Trojan Horse Crypt.PPX - Besoin d'aide SVP [Résolu]

Section d'analyse de rapports et de désinfection : malwares en tous genre et autres indésirables. Demandes de nettoyage uniquement. Prise en charge restreinte : équipe spécialisée.

Modérateur: Modérateurs

Règles du forum :arrow: Les désinfections sont prises en charge par un groupe spécifique, tout le monde ne peut pas intervenir pour désinfecter les machines (règles).
:arrow: Les procédures sont sur-mesure, ne faites pas la même chose chez vous (explications).
:arrow: Un topic par machine, chacun crée le sien. ;)

Trojan Horse Crypt.PPX - Besoin d'aide SVP [Résolu]

Messagepar Sandra Portugal » 05 Mar 2010 10:40

Bonjour,

Je poste ici un appel au secours pour un virus Trojan, nommé Trojan Horse Crypt.PPX, détecté en 9 (neuf) exemplaires par AVG (Version Free) dans D:\System Volume Information.
Depuis cette détection, mon ordinateur est plus lent que d' habitude à réaliser les tâches, en plus le Scan AVG court depuis 6 jours...

Merci de votre attention.

Ci-joint le log de HiJackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:31:46, on 05-03-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5296.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programas\Synaptics\SynTP\SynTPLpr.exe
C:\Programas\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programas\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programas\HP\Digital Imaging\bin\hpqnrs08.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Programas\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\alg.exe
C:\Programas\AVG\AVG8\avgui.exe
C:\Programas\AVG\AVG8\avgscanx.exe
C:\Programas\AVG\AVG8\avgcsrvx.exe
C:\Programas\Java\jre6\bin\jucheck.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\sol.exe
C:\Programas\Mozilla Firefox\firefox.exe
C:\Programas\AVG\AVG8\avgcsrvx.exe
C:\Programas\AVG\AVG8\avgupd.exe
C:\Documents and Settings\vitor\Ambiente de trabalho\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sapo.pt/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programas\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programas\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programas\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programas\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programas\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programas\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [googletalk] "C:\Programas\Google\Google Talk\googletalk.exe" /autostart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: WinMySQLadmin.lnk = D:\xamp\xampp\mysql\bin\winmysqladmin.exe
O4 - User Startup: WinMySQLadmin.lnk = D:\xamp\xampp\mysql\bin\winmysqladmin.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Programas\Ficheiros comuns\Autodesk Shared\acstart16.exe
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programas\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = sapo.pt,telecom.pt
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = sapo.pt,telecom.pt
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programas\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programas\Ficheiros comuns\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programas\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7431 bytes

J' attends vos instructions. Merci.
Sandra
Dernière édition par Sandra Portugal le 06 Mar 2010 15:39, édité 1 fois.
Sandra Portugal
 
Messages: 49
Inscription: 21 Oct 2008 10:46

Re: Trojan Horse Crypt.PPX - Besoin d'aide SVP

Messagepar Falkra » 05 Mar 2010 11:43

Bonjour, :-D

Stoppe le scan s'il dure depuis 6 jours et poste le rapport stp.
Avatar de l’utilisateur
Falkra
Admin libellules.ch
Admin libellules.ch
 
Messages: 25882
Inscription: 30 Jan 2005 13:44
Localisation: 127.0.0.1

Re: Trojan Horse Crypt.PPX - Besoin d'aide SVP

Messagepar Sandra Portugal » 05 Mar 2010 12:05

Bonjour Falkra,

Merci de venir m'aider.

San AVG stoppé.
Le rapport du scan AVG:
"Scan ""Scan whole computer"" was finished."
"Warnings";"79"
"Folders selected for scanning:";"Scan whole computer"
"Scan started:";"sábado, 27 de Fevereiro de 2010, 1:26:22"
"Scan finished:";"sexta-feira, 5 de Março de 2010, 10:49:26 (6 day(s) 9 hour(s) 23 minute(s) 3 second(s))"
"Total object scanned:";"343101"
"User who launched the scan:";"vitor"

