Jump to content


Photo

Help on Removing Trojan-Clicker.Win32.Delf.hi


  • This topic is locked This topic is locked
8 replies to this topic

#1 gazorninflex

gazorninflex

    Member

  • Full Member
  • Pip
  • 4 posts

Posted 25 May 2007 - 08:33 AM

May 25 2007, 08:33 AM

Nod32 is pointing this:

Time Module Object Name Threat Action User Information
29/5/2007 14:16:03 AMON file C:\WINDOWS\system32\lddfldd.dll Win32/TrojanClicker.Delf.NAO trojan AUTORIDADE NT\SYSTEM Event occurred at an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.



And this is the hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 14:01:52, on 29/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe
C:\Arquivos de programas\Eset\nod32kui.exe
C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Arquivos de programas\Eset\nod32krn.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Arquivos de programas\MSN Messenger\usnsvc.exe
C:\Arquivos de programas\MSN Messenger\msnmsgr.exe
C:\Arquivos de programas\The KMPlayer\KMPlayer.exe
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
C:\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsof...ss/allinone.asp
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {A7ABD98A-C60B-4148-8B15-F7CF86D1F3C5} - c:\windows\system32\lddfldd.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [StartCCC] C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033
O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: jkramjwh - C:\WINDOWS\SYSTEM32\lddfldd.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Edited by gazorninflex, 29 May 2007 - 12:17 PM.


#2 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,523 posts

Posted 28 May 2007 - 06:30 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.
If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]
This is an automated message. It does not count as help.

#3 Sempurna

Sempurna

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 3,838 posts

Posted 01 June 2007 - 02:27 AM

Hi gazorninflex,

Welcome to SpywareInfo! :wave:

I apologize for the delay getting to your log. The helpers here are all volunteers and we have been very busy here lately. If you are still having malware problems, I will be glad to help.

OK, hereís what we do first.

Please download ComboFix by sUBs:

NOTE: In the event you already have ComboFix, this is a new version that I need you to download.
  • Save it to your desktop.
  • Double-click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Please do NOT mouse-click ComboFix's window while it is running. That may cause it to stall. Also, please do NOT adjust your time format while ComboFix is running.


NEXT:

Please reboot your computer normally into Windows, and then please post the ComboFix log and a new HijackThis log.
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

--------------------

We are each of us angels with but one wing. And we can only fly embracing each other.
Luciano De Crescenzo

#4 gazorninflex

gazorninflex

    Member

  • Full Member
  • Pip
  • 4 posts

Posted 01 June 2007 - 07:34 PM

For what i've seen... it found the lddfldd.dll.bak one (and failed to delete), but didn't find the "original" one, (lddfldd.dll).
Well...I'll let you see if you can help me

"Jorge" - 2007-06-01 21:27:03 Service Pack 2
ComboFix 07-05.27.BV - Running from: "C:\Arquivos de programas\Mozilla Firefox\"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


"C:\WINDOWS\update7.exe"
"C:\WINDOWS\system32\drivers\opjckzwh.sys"
"C:\WINDOWS\system32\lddfldd.dll.bak" . . . . failed to delete


((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_ECWVFLEY
-------\LEGACY_NLMRPUPY
-------\ecwvfley
-------\nlmrpupy


((((((((((((((((((((((((((((((( Files Created from 2007-05-02 to 2007-06-02 ))))))))))))))))))))))))))))))))))


