- d-------- C:\DOCUME~1\MARDEC~1\Application Data\u3

2007-01-11 19:06 -------- d-a------ C:\Programas\common files

2006-12-30 17:40 -------- d---s---- C:\DOCUME~1\MARDEC~1\Application Data\microsoft

2006-12-26 19:26 -------- d-------- C:\Programas\pop art studio

2006-12-12 18:27 -------- d-------- C:\DOCUME~1\MARDEC~1\Application Data\adobeum

2006-12-07 06:40 2362184 --a------ C:\WINDOWS\system32\wmvcore.dll

2006-12-06 21:56 -------- d-------- C:\Programas\windows defender

2006-12-06 09:31 -------- d-------- C:\Programas\google

2006-12-05 21:48 -------- d-------- C:\DOCUME~1\MARDEC~1\Application Data\skype

2006-12-05 13:45 -------- d-------- C:\Programas\skype

2006-12-04 17:20 10368 --a------ C:\WINDOWS\system32\drivers\pfc.sys

2006-11-24 18:38 -------- d-------- C:\Programas\quicktime

2006-11-17 11:04 -------- d-------- C:\DOCUME~1\MARDEC~1\Application Data\ksol

2006-11-08 05:07 679424 --a------ C:\WINDOWS\system32\inetcomm.dll

2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll

2006-10-20 01:37 715264 --a------ C:\WINDOWS\system32\sxs.dll

 

 

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"msnmsgr"="\"C:\\Programas\\MSN Messenger\\msnmsgr.exe\" /background"

"DrvMon.exe"="C:\\WINDOWS\\system32\\DrvMon.exe"

"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

"updateMgr"="\"C:\\Programas\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_8 -reboot 1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"

"ATIPTA"="C:\\windows\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"

"SpeedTouch USB Diagnostics"="\"C:\\Programas\\Alcatel\\SpeedTouch USB\\Dragdiag.exe\" /icon"

"NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"

"SunJavaUpdateSched"="\"C:\\Programas\\Java\\jre1.5.0_09\\bin\\jusched.exe\""

"QuickTime Task"="\"C:\\Programas\\QuickTime\\qttask.exe\" -atboottime"

"Windows Defender"="\"C:\\Programas\\Windows Defender\\MSASCui.exe\" -hide"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]

"Installed"="1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]

"NoChange"="1"

"Installed"="1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]

"Installed"="1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]

"RegisterDropHandler"="C:\\PROGRA~1\\TEXTBR~1.0\\Bin\\REGIST~1.EXE"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Arranque^Adobe Reader Speed Launch.lnk]

"path"="C:\\Documents and Settings\\All Users\\Menu Iniciar\\Programas\\Arranque\\Adobe Reader Speed Launch.lnk"

"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\PROGRA~1\\Adobe\\ACROBA~4.0\\Reader\\READER~1.EXE "

"item"="Adobe Reader Speed Launch"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Arranque^GStartup.lnk]

"path"="C:\\Documents and Settings\\All Users\\Menu Iniciar\\Programas\\Arranque\\GStartup.lnk"

"backup"="C:\\WINDOWS\\pss\\GStartup.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\PROGRA~1\\FICHEI~1\\GMT\\GMT.exe /startup"

"item"="GStartup"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="points manager"

"hkey"="HKLM"

"command"="c:\\program files\\altnet\\points manager\\points manager.exe -s"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti-Virus Update Scheduler V1.39.12R]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="winxp"

"hkey"="HKLM"

"command"="C:\\winxp.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmrss]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="cmrss"

"hkey"="HKLM"

"command"="C:\\WINDOWS\\system32\\cmrss.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstaFinderK]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="InstaFinderK_inst"

"hkey"="HKLM"

"command"="C:\\Programas\\INSTAFINK\\InstaFinderK_inst.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantAccess]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="INSTAN~1"

"hkey"="HKLM"

"command"="C:\\PROGRA~1\\TEXTBR~1.0\\Bin\\INSTAN~1.EXE /h"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAZAA]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="kazaa"

"hkey"="HKLM"

"command"="C:\\Programas\\Kazaa\\kazaa.exe /SYSTRAY"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="dumprep 0 -k"

"hkey"="HKLM"

"command"="%systemroot%\\system32\\dumprep 0 -k"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="lxbkbmgr"

"hkey"="HKLM"

"command"="\"C:\\Programas\\Lexmark X1100 Series\\lxbkbmgr.exe\""

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus2]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="MsgPlus"

"hkey"="HKLM"

"command"="\"C:\\Programas\\Messenger Plus! 2\\MsgPlus.exe\""

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="WkUFind"

"hkey"="HKLM"

"command"="C:\\Programas\\Ficheiros comuns\\Microsoft Shared\\Works Shared\\WkUFind.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="P2P Networking"

"hkey"="HKLM"

"command"="C:\\WINDOWS\\system32\\P2P Networking\\P2P Networking.exe /AUTOSTART"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="qttask"

"hkey"="HKLM"

"command"="\"C:\\Programas\\QuickTime\\qttask.exe\" -atboottime"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegisterDropHandler]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="REGIST~1"

"hkey"="HKLM"

"command"="C:\\PROGRA~1\\TEXTBR~1.0\\Bin\\REGIST~1.EXE"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SAPO Messenger]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="sapoim"

"hkey"="HKCU"

"command"="\"C:\\Programas\\SAPO Messenger\\sapoim.exe\" /silent"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="hpgs2wnd"

"hkey"="HKLM"

"command"="C:\\Programas\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Skype"

"hkey"="HKCU"