"Warnings"
"File";"Infection";"Result"
"C:\Documents and Settings\vitor\Application Data\Mozilla\Firefox\Profiles\6rxoatoc.default\cookies.sqlite";"Found Tracking cookie.Doubleclick";"Potentially dangerous object"
"C:\Documents and Settings\vitor\Application Data\Mozilla\Firefox\Profiles\6rxoatoc.default\cookies.sqlite:\247realmedia.com.6b039dbe";"Found Tracking cookie.247realmedia";"Potentially dangerous object"
"C:\Documents and Settings\vitor\Application Data\Mozilla\Firefox\Profiles\6rxoatoc.default\cookies.sqlite:\2o7.net.3f08ebd";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\vitor\Application Data\Mozilla\Firefox\Profiles\6rxoatoc.default\cookies.sqlite:\2o7.net.daeb3377";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\vitor\Application Data\Mozilla\Firefox\Profiles\6rxoatoc.default\cookies.sqlite:\ad.yieldmanager.com.539b0606";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\vitor\Application Data\Mozilla\Firefox\Profiles\6rxoatoc.default\cookies.sqlite:\ad.yieldmanager.com.557bf2b0";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\vitor\Application Data\Mozilla\Firefox\Profiles\6rxoatoc.default\cookies.sqlite:\ad.yieldmanager.com.87a9ab5d";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\vitor\Application Data\Mozilla\Firefox\Profiles\6rxoatoc.default\cookies.sqlite:\ad.yieldmanager.com.8a47878";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\vitor\Application Data\Mozilla\Firefox\Profiles\6rxoatoc.default\cookies.sqlite:\ad.yieldmanager.com.8a47878";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\vitor\Application Data\Mozilla\Firefox\Profiles\6rxoatoc.default\cookies.sqlite:\ad.yieldmanager.com.b68f2b7b";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\vitor\Application Data\Mozilla\Firefox\Profiles\6rxoatoc.default\cookies.sqlite:\ad.yieldmanager.com.ff92306";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\vitor\Application Data\Mozilla\Firefox\Profiles\6rxoatoc.default\cookies.sqlite:\ad.yieldmanager.com.ff92306";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\vitor\Application Data\Mozilla\Firefox\Profiles\6rxoatoc.default\cookies.sqlite:\adtech.de.1b1181f5";"Found Tracking cookie.Adtech";"Potentially dangerous object"
"C:\Documents and Settings\vitor\Application Data\Mozilla\Firefox\Profiles\6rxoatoc.default\cookies.sqlite:\adtech.de.1e63a70f";"Found Tracking cookie.Adtech";"Potentially dangerous object"
"C:\Documents and Settings\vitor\Application Data\Mozilla\Firefox\Profiles\6rxoatoc.default\cookies.sqlite:\adtech.de.293cbee2";"Found Tracking cookie.Adtech";"Potentially dangerous object"
"C:\Documents and Settings\vitor\Application Data\Mozilla\Firefox\Profiles\6rxoatoc.default\cookies.sqlite:\adtech.de.4cb5048b";"Found Tracking cookie.Adtech";"Potentially dangerous object"
"C:\Documents and Settings\vitor\Application Data\Mozilla\Firefox\Profiles\6rxoatoc.default\cookies.sqlite:\adtech.de.53b93bb1";"Found Tracking cookie.Adtech";"Potentially dangerous object"
"C:\Documents and Settings\vitor\Application Data\Mozilla\Firefox\Profiles\6rxoatoc.default\cookies.sqlite:\adtech.de.9d5db0f5";"Found Tracking cookie.Adtech";"Potentially dangerous object"
"C:\Documents and Settings\vitor\Application Data\Mozilla\Firefox\Profiles\6rxoatoc.default\cookies.sqlite:\mediaplex.com.dc30fb3c";"Found Tracking cookie.Mediaplex";"Potentially dangerous object"
"C:\Documents and Settings\vitor\Application Data\Mozilla\Firefox\Profiles\6rxoatoc.default\cookies.sqlite:\mediaplex.com.f652b123";"Found Tracking cookie.Mediaplex";"Potentially dangerous object"
"C:\Documents and Settings\vitor\Application Data\Mozilla\Firefox\Profiles\6rxoatoc.default\cookies.sqlite:\advertising.com.1dfa2206";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Documents and Settings\vitor\Application Data\Mozilla\Firefox\Profiles\6rxoatoc.default\cookies.sqlite:\advertising.com.525a5fb9";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Documents and Settings\vitor\Application Data\Mozilla\Firefox\Profiles\6rxoatoc.default\cookies.sqlite:\fastclick.net.57e8da10";"Found Tracking cookie.Fastclick";"Potentially dangerous object"
"C:\Documents and Settings\vitor\Application Data\Mozilla\Firefox\Profiles\6rxoatoc.default\cookies.sqlite:\fastclick.net.8a6435e9";"Found Tracking cookie.Fastclick";"Potentially dangerous object"