2007-06-01 21:06 434,688 --a------ C:\WINDOWS\system32\ss2uinst.exe
2007-06-01 21:06 <DIR> d-------- C:\Arquivos de programas\VHCleaner
2007-05-31 15:11 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Raxco
2007-05-31 15:10 <DIR> d-------- C:\Arquivos de programas\Raxco
2007-05-31 15:10 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Raxco
2007-05-31 13:16 1,188 --a------ C:\WINDOWS\mozver.dat
2007-05-30 14:43 0 --a------ C:\WINDOWS\nsreg.dat
2007-05-30 14:36 <DIR> d-------- C:\Arquivos de programas\Azureus
2007-05-30 14:19 <DIR> d-------- C:\DOCUME~1\Jorge\DADOSD~1\Azureus
2007-05-30 14:19 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Azureus
2007-05-29 18:51 <DIR> d-------- C:\Arquivos de programas\Hamachi
2007-05-29 16:46 <DIR> d-------- C:\avenger
2007-05-29 14:01 <DIR> d-------- C:\HiJackThis
2007-05-28 11:28 <DIR> d-------- C:\WINDOWS\ShellNew
2007-05-27 13:22 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-05-27 13:14 <DIR> d-------- C:\Arquivos de programas\Atari
2007-05-27 00:02 26,056 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2007-05-27 00:02 <DIR> d-------- C:\DOCUME~1\Jorge\DADOSD~1\Hamachi
2007-05-26 23:40 <DIR> d-------- C:\Arquivos de programas\EA GAMES
2007-05-26 12:59 750,592 --a------ C:\WINDOWS\system32\wzvhhome.dll
2007-05-26 12:56 95,232 --a------ C:\WINDOWS\system32\iexuwvzu.dll
2007-05-26 12:56 39,936 --a------ C:\WINDOWS\system32\tnqfpnbo.dll
2007-05-26 12:56 122,368 --a------ C:\WINDOWS\system32\xzraiphq.dll
2007-05-25 19:19 2,829 --a------ C:\WINDOWS\War3Unin.pif
2007-05-25 19:09 84,243 --a------ C:\WINDOWS\War3Unin.dat
2007-05-25 19:09 139,264 --a------ C:\WINDOWS\War3Unin.exe
2007-05-25 19:03 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-05-25 19:03 299,392 --a------ C:\WINDOWS\system32\imon.dll
2007-05-25 19:03 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2007-05-25 09:37 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2007-05-25 09:37 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2007-05-25 09:37 <DIR> d-------- C:\DOCUME~1\Jorge\DADOSD~1\Simply Super Software
2007-05-25 09:35 <DIR> d-------- C:\DOCUME~1\Jorge\DADOSD~1\TrojanHunter
2007-05-25 09:29 <DIR> d-------- C:\Arquivos de programas\TrojanHunter 4.6
2007-05-25 09:23 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-05-25 07:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Kaspersky Lab
2007-05-24 12:06 684,567 --a------ C:\WINDOWS\system32\libeay32.dll
2007-05-24 12:06 147,729 --a------ C:\WINDOWS\system32\libssl32.dll
2007-05-23 18:50 <DIR> d-------- C:\Arquivos de programas\Rockstar Games
2007-05-23 11:22 64,512 --a------ C:\WINDOWS\system32\daglqkoe.exe
2007-05-23 11:22 17,408 --a------ C:\WINDOWS\system32\precaaaa.exe
2007-05-23 10:41 626,960 -ra------ C:\WINDOWS\system32\hpvaut32.dll
2007-05-23 10:41 487,424 -ra------ C:\WINDOWS\system32\hpvcp70.dll
2007-05-23 10:41 44,544 -ra------ C:\WINDOWS\system32\MSXML4a.dll
2007-05-23 10:41 344,064 -ra------ C:\WINDOWS\system32\hpvcr70.dll
2007-05-23 10:39 51,088 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2007-05-23 10:39 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2007-05-23 10:38 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-05-23 10:37 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2007-05-23 10:37 65,536 --a------ C:\WINDOWS\system32\HPZipm12.exe
2007-05-23 10:37 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe
2007-05-23 10:37 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2007-05-23 10:37 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll
2007-05-23 10:37 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2007-05-23 10:34 <DIR> d-------- C:\Arquivos de programas\HP
2007-05-23 10:33 94,833 --a------ C:\WINDOWS\HPHins03.dat
2007-05-23 10:33 2,655 --------- C:\WINDOWS\hphmdl03.dat
2007-05-22 01:59 56 -r-hs---- C:\WINDOWS\system32\A73FF1C8A8.sys
2007-05-22 01:59 <DIR> d-------- C:\DOCUME~1\Jorge\DADOSD~1\Corel
2007-05-22 01:58 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\InstallShield
2007-05-22 01:57 <DIR> d-------- C:\Arquivos de programas\Corel
2007-05-22 01:57 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Corel
2007-05-22 01:53 3,766 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-05-22 01:44 <DIR> d-------- C:\Arquivos de programas\MagicISO
2007-05-22 01:41 <DIR> d-------- C:\Arquivos de programas\DAEMON Tools
2007-05-21 10:38 <DIR> d-------- C:\WINDOWS\Profiles
2007-05-21 10:38 <DIR> d-------- C:\DOCUME~1\Jorge\DADOSD~1\InterTrust
2007-05-21 10:37 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-05-21 10:36 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2007-05-21 10:36 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2007-05-21 10:36 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2007-05-21 10:36 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-05-21 10:36 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-05-21 10:36 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2007-05-21 10:36 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Ahead
2007-05-21 10:36 <DIR> d-------- C:\Arquivos de programas\Ahead
2007-05-21 10:35 40,960 --a------ C:\Arquivos de programas\Uninstall_CDS.exe
2007-05-21 10:35 <DIR> d-------- C:\Arquivos de programas\CyberLink DVD Solution
2007-05-21 08:33 <DIR> d-------- C:\Arquivos de programas\Guitar Pro 5
2007-05-20 17:58 <DIR> d--hs---- C:\RECYCLER
2007-05-20 17:22 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Spybot - Search & Destroy
2007-05-20 14:05 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-05-20 13:57 <DIR> d-------- C:\Arquivos de programas\Max Payne
2007-05-20 13:50 682,232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-05-20 00:04 <DIR> d-------- C:\DOCUME~1\Jorge\DADOSD~1\Media Player Classic
2007-05-18 19:56 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-05-18 19:54 <DIR> d-------- C:\DOCUME~1\Jorge\DADOSD~1\ATI
2007-05-18 19:52 <DIR> d-------- C:\Arquivos de programas\ATI Technologies
2007-05-18 19:45 <DIR> d-------- C:\Arquivos de programas\MSBuild
2007-05-18 19:41 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-05-18 19:40 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-05-18 19:40 <DIR> d-------- C:\Arquivos de programas\Reference Assemblies
2007-05-18 19:37 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-05-18 18:59 <DIR> d---s---- C:\Documents and Settings\Jorge\UserData