"command"="\"C:\\Programas\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\taskmgr]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="msbcs"

"hkey"="HKLM"

"command"="C:\\WINDOWS\\system32\\msbcs.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="realsched"

"hkey"="HKLM"

"command"="\"C:\\Programas\\Ficheiros comuns\\Real\\Update_OB\\realsched.exe\" -osboot"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="AdobeUpdateManager"

"hkey"="HKCU"

"command"="C:\\Programas\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_0"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows AdStatus]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="WinStat"

"hkey"="HKLM"

"command"="C:\\Program Files\\Windows AdStatus\\WinStat.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]

"{553858A7-4922-4e7e-B1C1-97140C1C16EF}"="IE Component Categories cache daemon"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"DWQueuedReporting"="\"C:\\PROGRA~1\\FICHEI~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"

 

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]

"DWQueuedReporting"="\"C:\\PROGRA~1\\FICHEI~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoViewOnDrive"=dword:00000000

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll"

 

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]

LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0

NetworkService REG_MULTI_SZ DnsCache\0\0

rpcss REG_MULTI_SZ RpcSs\0\0

imgsvc REG_MULTI_SZ StiSvc\0\0

termsvcs REG_MULTI_SZ TermService\0\0

HTTPFilter REG_MULTI_SZ HTTPFilter\0\0

DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0

bthsvcs REG_MULTI_SZ BthServ\0\0

 

 

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F]

Shell\AutoRun\command F:\LaunchU3.exe -a

 

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0089ae4c-6011-11da-9347-0090d077dfad}]

Shell\AutoRun\command E:\JDSecure\Windows\JDSecure20.exe

 

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{11f18716-8a91-11db-9525-0090d077dfad}]

Shell\Auto\command pagefile.pif

Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL pagefile.pif

 

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{28f26482-a223-11db-9542-0090d077dfad}]

Shell\Auto\command E:\pagefile.pif

Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL pagefile.pif

 

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d445208-a2c8-11da-93b5-0090d077dfad}]

Shell\AutoRun\command J:\loader.exe

 

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2f37b2e3-a49f-11db-9546-0090d077dfad}]

Shell\Auto\command E:\pagefile.pif

Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL pagefile.pif

 

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{319ecd10-eef5-11da-9431-0090d077dfad}]

shell\play\Command "C:\Programas\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L"

 

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b8d2c83-2078-11db-947f-0090d077dfad}]

Shell\Auto\command F:\pagefile.pif

Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL pagefile.pif

 

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3de8ae5f-5605-11db-94d0-0090d077dfad}]

Shell\AutoRun\command F:\LaunchU3.exe

 

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4d9b7007-efd8-11da-9434-0090d077dfad}]

Shell\Auto\command E:\pagefile.pif

Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL pagefile.pif

 

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{538b61e0-a60f-11db-9548-0090d077dfad}]

Shell\Auto\command E:\pagefile.pif

Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL pagefile.pif

 

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5736f310-b7c7-11d9-9226-0090d077dfad}]

Shell\AutoRun\command .\MigWiz\migsetup.exe

 

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b5eeac8-a554-11db-9547-0090d077dfad}]

Shell\AutoRun\command F:\LaunchU3.exe -a

 

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b5eeac9-a554-11db-9547-0090d077dfad}]

Shell\Auto\command K:\pagefile.pif

Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL pagefile.pif

 

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{96681d80-a471-11db-9545-0090d077dfad}]

Shell\Auto\command E:\pagefile.pif

Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL pagefile.pif

 

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f7c5e90-808c-11db-9517-0090d077dfad}]

Shell\AutoRun\command E:\setupSNK.exe

 

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a605e590-11f2-11d9-9127-0090d077dfad}]

Shell\Auto\command pagefile.pif

Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL pagefile.pif

 

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a7919426-805a-11db-9516-0090d077dfad}]

Shell\Auto\command E:\pagefile.pif

Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL pagefile.pif

 

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c79b1382-83c1-11db-951b-0090d077dfad}]

Shell\Auto\command E:\pagefile.pif

Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL pagefile.pif

 

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d55ccad5-7bab-11db-950f-0090d077dfad}]

Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

 

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4689ee4-5843-11db-94d3-0090d077dfad}]

Shell\Auto\command E:\pagefile.pif

Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL pagefile.pif

 

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6a66340-dc2f-11da-9413-0090d077dfad}]

Shell\Auto\command E:\pagefile.pif

Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL pagefile.pif

 

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e8b43331-86aa-11db-9521-0090d077dfad}]

Shell\AutoRun\command K:\LaunchU3.exe

 

 

Contents of the 'Scheduled Tasks' folder

C:\WINDOWS\tasks\MP Scheduled Scan.job

 

Completion time: 07-01-17 15:43:08

 

 

Thanks again for your support

Share this post


Link to post
Share on other sites

Hi,tiagoludovice

 

Ok lit's try this now it's the first time im using it this way

 

Download this file - combofix.exe

 

and save it to your desktop. Also save the below command in Notepad as a text file so that you can copy/paste in safe mode.

 

"%userprofile%\desktop\combofix.exe" /wow

 

 

Boot into safe mode by tapping the F8 key just before Windows starts to load.

 

go to start --> run and copy/paste in the following:

 

 

"%userprofile%\desktop\combofix.exe" /wow

 

 

When finished, it shall produce a log for you. Save it and post that log in your next reply.

 

Note:

 

Do not mouseclick combofix's window whilst it's running. That may cause it to stall

 

==========

 

Then come back here with a new HijackThis logfile and also the ComboFix log

 

 

Gogo :D

Share this post


Link to post
Share on other sites
Sign in to follow this