"C:\Documents and Settings\vitor\Application Data\Mozilla\Firefox\Profiles\6rxoatoc.default\cookies.sqlite:\fastclick.net.fac3d6f0";"Found Tracking cookie.Fastclick";"Potentially dangerous object"
"C:\Documents and Settings\vitor\Application Data\Mozilla\Firefox\Profiles\6rxoatoc.default\cookies.sqlite:\questionmarket.com.4dd5e426";"Found Tracking cookie.Questionmarket";"Potentially dangerous object"
"C:\Documents and Settings\vitor\Application Data\Mozilla\Firefox\Profiles\6rxoatoc.default\cookies.sqlite:\pointroll.com.72c0abc9";"Found Tracking cookie.Pointroll";"Potentially dangerous object"
"C:\Documents and Settings\vitor\Application Data\Mozilla\Firefox\Profiles\6rxoatoc.default\cookies.sqlite:\pointroll.com.f2d5a6f6";"Found Tracking cookie.Pointroll";"Potentially dangerous object"
"C:\Documents and Settings\vitor\Application Data\Mozilla\Firefox\Profiles\6rxoatoc.default\cookies.sqlite:\questionmarket.com.3eb5a9f1";"Found Tracking cookie.Questionmarket";"Potentially dangerous object"
"C:\Documents and Settings\vitor\Application Data\Mozilla\Firefox\Profiles\6rxoatoc.default\cookies.sqlite:\revsci.net.44927ec";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Documents and Settings\vitor\Application Data\Mozilla\Firefox\Profiles\6rxoatoc.default\cookies.sqlite:\revsci.net.738d89d";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Documents and Settings\vitor\Application Data\Mozilla\Firefox\Profiles\6rxoatoc.default\cookies.sqlite:\revsci.net.b8d48360";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Documents and Settings\vitor\Application Data\Mozilla\Firefox\Profiles\6rxoatoc.default\cookies.sqlite:\serving-sys.com.4cd8c2e9";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\vitor\Application Data\Mozilla\Firefox\Profiles\6rxoatoc.default\cookies.sqlite:\smartadserver.com.321a5cf8";"Found Tracking cookie.Smartadserver";"Potentially dangerous object"
"C:\Documents and Settings\vitor\Application Data\Mozilla\Firefox\Profiles\6rxoatoc.default\cookies.sqlite:\smartadserver.com.3e749ab9";"Found Tracking cookie.Smartadserver";"Potentially dangerous object"
"C:\Documents and Settings\vitor\Application Data\Mozilla\Firefox\Profiles\6rxoatoc.default\cookies.sqlite:\tacoda.net.4366831a";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
"C:\Documents and Settings\vitor\Application Data\Mozilla\Firefox\Profiles\6rxoatoc.default\cookies.sqlite:\smartadserver.com.5550c4ed";"Found Tracking cookie.Smartadserver";"Potentially dangerous object"
"C:\Documents and Settings\vitor\Application Data\Mozilla\Firefox\Profiles\6rxoatoc.default\cookies.sqlite:\smartadserver.com.bf8b766";"Found Tracking cookie.Smartadserver";"Potentially dangerous object"
"C:\Documents and Settings\vitor\Application Data\Mozilla\Firefox\Profiles\6rxoatoc.default\cookies.sqlite:\smartadserver.com.c5827141";"Found Tracking cookie.Smartadserver";"Potentially dangerous object"
"C:\Documents and Settings\vitor\Application Data\Mozilla\Firefox\Profiles\6rxoatoc.default\cookies.sqlite:\statse.webtrendslive.com.b4ca7df0";"Found Tracking cookie.Webtrendslive";"Potentially dangerous object"
"C:\Documents and Settings\vitor\Application Data\Mozilla\Firefox\Profiles\6rxoatoc.default\cookies.sqlite:\tacoda.net.27341d57";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
"C:\Documents and Settings\vitor\Application Data\Mozilla\Firefox\Profiles\6rxoatoc.default\cookies.sqlite:\tacoda.net.5935e89";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
"C:\Documents and Settings\vitor\Application Data\Mozilla\Firefox\Profiles\6rxoatoc.default\cookies.sqlite:\tacoda.net.c4fe2ebb";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
"C:\Documents and Settings\vitor\Application Data\Mozilla\Firefox\Profiles\6rxoatoc.default\cookies.sqlite:\tacoda.net.cd7ce44f";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
"C:\Documents and Settings\vitor\Application Data\Mozilla\Firefox\Profiles\6rxoatoc.default\cookies.sqlite:\tacoda.net.cd7ce44f";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
"C:\Documents and Settings\vitor\Application Data\Mozilla\Firefox\Profiles\6rxoatoc.default\cookies.sqlite:\tacoda.net.ed9c50d1";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