2007-05-18 18:59 <DIR> d---s---- C:\DOCUME~1\Jorge\UserData
2007-05-18 18:55 520,192 --------- C:\WINDOWS\system32\ati2sgag.exe
2007-05-18 18:48 <DIR> d-------- C:\Arquivos de programas\HDD Health
2007-05-17 14:41 <DIR> dr------- C:\Cesar
2007-05-17 14:41 <DIR> d-------- C:\moacir
2007-05-16 22:15 <DIR> d-------- C:\DOCUME~1\Jorge\DADOSD~1\uTorrent
2007-05-16 20:55 <DIR> d-------- C:\Arquivos de programas\The KMPlayer
2007-05-16 20:54 <DIR> d-------- C:\Arquivos de programas\eMule
2007-05-16 20:49 <DIR> d-------- C:\WINDOWS\pss
2007-05-16 20:41 <DIR> d--h----- C:\Arquivos de programas\InstallShield Installation Information
2007-05-16 20:40 <DIR> d-------- C:\ATI
2007-05-16 20:40 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\InstallShield
2007-05-16 20:24 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-05-16 20:24 73,728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-05-16 20:24 639,066 --a------ C:\WINDOWS\system32\divx.dll
2007-05-16 20:24 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-05-16 20:24 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-05-16 20:24 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-05-16 20:24 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2007-05-16 20:24 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-05-16 20:24 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-05-16 20:24 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-05-16 20:24 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-05-16 20:24 1,565,480 --a------ C:\WINDOWS\system32\wmv9vcm.dll
2007-05-16 20:24 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-05-16 20:24 <DIR> d-------- C:\DOCUME~1\Jorge\DADOSD~1\Real
2007-05-16 20:24 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Real
2007-05-16 20:24 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Apple Computer
2007-05-16 20:24 <DIR> d-------- C:\Arquivos de programas\uTorrent
2007-05-16 20:24 <DIR> d-------- C:\Arquivos de programas\K-Lite Codec Pack
2007-05-16 20:22 32,768 --a------ C:\WINDOWS\SIS_LIB.DLL
2007-05-16 20:22 305,664 --a------ C:\WINDOWS\IsUn0416.exe
2007-05-16 20:22 106,496 --a------ C:\WINDOWS\SiSUSBrg.exe
2007-05-16 20:22 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups
2007-05-16 20:22 <DIR> d-------- C:\Documents and Settings\Jorge\WINDOWS
2007-05-16 20:22 <DIR> d-------- C:\DOCUME~1\Jorge\WINDOWS
2007-05-16 20:19 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-05-16 20:19 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2007-05-16 20:19 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-05-16 20:19 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-05-16 20:19 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-05-16 20:19 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-05-16 20:19 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-05-16 20:19 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-05-16 20:19 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2007-05-16 20:19 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-05-16 20:19 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-05-16 20:19 171,776 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-05-16 20:19 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-05-16 20:19 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-05-16 20:18 720,896 --a------ C:\WINDOWS\system32\a3d.dll
2007-05-16 20:18 578,304 --a------ C:\WINDOWS\system32\drivers\smwdm.sys
2007-05-16 20:18 4,816 --a------ C:\WINDOWS\system32\drivers\aeaudio.sys
2007-05-16 20:18 3,744 --a------ C:\WINDOWS\system32\drivers\smsens.sys
2007-05-16 20:07 <DIR> d-------- C:\Arquivos de programas\Warcraft III
2007-05-16 19:52 36,992 --a------ C:\WINDOWS\system32\drivers\SISAGPX.SYS
2007-05-16 19:45 <DIR> d-------- C:\Jorge
2007-05-16 19:16 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-05-16 19:16 <DIR> d-------- C:\Documents and Settings\Jorge\Contacts
2007-05-16 19:16 <DIR> d-------- C:\DOCUME~1\Jorge\Contacts
2007-05-16 19:15 <DIR> d-------- C:\Arquivos de programas\MSN Messenger
2007-05-16 19:01 2,883,584 --ah----- C:\Documents and Settings\Jorge\NTUSER.DAT
2007-05-16 19:01 2,883,584 --ah----- C:\DOCUME~1\Jorge\NTUSER.DAT
2007-05-16 19:01 <DIR> dr-h----- C:\Documents and Settings\Jorge\Dados de aplicativos
2007-05-16 19:01 <DIR> dr-h----- C:\DOCUME~1\Jorge\Dados de aplicativos
2007-05-16 19:01 <DIR> dr------- C:\Documents and Settings\Jorge\Meus documentos
2007-05-16 19:01 <DIR> dr------- C:\Documents and Settings\Jorge\Menu Iniciar
2007-05-16 19:01 <DIR> dr------- C:\Documents and Settings\Jorge\Favoritos
2007-05-16 19:01 <DIR> dr------- C:\DOCUME~1\Jorge\Meus documentos
2007-05-16 19:01 <DIR> dr------- C:\DOCUME~1\Jorge\Menu Iniciar
2007-05-16 19:01 <DIR> dr------- C:\DOCUME~1\Jorge\Favoritos
2007-05-16 19:01 <DIR> d--h----- C:\Documents and Settings\Jorge\Modelos
2007-05-16 19:01 <DIR> d--h----- C:\Documents and Settings\Jorge\Configuraášes locais
2007-05-16 19:01 <DIR> d--h----- C:\Documents and Settings\Jorge\Ambiente de rede
2007-05-16 19:01 <DIR> d--h----- C:\Documents and Settings\Jorge\Ambiente de impress∆o
2007-05-16 19:01 <DIR> d--h----- C:\DOCUME~1\Jorge\Modelos
2007-05-16 19:01 <DIR> d--h----- C:\DOCUME~1\Jorge\Configuraášes locais
2007-05-16 19:01 <DIR> d--h----- C:\DOCUME~1\Jorge\Ambiente de rede
2007-05-16 19:01 <DIR> d--h----- C:\DOCUME~1\Jorge\Ambiente de impress∆o
2007-05-16 19:00 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-05-16 18:59 786,432 --ah----- C:\DOCUME~1\NETWOR~1\NTUSER.DAT
2007-05-16 18:59 786,432 --ah----- C:\DOCUME~1\LOCALS~1\NTUSER.DAT
2007-05-16 18:59 <DIR> d--h----- C:\DOCUME~1\NETWOR~1\Configuraášes locais
2007-05-16 18:59 <DIR> d--h----- C:\DOCUME~1\LOCALS~1\Configuraášes locais
2007-05-16 18:59 <DIR> d-------- C:\WINDOWS\Prefetch
2007-05-16 18:59 <DIR> d-------- C:\DOCUME~1\NETWOR~1\Dados de aplicativos
2007-05-16 18:59 <DIR> d-------- C:\DOCUME~1\LOCALS~1\Dados de aplicativos
2007-05-16 18:49 229,376 ---h----- C:\DOCUME~1\DEFAUL~1\NTUSER.DAT
2007-05-16 18:49 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-05-16 18:49 0 -rahs---- C:\MSDOS.SYS
2007-05-16 18:49 0 -rahs---- C:\IO.SYS
2007-05-16 18:49 0 --a------ C:\CONFIG.SYS
2007-05-16 18:49 0 --a------ C:\AUTOEXEC.BAT
2007-05-16 18:49 <DIR> d-------- C:\WINDOWS\system32\xircom
2007-05-16 18:49 <DIR> d-------- C:\Arquivos de programas\microsoft frontpage
2007-05-16 18:48 <DIR> d--hs---- C:\DOCUME~1\ALLUSE~1\DRM