"C:\Documents and Settings\vitor\Application Data\Mozilla\Firefox\Profiles\6rxoatoc.default\cookies.sqlite:\tradedoubler.com.ba12c0e9";"Found Tracking cookie.Tradedoubler";"Potentially dangerous object"
"C:\Documents and Settings\vitor\Application Data\Mozilla\Firefox\Profiles\6rxoatoc.default\cookies.sqlite:\adtech.de.a9245469";"Found Tracking cookie.Adtech";"Potentially dangerous object"
"C:\Documents and Settings\vitor\Application Data\Mozilla\Firefox\Profiles\6rxoatoc.default\cookies.sqlite:\adtech.de.fa8d0d40";"Found Tracking cookie.Adtech";"Potentially dangerous object"
"C:\Documents and Settings\vitor\Application Data\Mozilla\Firefox\Profiles\6rxoatoc.default\cookies.sqlite:\atdmt.com.7247c262";"Found Tracking cookie.Atdmt";"Potentially dangerous object"
"C:\Documents and Settings\vitor\Application Data\Mozilla\Firefox\Profiles\6rxoatoc.default\cookies.sqlite:\adtech.de.b82cc00f";"Found Tracking cookie.Adtech";"Potentially dangerous object"
"C:\Documents and Settings\vitor\Application Data\Mozilla\Firefox\Profiles\6rxoatoc.default\cookies.sqlite:\atdmt.com.b3e33b5f";"Found Tracking cookie.Atdmt";"Potentially dangerous object"
"C:\Documents and Settings\vitor\Application Data\Mozilla\Firefox\Profiles\6rxoatoc.default\cookies.sqlite:\bluestreak.com.bf396750";"Found Tracking cookie.Bluestreak";"Potentially dangerous object"
"C:\Documents and Settings\vitor\Application Data\Mozilla\Firefox\Profiles\6rxoatoc.default\cookies.sqlite:\bs.serving-sys.com.5bf1f00f";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\vitor\Application Data\Mozilla\Firefox\Profiles\6rxoatoc.default\cookies.sqlite:\doubleclick.net.1d39bd48";"Found Tracking cookie.Doubleclick";"Potentially dangerous object"
"C:\Documents and Settings\vitor\Application Data\Mozilla\Firefox\Profiles\6rxoatoc.default\cookies.sqlite:\doubleclick.net.bf396750";"Found Tracking cookie.Doubleclick";"Potentially dangerous object"
"C:\Documents and Settings\vitor\Application Data\Mozilla\Firefox\Profiles\6rxoatoc.default\cookies.sqlite:\revsci.net.18a1d1b2";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Documents and Settings\vitor\Application Data\Mozilla\Firefox\Profiles\6rxoatoc.default\cookies.sqlite:\revsci.net.2df99d79";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Documents and Settings\vitor\Application Data\Mozilla\Firefox\Profiles\6rxoatoc.default\cookies.sqlite:\revsci.net.e9dbeb91";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Documents and Settings\vitor\Application Data\Mozilla\Firefox\Profiles\6rxoatoc.default\cookies.sqlite:\searchportal.information.com.3a8d7204";"Found Tracking cookie.Information";"Potentially dangerous object"
"C:\Documents and Settings\vitor\Application Data\Mozilla\Firefox\Profiles\6rxoatoc.default\cookies.sqlite:\searchportal.information.com.44e78b2";"Found Tracking cookie.Information";"Potentially dangerous object"
"C:\Documents and Settings\vitor\Application Data\Mozilla\Firefox\Profiles\6rxoatoc.default\cookies.sqlite:\searchportal.information.com.634f1b89";"Found Tracking cookie.Information";"Potentially dangerous object"
"C:\Documents and Settings\vitor\Application Data\Mozilla\Firefox\Profiles\6rxoatoc.default\cookies.sqlite:\serving-sys.com.255d6f2f";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\vitor\Application Data\Mozilla\Firefox\Profiles\6rxoatoc.default\cookies.sqlite:\serving-sys.com.400f83f";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\vitor\Application Data\Mozilla\Firefox\Profiles\6rxoatoc.default\cookies.sqlite:\serving-sys.com.4b416ef8";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\vitor\Application Data\Mozilla\Firefox\Profiles\6rxoatoc.default\cookies.sqlite:\serving-sys.com.606c3d3b";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\vitor\Application Data\Mozilla\Firefox\Profiles\6rxoatoc.default\cookies.sqlite:\serving-sys.com.6a1cf9e8";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\vitor\Application Data\Mozilla\Firefox\Profiles\6rxoatoc.default\cookies.sqlite:\serving-sys.com.c9034af6";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Documents and Settings\vitor\Application Data\Mozilla\Firefox\Profiles\6rxoatoc.default\cookies.sqlite:\tradedoubler.com.dc3c9994";"Found Tracking cookie.Tradedoubler";"Potentially dangerous object"
"C:\Documents and Settings\vitor\Application Data\Mozilla\Firefox\Profiles\6rxoatoc.default\cookies.sqlite:\tradedoubler.com.eab0972e";"Found Tracking cookie.Tradedoubler";"Potentially dangerous object"
"C:\Documents and Settings\vitor\Application Data\Mozilla\Firefox\Profiles\6rxoatoc.default\cookies.sqlite:\tradedoubler.com.ef90aa95";"Found Tracking cookie.Tradedoubler";"Potentially dangerous object"
"C:\Documents and Settings\vitor\Application Data\Mozilla\Firefox\Profiles\6rxoatoc.default\cookies.sqlite:\tribalfusion.com.dcc03271";"Found Tracking cookie.Tribalfusion";"Potentially dangerous object"
"C:\Documents and Settings\vitor\Application Data\Mozilla\Firefox\Profiles\6rxoatoc.default\cookies.sqlite:\estat.com.efda7a5a";"Found Tracking cookie.Estat";"Potentially dangerous object"
"C:\Documents and Settings\vitor\Application Data\Mozilla\Firefox\Profiles\6rxoatoc.default\cookies.sqlite:\zedo.com.14a38114";"Found Tracking cookie.Zedo";"Potentially dangerous object"
"C:\Documents and Settings\vitor\Application Data\Mozilla\Firefox\Profiles\6rxoatoc.default\cookies.sqlite:\zedo.com.27f1639b";"Found Tracking cookie.Zedo";"Potentially dangerous object"
"C:\Documents and Settings\vitor\Application Data\Mozilla\Firefox\Profiles\6rxoatoc.default\cookies.sqlite:\zedo.com.c1dd09f2";"Found Tracking cookie.Zedo";"Potentially dangerous object"
"C:\Documents and Settings\vitor\Application Data\Mozilla\Firefox\Profiles\6rxoatoc.default\cookies.sqlite:\zedo.com.a5b6a132";"Found Tracking cookie.Zedo";"Potentially dangerous object"
"C:\Documents and Settings\vitor\Application Data\Mozilla\Firefox\Profiles\6rxoatoc.default\cookies.sqlite:\zedo.com.cef1c7af";"Found Tracking cookie.Zedo";"Potentially dangerous object"
"C:\Documents and Settings\vitor\Application Data\Mozilla\Firefox\Profiles\6rxoatoc.default\cookies.sqlite:\zedo.com.dd15d628";"Found Tracking cookie.Zedo";"Potentially dangerous object"
"C:\Documents and Settings\vitor\Cookies\vitor@atdmt[2].txt";"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
"C:\Documents and Settings\vitor\Cookies\vitor@atdmt[2].txt:\atdmt.com.7247c262";"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
"C:\Documents and Settings\vitor\Cookies\vitor@atdmt[2].txt:\atdmt.com.b3e33b5f";"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
"C:\Documents and Settings\vitor\Cookies\vitor@doubleclick[1].txt";"Found Tracking cookie.Doubleclick";"Moved to Virus Vault"
"C:\Documents and Settings\vitor\Cookies\vitor@doubleclick[1].txt:\doubleclick.net.bf396750";"Found Tracking cookie.Doubleclick";"Moved to Virus Vault"
"C:\Documents and Settings\vitor\Cookies\vitor@smartadserver[1].txt";"Found Tracking cookie.Smartadserver";"Moved to Virus Vault"
"C:\Documents and Settings\vitor\Cookies\vitor@smartadserver[1].txt:\smartadserver.com.321a5cf8";"Found Tracking cookie.Smartadserver";"Moved to Virus Vault"
"C:\Documents and Settings\vitor\Cookies\vitor@smartadserver[1].txt:\smartadserver.com.3e749ab9";"Found Tracking cookie.Smartadserver";"Moved to Virus Vault"
"C:\Documents and Settings\vitor\Cookies\vitor@smartadserver[1].txt:\smartadserver.com.5550c4ed";"Found Tracking cookie.Smartadserver";"Moved to Virus Vault"
"C:\Documents and Settings\vitor\Cookies\vitor@smartadserver[1].txt:\smartadserver.com.bf8b766";"Found Tracking cookie.Smartadserver";"Moved to Virus Vault"
"C:\Documents and Settings\vitor\Cookies\vitor@smartadserver[1].txt:\smartadserver.com.c5827141";"Found Tracking cookie.Smartadserver";"Moved to Virus Vault"
"C:\Documents and Settings\vitor\Cookies\vitor@statse.webtrendslive[2].txt";"Found Tracking cookie.Webtrendslive";"Moved to Virus Vault"
"C:\Documents and Settings\vitor\Cookies\vitor@statse.webtrendslive[2].txt:\statse.webtrendslive.com.b4ca7df0";"Found Tracking cookie.Webtrendslive";"Moved to Virus Vault"
"C:\Documents and Settings\vitor\Cookies\vitor@weborama[1].txt";"Found Tracking cookie.Weborama";"Moved to Virus Vault"
"C:\Documents and Settings\vitor\Cookies\vitor@weborama[1].txt:\weborama.fr.30104bcb";"Found Tracking cookie.Weborama";"Moved to Virus Vault"
"C:\Documents and Settings\vitor\Cookies\vitor@weborama[1].txt:\weborama.fr.5f498b98";"Found Tracking cookie.Weborama";"Moved to Virus Vault"
"C:\Documents and Settings\vitor\Cookies\vitor@weborama[1].txt:\weborama.fr.f636611";"Found Tracking cookie.Weborama";"Moved to Virus Vault"