2007-05-16 18:47 <DIR> dr------- C:\WINDOWS\Offline Web Pages
2007-05-16 18:47 <DIR> d--h----- C:\Arquivos de programas\WindowsUpdate
2007-05-16 18:47 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2007-05-16 18:47 <DIR> d-------- C:\WINDOWS\system32\DirectX
2007-05-16 18:47 <DIR> d-------- C:\Arquivos de programas\Serviáos on-line
2007-05-16 18:46 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2007-05-16 18:46 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2007-05-16 18:46 68,096 --a------ C:\WINDOWS\system32\acctres.dll
2007-05-16 18:46 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-05-16 18:46 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2007-05-16 18:46 431,616 --a------ C:\WINDOWS\system32\wuapi.dll
2007-05-16 18:46 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-05-16 18:46 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-05-16 18:46 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2007-05-16 18:46 36,864 --a------ C:\WINDOWS\system32\wups.dll
2007-05-16 18:46 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2007-05-16 18:46 183,808 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-05-16 18:46 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-05-16 18:46 167,936 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-05-16 18:46 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2007-05-16 18:46 120,320 --a------ C:\WINDOWS\system32\wuweb.dll
2007-05-16 18:46 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2007-05-16 18:46 113,152 --a------ C:\WINDOWS\system32\wucltui.dll
2007-05-16 18:46 111,616 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-05-16 18:46 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2007-05-16 18:46 1,134,592 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-05-16 18:46 <DIR> d---s---- C:\WINDOWS\Tasks
2007-05-16 18:46 <DIR> d-------- C:\WINDOWS\system32\Macromed
2007-05-16 18:46 <DIR> d-------- C:\WINDOWS\srchasst
2007-05-16 18:46 <DIR> d-------- C:\Arquivos de programas\Movie Maker
2007-05-16 18:46 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Serviáos
2007-05-16 18:46 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\MSSoap
2007-05-16 18:45 86,016 --a------ C:\WINDOWS\system32\isign32.dll
2007-05-16 18:45 81,920 --a------ C:\WINDOWS\system32\ils.dll
2007-05-16 18:45 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2007-05-16 18:45 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-05-16 18:45 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2007-05-16 18:45 678,400 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 18:45 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2007-05-16 18:45 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-05-16 18:45 49,664 --a------ C:\WINDOWS\system32\inetres.dll
2007-05-16 18:45 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-05-16 18:45 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2007-05-16 18:45 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2007-05-16 18:45 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-05-16 18:45 278,528 --a------ C:\WINDOWS\system32\mstask.dll
2007-05-16 18:45 278,528 --a------ C:\WINDOWS\system32\inetcfg.dll
2007-05-16 18:45 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2007-05-16 18:45 240,640 --a------ C:\WINDOWS\system32\srrstr.dll
2007-05-16 18:45 22,528 --a------ C:\WINDOWS\system32\fltMc.exe
2007-05-16 18:45 21,844 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-05-16 18:45 192,000 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-05-16 18:45 171,008 --a------ C:\WINDOWS\system32\srsvc.dll
2007-05-16 18:45 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2007-05-16 18:45 124,800 --a------ C:\WINDOWS\system32\drivers\fltMgr.sys
2007-05-16 18:45 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2007-05-16 18:45 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2007-05-16 18:45 <DIR> d-------- C:\WINDOWS\system32\Restore
2007-05-16 18:44 9,728 --a------ C:\WINDOWS\system32\reset.exe
2007-05-16 18:44 80,896 --a------ C:\WINDOWS\system32\charmap.exe
2007-05-16 18:44 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2007-05-16 18:44 640,512 --a------ C:\WINDOWS\system32\getuname.dll
2007-05-16 18:44 57,344 --a------ C:\WINDOWS\system32\sol.exe
2007-05-16 18:44 55,808 --a------ C:\WINDOWS\system32\freecell.exe
2007-05-16 18:44 5,632 --a------ C:\WINDOWS\system32\write.exe
2007-05-16 18:44 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2007-05-16 18:44 4,608 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2007-05-16 18:44 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2007-05-16 18:44 33,792 --a------ C:\WINDOWS\system32\regini.exe
2007-05-16 18:44 231,424 --a------ C:\WINDOWS\system32\avtapi.dll
2007-05-16 18:44 22,528 --a------ C:\WINDOWS\system32\qwinsta.exe
2007-05-16 18:44 22,016 --a------ C:\WINDOWS\system32\msg.exe
2007-05-16 18:44 17,408 --a------ C:\WINDOWS\system32\tsshutdn.exe
2007-05-16 18:44 17,408 --a------ C:\WINDOWS\system32\qappsrv.exe
2007-05-16 18:44 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2007-05-16 18:44 16,384 --a------ C:\WINDOWS\system32\rwinsta.exe
2007-05-16 18:44 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2007-05-16 18:44 15,872 --a------ C:\WINDOWS\system32\logoff.exe
2007-05-16 18:44 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2007-05-16 18:44 15,360 --a------ C:\WINDOWS\system32\tsdiscon.exe
2007-05-16 18:44 15,360 --a------ C:\WINDOWS\system32\tscon.exe
2007-05-16 18:44 15,360 --a------ C:\WINDOWS\system32\shadow.exe
2007-05-16 18:44 139,264 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-05-16 18:44 128,000 --a------ C:\WINDOWS\system32\mshearts.exe
2007-05-16 18:44 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2007-05-16 18:44 115,200 --a------ C:\WINDOWS\system32\calc.exe
2007-05-16 18:44 1,221 --a------ C:\WINDOWS\system32\usrlogon.cmd
2007-05-16 18:44 <DIR> d-------- C:\WINDOWS\Registration
2007-05-16 18:44 <DIR> d-------- C:\Arquivos de programas\MSN Gaming Zone
2007-05-16 18:44 <DIR> d-------- C:\Arquivos de programas\Messenger
2007-05-16 18:43 949,248 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-05-16 18:43 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-05-16 18:43 90,112 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-05-16 18:43 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-05-16 18:43 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2007-05-16 18:43 82,432 --a------ C:\WINDOWS\system32\comrepl.dll