FIN

Et dans le Resident Shield Alert, il y un message "Multiple Threat Detected" et dans le tableau de résultats qui s'affiche il y a 9 Trojan Horse Crypt.PPX avec "Infected" comme "Result", les ficheirs sont tous dans d:\ System Volume Information.

J'espère avoir répondu à ta demande de rapport.
Sandra Portugal
 
Messages: 49
Inscription: 21 Oct 2008 10:46

Re: Trojan Horse Crypt.PPX - Besoin d'aide SVP

Messagepar Falkra » 05 Mar 2010 14:44

Ca ce sont des cookies, ce n'est rien.

On peut purger les points de restauration pour éliminer les intrus, pour cela désactive la restauration système :
http://www.libellules.ch/desactiver_restauration.php

¨Puis réactive-la, entre temps tous les points infectés auront été supprimés.

Les cookies ce n'est rien, il ne semble rien y avoir d'actif et nuisible sur ta machine pour le moment.
Avatar de l’utilisateur
Falkra
Admin libellules.ch
Admin libellules.ch
 
Messages: 25882
Inscription: 30 Jan 2005 13:44
Localisation: 127.0.0.1

Re: Trojan Horse Crypt.PPX - Besoin d'aide SVP

Messagepar Sandra Portugal » 05 Mar 2010 15:11

Je viens de faire ce que tu m'a indiqué.
J'attends de nouvelles instructions.

Je comprends que les cookies soient innofensifs, c'est l' indication de 9 trojans dans la liste du "resident shield" avg qui m' inquiète... qui s' ajoute à un comportament de l'ordinateur que je ne reconnais pas, plus lent et qui indique sans arrêt des messages de scripts qui bloquent "A script on this page may be busy, etc", tu vois de quel message je parle? (J' ai déjà desactivé le "search shield" de AVG qui n'est pas compatible avec le dernier FIREFOX, que j'ai depuis quelques jours, mais ça continue quand même).

Merci de m'aider Falkra.
Sandra Portugal
 
Messages: 49
Inscription: 21 Oct 2008 10:46

Re: Trojan Horse Crypt.PPX - Besoin d'aide SVP

Messagepar Falkra » 05 Mar 2010 15:13

Oui, côté Firefox, il faut souvent désactiver l'extension d'AVG (outils, modules complémentaires, extensions).

Télécharge random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau. Cet outil va faire un état des lieux, lire la configuration, comme HijackThis, mais en plus détaillé.
  • Double-clique sur RSIT.exe afin de lancer RSIT.
  • Clique Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché) ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
  • NB : Les rapports sont sauvegardés dans le dossier C:\rsit
    Ca fait deux rapports donc. Comme ils sont longs, tu peux faire 2 réponses, une par rapport. ;-)
Avatar de l’utilisateur
Falkra
Admin libellules.ch
Admin libellules.ch
 
Messages: 25882
Inscription: 30 Jan 2005 13:44
Localisation: 127.0.0.1

Re: Trojan Horse Crypt.PPX - Besoin d'aide SVP

Messagepar Sandra Portugal » 05 Mar 2010 15:22

Logfile of random's system information tool 1.06 (written by random/random)
Run by vitor at 2010-03-05 14:18:39
Microsoft Windows XP Professional Service Pack 3
System drive C: has 534 MB (6%) free of 10 GB
Total RAM: 511 MB (14% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:31:46, on 05-03-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5296.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programas\Synaptics\SynTP\SynTPLpr.exe
C:\Programas\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programas\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programas\HP\Digital Imaging\bin\hpqnrs08.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Programas\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\alg.exe
C:\Programas\AVG\AVG8\avgui.exe
C:\Programas\AVG\AVG8\avgscanx.exe
C:\Programas\AVG\AVG8\avgcsrvx.exe
C:\Programas\Java\jre6\bin\jucheck.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\sol.exe
C:\Programas\Mozilla Firefox\firefox.exe
C:\Programas\AVG\AVG8\avgcsrvx.exe
C:\Programas\AVG\AVG8\avgupd.exe
C:\Documents and Settings\vitor\Ambiente de trabalho\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sapo.pt/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programas\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programas\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programas\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programas\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programas\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programas\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [googletalk] "C:\Programas\Google\Google Talk\googletalk.exe" /autostart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: WinMySQLadmin.lnk = D:\xamp\xampp\mysql\bin\winmysqladmin.exe
O4 - User Startup: WinMySQLadmin.lnk = D:\xamp\xampp\mysql\bin\winmysqladmin.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Programas\Ficheiros comuns\Autodesk Shared\acstart16.exe
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programas\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = sapo.pt,telecom.pt
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = sapo.pt,telecom.pt
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programas\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programas\Ficheiros comuns\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programas\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7431 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At10.job
C:\WINDOWS\tasks\At11.job
C:\WINDOWS\tasks\At12.job
C:\WINDOWS\tasks\At13.job
C:\WINDOWS\tasks\At14.job
C:\WINDOWS\tasks\At15.job
C:\WINDOWS\tasks\At16.job
C:\WINDOWS\tasks\At17.job
C:\WINDOWS\tasks\At18.job
C:\WINDOWS\tasks\At19.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At20.job
C:\WINDOWS\tasks\At21.job
C:\WINDOWS\tasks\At22.job
C:\WINDOWS\tasks\At23.job
C:\WINDOWS\tasks\At24.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\At5.job
C:\WINDOWS\tasks\At6.job
C:\WINDOWS\tasks\At7.job
C:\WINDOWS\tasks\At8.job
C:\WINDOWS\tasks\At9.job
C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Programas\AVG\AVG8\avgssie.dll [2009-12-12 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Programas\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-14 1004800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programas\Java\jre6\bin\jp2ssv.dll [2009-05-11 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Programas\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-14 1004800]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"=C:\WINDOWS\system32\Ati2mdxx.exe [2004-02-25 28672]
"ATIPTA"=C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-02-03 335872]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2003-06-11 87751]
"SynTPLpr"=C:\Programas\Synaptics\SynTP\SynTPLpr.exe [2003-06-17 126976]
"SynTPEnh"=C:\Programas\Synaptics\SynTP\SynTPEnh.exe [2003-06-17 561152]
"Hcontrol"=C:\WINDOWS\ATK0100\Hcontrol.exe [2003-09-08 61440]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"SunJavaUpdateSched"=C:\Programas\Java\jre6\bin\jusched.exe [2009-05-11 148888]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-12-12 2043160]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"googletalk"=C:\Programas\Google\Google Talk\googletalk.exe [2007-01-01 3739648]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Arranque
AutoCAD Startup Accelerator.lnk - C:\Programas\Ficheiros comuns\Autodesk Shared\acstart16.exe