2007-05-16 18:43 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2007-05-16 18:43 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2007-05-16 18:43 628,224 --a------ C:\WINDOWS\system32\catsrvut.dll
2007-05-16 18:43 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-05-16 18:43 62,464 --a------ C:\WINDOWS\system32\colbact.dll
2007-05-16 18:43 61,440 --a------ C:\WINDOWS\system32\remotepg.dll
2007-05-16 18:43 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2007-05-16 18:43 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2007-05-16 18:43 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2007-05-16 18:43 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2007-05-16 18:43 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2007-05-16 18:43 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2007-05-16 18:43 539,136 --a------ C:\WINDOWS\system32\spider.exe
2007-05-16 18:43 501,248 --a------ C:\WINDOWS\system32\clbcatq.dll
2007-05-16 18:43 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2007-05-16 18:43 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-05-16 18:43 425,472 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-05-16 18:43 409,088 --a------ C:\WINDOWS\system32\mstsc.exe
2007-05-16 18:43 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2007-05-16 18:43 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2007-05-16 18:43 39,424 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-05-16 18:43 350,720 --a------ C:\WINDOWS\system32\hypertrm.dll
2007-05-16 18:43 345,600 --a------ C:\WINDOWS\system32\mspaint.exe
2007-05-16 18:43 296,960 --a------ C:\WINDOWS\system32\termsrv.dll
2007-05-16 18:43 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2007-05-16 18:43 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2007-05-16 18:43 229,888 --a------ C:\WINDOWS\system32\catsrv.dll
2007-05-16 18:43 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-05-16 18:43 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2007-05-16 18:43 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2007-05-16 18:43 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2007-05-16 18:43 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2007-05-16 18:43 188,928 --a------ C:\WINDOWS\system32\cmprops.dll
2007-05-16 18:43 187,904 --a------ C:\WINDOWS\system32\accwiz.exe
2007-05-16 18:43 17,920 --a------ C:\WINDOWS\system32\mmfutil.dll
2007-05-16 18:43 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-05-16 18:43 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2007-05-16 18:43 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2007-05-16 18:43 142,336 --a------ C:\WINDOWS\system32\sessmgr.exe
2007-05-16 18:43 139,400 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-05-16 18:43 132,608 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-05-16 18:43 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2007-05-16 18:43 124,416 --a------ C:\WINDOWS\system32\mplay32.exe
2007-05-16 18:43 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2007-05-16 18:43 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-05-16 18:43 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2007-05-16 18:43 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2007-05-16 18:43 104,960 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-05-16 18:43 1,251,840 --a------ C:\WINDOWS\system32\comsvcs.dll
2007-05-16 18:43 <DIR> d-------- C:\WINDOWS\system32\MsDtc
2007-05-16 18:43 <DIR> d-------- C:\WINDOWS\system32\Com
2007-05-16 18:43 <DIR> d-------- C:\Arquivos de programas\Windows NT
2007-05-16 15:40 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-05-16 15:39 870,784 --a------ C:\WINDOWS\system32\ati3d1ag.dll
2007-05-16 15:39 57,984 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-05-16 15:39 356,352 --------- C:\WINDOWS\system32\ati2cqag.dll
2007-05-16 15:39 267,776 --------- C:\WINDOWS\system32\ati2dvag.dll
2007-05-16 15:39 2,820,544 --------- C:\WINDOWS\system32\ati3duag.dll
2007-05-16 15:39 1,986,560 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-05-16 15:39 1,315,712 --------- C:\WINDOWS\system32\ativvaxx.dll
2007-05-16 15:38 76,288 --a------ C:\WINDOWS\system32\usbui.dll
2007-05-16 15:38 44,672 --a------ C:\WINDOWS\system32\drivers\UAGP35.SYS
2007-05-16 15:38 32,768 --a------ C:\WINDOWS\system32\drivers\sisnic.sys
2007-05-16 15:37 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2007-05-16 15:37 9,072 --a------ C:\WINDOWS\system\VER.DLL
2007-05-16 15:37 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2007-05-16 15:37 83,456 --a------ C:\WINDOWS\system\OLECLI.DLL
2007-05-16 15:37 8,704 --a------ C:\WINDOWS\system32\batt.dll
2007-05-16 15:37 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2007-05-16 15:37 75,776 --a------ C:\WINDOWS\system32\storprop.dll
2007-05-16 15:37 70,144 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-05-16 15:37 70,144 --a------ C:\WINDOWS\NOTEPAD.EXE
2007-05-16 15:37 70,080 --a------ C:\WINDOWS\system\MMSYSTEM.DLL
2007-05-16 15:37 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2007-05-16 15:37 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2007-05-16 15:37 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2007-05-16 15:37 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2007-05-16 15:37 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2007-05-16 15:37 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2007-05-16 15:37 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2007-05-16 15:37 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2007-05-16 15:37 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2007-05-16 15:37 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2007-05-16 15:37 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2007-05-16 15:37 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2007-05-16 15:37 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2007-05-16 15:37 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2007-05-16 15:37 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2007-05-16 15:37 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2007-05-16 15:37 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2007-05-16 15:37 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2007-05-16 15:37 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2007-05-16 15:37 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2007-05-16 15:37 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2007-05-16 15:37 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2007-05-16 15:37 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2007-05-16 15:37 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2007-05-16 15:37 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2007-05-16 15:37 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2007-05-16 15:37 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2007-05-16 15:37 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2007-05-16 15:37 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2007-05-16 15:37 5,120 --a------ C:\WINDOWS\system\SHELL.DLL