D:\oldVitor\Menu Iniciar\Programas\Arranque
WinMySQLadmin.lnk - D:\xamp\xampp\mysql\bin\winmysqladmin.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-08-31 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll [2006-01-25 6424064]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programas\BitTorrent\bittorrent.exe"="C:\Programas\BitTorrent\bittorrent.exe:*:Enabled:bittorrent"
"C:\Programas\Messenger\msmsgs.exe"="C:\Programas\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Programas\SecondLife\SecondLife.exe"="C:\Programas\SecondLife\SecondLife.exe:*:Enabled:Second Life"
"C:\Programas\Zend\ZendStudioClient-5.0.0Beta\jre\bin\javaw.exe"="C:\Programas\Zend\ZendStudioClient-5.0.0Beta\jre\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\Documents and Settings\vitor\Ambiente de trabalho\OPML\OPML\opml.exe"="C:\Documents and Settings\vitor\Ambiente de trabalho\OPML\OPML\opml.exe:*:Enabled:OPML"
"C:\Programas\beetlejuice_0.4.1\jre\bin\java.exe"="C:\Programas\beetlejuice_0.4.1\jre\bin\java.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\Programas\Red Chair Software\Anapod Explorer\anamgr.exe"="C:\Programas\Red Chair Software\Anapod Explorer\anamgr.exe:*:Enabled:Anapod Xtreamer"
"C:\Programas\WaterProof\PHPEdit\2.0\DbgListener.exe"="C:\Programas\WaterProof\PHPEdit\2.0\DbgListener.exe:*:Enabled:Listener for php debugger DBG"
"C:\Programas\Java\j2re1.4.2_03\bin\javaw.exe"="C:\Programas\Java\j2re1.4.2_03\bin\javaw.exe:*:Enabled:javaw"
"C:\Programas\Mozilla Firefox\firefox.exe"="C:\Programas\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"D:\xamp\xampp\apache\bin\apache.exe"="D:\xamp\xampp\apache\bin\apache.exe:*:Enabled:Apache HTTP Server"
"D:\xamp\xampp\mysql\bin\mysqld-nt.exe"="D:\xamp\xampp\mysql\bin\mysqld-nt.exe:*:Enabled:mysqld-nt"
"D:\xamp\xampp\mysql\bin\mysqld.exe"="D:\xamp\xampp\mysql\bin\mysqld.exe:*:Enabled:mysqld"
"C:\WINDOWS\system32\javaw.exe"="C:\WINDOWS\system32\javaw.exe:*:Enabled:javaw"
"C:\Programas\Google\Google Talk\googletalk.exe"="C:\Programas\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\WINDOWS\system32\ftp.exe"="C:\WINDOWS\system32\ftp.exe:*:Enabled:Programa de transferência de ficheiros"
"C:\Programas\Java\jre1.5.0_06\bin\javaw.exe"="C:\Programas\Java\jre1.5.0_06\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\Programas\Joost\xulrunner\tvprunner.exe"="C:\Programas\Joost\xulrunner\tvprunner.exe:*:Enabled:tvprunner"
"E:\setup\HPZNET01.EXE"="E:\setup\HPZNET01.EXE:*:Enabled:hpznet01.exe"
"E:\setup\HPONICIFS01.EXE"="E:\setup\HPONICIFS01.EXE:*:Enabled:hponicifs01.exe"
"C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Programas\HP\Digital Imaging\bin\hpqste08.exe"="C:\Programas\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Programas\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Programas\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Programas\HP\Digital Imaging\bin\hposfx08.exe"="C:\Programas\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Programas\HP\Digital Imaging\bin\hposid01.exe"="C:\Programas\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Programas\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Programas\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Programas\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Programas\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Programas\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Programas\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Programas\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Programas\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Programas\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Programas\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Programas\HP\Digital Imaging\bin\hpoews01.exe"="C:\Programas\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"D:\eclipse_cd\eclipse\eclipse.exe"="D:\eclipse_cd\eclipse\eclipse.exe:*:Enabled:eclipse"
"E:\eclipse\eclipse.exe"="E:\eclipse\eclipse.exe:*:Enabled:eclipse"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Consola de gestão da Microsoft"
"C:\Programas\AVG\AVG8\avgupd.exe"="C:\Programas\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Programas\AVG\AVG8\avgnsx.exe"="C:\Programas\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Programas\AVG\AVG8\avgemc.exe"="C:\Programas\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Documents and Settings\vitor\Definições locais\Temp\hp_webrelease\setup\HPZnet01.exe"="C:\Documents and Settings\vitor\Definições locais\Temp\hp_webrelease\setup\HPZnet01.exe:*:Enabled:hpznet01.exe"
"C:\Documents and Settings\vitor\Definições locais\Temp\hp_webrelease\setup\hponicifs01.exe"="C:\Documents and Settings\vitor\Definições locais\Temp\hp_webrelease\setup\hponicifs01.exe:*:Enabled:hponicifs01.exe"
"C:\Programas\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Programas\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Programas\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Programas\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Programas\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Programas\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Programas\Windows Live\Messenger\wlcsdk.exe"="C:\Programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Programas\Windows Live\Messenger\msnmsgr.exe"="C:\Programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"G:\eclipse\eclipse.exe"="G:\eclipse\eclipse.exe:*:Enabled:eclipse"
"C:\Documents and Settings\vitor\Ambiente de trabalho\USB\eclipse\eclipse.exe"="C:\Documents and Settings\vitor\Ambiente de trabalho\USB\eclipse\eclipse.exe:*:Enabled:eclipse"
"F:\eclipse\eclipse.exe"="F:\eclipse\eclipse.exe:*:Enabled:eclipse"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programas\Windows Live\Messenger\wlcsdk.exe"="C:\Programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Programas\Windows Live\Messenger\msnmsgr.exe"="C:\Programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fcfb8390-b8a1-11dd-be38-0012f0180d3a}]
shell\AutoRun\command - F:\umenu.exe