2007-05-16 15:37 33,504 --a------ C:\WINDOWS\system\COMMDLG.DLL
2007-05-16 15:37 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-05-16 15:37 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL
2007-05-16 15:37 19,200 --a------ C:\WINDOWS\system\TAPI.DLL
2007-05-16 15:37 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2007-05-16 15:37 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2007-05-16 15:37 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-05-16 15:37 127,120 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2007-05-16 15:37 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-05-16 15:37 109,536 --a------ C:\WINDOWS\system\AVIFILE.DLL
2007-05-16 15:37 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2007-05-16 15:37 <DIR> dr------- C:\Arquivos de programas
2007-05-16 15:37 <DIR> d--hs---- C:\WINDOWS\Installer
2007-05-16 15:37 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\SpeechEngines
2007-05-16 15:37 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\ODBC
2007-05-16 15:36 <DIR> dr-h----- C:\DOCUME~1\DEFAUL~1\Configuraášes locais
2007-05-16 15:36 <DIR> dr------- C:\DOCUME~1\DEFAUL~1\Menu Iniciar
2007-05-16 15:36 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Menu Iniciar
2007-05-16 15:36 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Documentos
2007-05-16 15:36 <DIR> d--h----- C:\DOCUME~1\DEFAUL~1\Modelos
2007-05-16 15:36 <DIR> d--h----- C:\DOCUME~1\DEFAUL~1\Ambiente de rede
2007-05-16 15:36 <DIR> d--h----- C:\DOCUME~1\DEFAUL~1\Ambiente de impress∆o
2007-05-16 15:36 <DIR> d--h----- C:\DOCUME~1\ALLUSE~1\Modelos
2007-05-16 15:36 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Meus documentos
2007-05-16 15:36 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Favoritos
2007-05-16 15:36 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Favoritos
2007-05-16 15:35 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2007-05-16 15:35 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2007-05-16 15:34 <DIR> dr-h----- C:\DOCUME~1\DEFAUL~1\Dados de aplicativos
2007-05-16 15:34 <DIR> dr-h----- C:\DOCUME~1\ALLUSE~1\Dados de aplicativos
2007-05-16 15:34 <DIR> d--hs---- C:\System Volume Information
2007-05-16 15:34 <DIR> d-------- C:\Documents and Settings
2007-05-16 15:28 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache
2007-05-16 15:28 <DIR> dr--s---- C:\WINDOWS\Fonts
2007-05-16 15:28 <DIR> dr------- C:\WINDOWS\Web
2007-05-16 15:28 <DIR> d--h----- C:\WINDOWS\inf
2007-05-16 15:28 <DIR> d-------- C:\WINDOWS\WinSxS
2007-05-16 15:28 <DIR> d-------- C:\WINDOWS\twain_32
2007-05-16 15:28 <DIR> d-------- C:\WINDOWS\system32\wins
2007-05-16 15:28 <DIR> d-------- C:\WINDOWS\system32\wbem
2007-05-16 15:28 <DIR> d-------- C:\WINDOWS\system32\usmt
2007-05-16 15:28 <DIR> d-------- C:\WINDOWS\system32\spool
2007-05-16 15:28 <DIR> d-------- C:\WINDOWS\system32\ShellExt
2007-05-16 15:28 <DIR> d-------- C:\WINDOWS\system32\Setup
2007-05-16 15:28 <DIR> d-------- C:\WINDOWS\system32\ras
2007-05-16 15:28 <DIR> d-------- C:\WINDOWS\system32\oobe
2007-05-16 15:28 <DIR> d-------- C:\WINDOWS\system32\npp
2007-05-16 15:28 <DIR> d-------- C:\WINDOWS\system32\mui
2007-05-16 15:28 <DIR> d-------- C:\WINDOWS\system32\inetsrv
2007-05-16 15:28 <DIR> d-------- C:\WINDOWS\system32\IME
2007-05-16 15:28 <DIR> d-------- C:\WINDOWS\system32\icsxml
2007-05-16 15:28 <DIR> d-------- C:\WINDOWS\system32\ias
2007-05-16 15:28 <DIR> d-------- C:\WINDOWS\system32\export
2007-05-16 15:28 <DIR> d-------- C:\WINDOWS\system32\drivers\etc
2007-05-16 15:28 <DIR> d-------- C:\WINDOWS\system32\drivers\disdn
2007-05-16 15:28 <DIR> d-------- C:\WINDOWS\system32\drivers
2007-05-16 15:28 <DIR> d-------- C:\WINDOWS\system32\dhcp
2007-05-16 15:28 <DIR> d-------- C:\WINDOWS\system32\config
2007-05-16 15:28 <DIR> d-------- C:\WINDOWS\system32\3com_dmi
2007-05-16 15:28 <DIR> d-------- C:\WINDOWS\system32\3076
2007-05-16 15:28 <DIR> d-------- C:\WINDOWS\system32\2052
2007-05-16 15:28 <DIR> d-------- C:\WINDOWS\system32\1054
2007-05-16 15:28 <DIR> d-------- C:\WINDOWS\system32\1046
2007-05-16 15:28 <DIR> d-------- C:\WINDOWS\system32\1042
2007-05-16 15:28 <DIR> d-------- C:\WINDOWS\system32\1041
2007-05-16 15:28 <DIR> d-------- C:\WINDOWS\system32\1037
2007-05-16 15:28 <DIR> d-------- C:\WINDOWS\system32\1033
2007-05-16 15:28 <DIR> d-------- C:\WINDOWS\system32\1031
2007-05-16 15:28 <DIR> d-------- C:\WINDOWS\system32\1028
2007-05-16 15:28 <DIR> d-------- C:\WINDOWS\system32\1025
2007-05-16 15:28 <DIR> d-------- C:\WINDOWS\system32
2007-05-16 15:28 <DIR> d-------- C:\WINDOWS\system
2007-05-16 15:28 <DIR> d-------- C:\WINDOWS\security
2007-05-16 15:28 <DIR> d-------- C:\WINDOWS\Resources
2007-05-16 15:28 <DIR> d-------- C:\WINDOWS\repair
2007-05-16 15:28 <DIR> d-------- C:\WINDOWS\Provisioning
2007-05-16 15:28 <DIR> d-------- C:\WINDOWS\PeerNet
2007-05-16 15:28 <DIR> d-------- C:\WINDOWS\pchealth
2007-05-16 15:28 <DIR> d-------- C:\WINDOWS\mui
2007-05-16 15:28 <DIR> d-------- C:\WINDOWS\msapps
2007-05-16 15:28 <DIR> d-------- C:\WINDOWS\msagent
2007-05-16 15:28 <DIR> d-------- C:\WINDOWS\Media
2007-05-16 15:28 <DIR> d-------- C:\WINDOWS\ime
2007-05-16 15:28 <DIR> d-------- C:\WINDOWS\Help
2007-05-16 15:28 <DIR> d-------- C:\WINDOWS\ehome
2007-05-16 15:28 <DIR> d-------- C:\WINDOWS\Driver Cache
2007-05-16 15:28 <DIR> d-------- C:\WINDOWS\Debug
2007-05-16 15:28 <DIR> d-------- C:\WINDOWS\Cursors
2007-05-16 15:28 <DIR> d-------- C:\WINDOWS\Connection Wizard
2007-05-16 15:28 <DIR> d-------- C:\WINDOWS\Config
2007-05-16 15:28 <DIR> d-------- C:\WINDOWS\AppPatch
2007-05-16 15:28 <DIR> d-------- C:\WINDOWS\addins
2007-05-16 15:28 <DIR> d-------- C:\WINDOWS


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-18 22:45:32 75,230 ----a-w C:\WINDOWS\system32\perfc016.dat
2007-05-18 22:45:32 460,722 ----a-w C:\WINDOWS\system32\perfh016.dat
2007-05-16 21:47:40 -------- d-----w C:\Arquivos de programas\ServiÁos on-line
2007-05-16 21:46:33 -------- d-----w C:\Arquivos de programas\Arquivos comuns\ServiÁos
2007-03-15 01:58:38 315,392 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-03-15 01:55:38 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-03-15 01:50:39 122,880 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-03-15 01:50:27 114,688 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-03-15 01:50:19 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-03-15 01:50:12 42,496 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-03-15 01:49:59 114,688 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-03-15 01:48:39 450,560 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-03-15 01:47:52 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-03-15 01:29:32 3,107,788 ----a-w C:\WINDOWS\system32\ativvaxx.dat
2007-03-15 01:19:32 5,402,624 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-03-15 01:16:14 258,048 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-03-15 01:14:43 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-03-06 22:04:53 143,676 ----a-w C:\WINDOWS\system32\atiicdxx.dat


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 16:39]
{53707962-6F74-2D53-2644-206D7942484F}=C:\ARQUIV~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" [2005-08-11 16:30]
"ISUSScheduler"="C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30]
"nod32kui"="C:\Arquivos de programas\Eset\nod32kui.exe" [2007-05-25 19:03]
"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"StartCCC"="C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35]
"DAEMON Tools"="C:\Arquivos de programas\DAEMON Tools\daemon.exe" [2007-04-03 19:29]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon06]
C:\WINDOWS\system32\hphmon06.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD06]
C:\Arquivos de programas\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*
nlmrpupy


Contents of the 'Scheduled Tasks' folder
2007-06-01 21:42:01 C:\WINDOWS\tasks\HP Usg Daily.job

********************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-01 21:29:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0


********************************************************************

Completion time: 2007-06-01 21:30:39 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-01 21:30

--- E O F ---

#5 gazorninflex

gazorninflex

    Member

  • Full Member
  • Pip
  • 4 posts

Posted 01 June 2007 - 09:10 PM

Oh....well....it didn't remove the .bak one...but it did remove the dll
Thanks...finally removed it.

#6 Sempurna

Sempurna

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 3,838 posts

Posted 01 June 2007 - 10:58 PM

Hi gazorninflex, :wave:

Yes, this is a stubborn one. Do you mean that the malware files are no longer present in your system? Thatís good! :thumbsup:

But, letís sure that there are no hidden drivers or services protecting or regenerating the malware, shall we? :)

For this next step, please ensure that ComboFix.exe is on your desktop:
  • Then, please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
    (start copying from "File::")


    File::
    C:\WINDOWS\system32\ss2uinst.exe
    C:\WINDOWS\system32\wzvhhome.dll
    C:\WINDOWS\system32\iexuwvzu.dll
    C:\WINDOWS\system32\tnqfpnbo.dll
    C:\WINDOWS\system32\xzraiphq.dll
    C:\WINDOWS\system32\daglqkoe.exe
    C:\WINDOWS\system32\precaaaa.exe
    C:\WINDOWS\HPHins03.dat
    C:\WINDOWS\hphmdl03.dat
    C:\WINDOWS\IsUn0416.exe
    
    Catch::
    C:\WINDOWS\system32\lddfldd.dll.bak
    C:\WINDOWS\system32\lddfldd.dll
    

  • Save this as ComboFix-Do.txt and change the "Save as type" to "All Files" and place it on your desktop.


    Posted Image


  • Referring to the screenshot above, drag ComboFix-Do.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Please do NOT mouse-click ComboFix's window while it is running. That may cause it to stall. Also, please do NOT adjust your time format while ComboFix is running.


NEXT:

Please download System Repair Engineer by Smallfrogs and save it to your desktop:
  • Right-click sreng2.zip, select "Extract All", and extract it to its own folder.
  • Double-click SREng.exe to run it.


    Posted Image


  • Select "Smart Scan" and check (tick) "Verify the digital signatures of process modules".
  • Click on the "Scan" button.
  • When the scan is complete, click on the "Save Reports" button and save the log to your desktop.
  • Please attach the log in your next reply. Donít post it.
Note: You would have to rename SREngLog.log to SREngLog.txt before attaching it. If you cannot attach the log, then please copy and paste its contents into your next reply.


NEXT:

Please REBOOT your computer normally into Windows and post these logs in your next reply:
  • The log from the ComboFix scan located at C:\ComboFix.txt.
  • The log from the SREng scan.
  • A new HijackThis log.
(You might have to paste the logs in multiple posts in the event they are too long and breach the post length restrictions of the forum software).

Also, please let me know how things are running now and if you encountered any problems while you were following the directions I posted.
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

--------------------

We are each of us angels with but one wing. And we can only fly embracing each other.
Luciano De Crescenzo

#7 gazorninflex

gazorninflex

    Member

  • Full Member
  • Pip
  • 4 posts

Posted 02 June 2007 - 08:51 AM

Hey man...Sorry I didn't reply yesterday, but my conection wasnt good.
I did it on the first try =)
Thanks a lot, finally removed it.

#8 Sempurna

Sempurna

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 3,838 posts

Posted 02 June 2007 - 01:53 PM

You're most welcome. :)

Could I see the logs I requested just in case there is something else lurking in your system? :)
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

--------------------

We are each of us angels with but one wing. And we can only fly embracing each other.
Luciano De Crescenzo

#9 Sempurna

Sempurna

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 3,838 posts

Posted 06 July 2007 - 04:53 AM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please tell the moderating team by replying HERE with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

--------------------

We are each of us angels with but one wing. And we can only fly embracing each other.
Luciano De Crescenzo




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button