======File associations======

.scr - open - "C:\WINDOWS\system32\notepad.exe" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2010-03-05 14:18:39 ----D---- C:\rsit
2010-02-26 19:45:41 ----D---- C:\SDFix
2010-02-26 13:25:16 ----HD---- C:\$AVG8.VAULT$
2010-02-25 08:00:44 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-02-11 03:15:41 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-11 03:15:07 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-11 03:06:10 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-11 03:05:57 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-11 03:05:44 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-11 03:05:27 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-11 03:05:06 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-11 03:04:42 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-11 03:03:30 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$

======List of files/folders modified in the last 1 months======

2010-03-05 14:18:36 ----D---- C:\WINDOWS\Prefetch
2010-03-05 14:01:24 ----SHD---- C:\System Volume Information
2010-03-05 11:09:04 ----D---- C:\Programas\PokerStars
2010-03-05 10:24:05 ----D---- C:\WINDOWS\Temp
2010-03-02 21:00:01 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-27 14:53:00 ----D---- C:\Programas\Mozilla Firefox
2010-02-27 00:39:38 ----D---- C:\WINDOWS\ERUNT
2010-02-27 00:19:40 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-27 00:18:33 ----D---- C:\WINDOWS
2010-02-27 00:17:39 ----D---- C:\WINDOWS\system32\drivers
2010-02-26 22:24:38 ----D---- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
2010-02-26 22:23:02 ----D---- C:\Programas\Malwarebytes' Anti-Malware
2010-02-26 20:29:56 ----A---- C:\WINDOWS\ntbtlog.txt
2010-02-26 20:29:29 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-02-26 19:47:36 ----D---- C:\WINDOWS\system32
2010-02-25 08:01:49 ----HD---- C:\WINDOWS\inf
2010-02-11 03:15:46 ----A---- C:\WINDOWS\imsins.BAK
2010-02-11 03:15:40 ----HD---- C:\WINDOWS\$hf_mig$

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-08-31 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-08-31 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-12 108552]
R1 intelppm;Controlador de processador Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40320]
R2 irda;Protocolo IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2003-06-11 1164576]
R3 Arp1394;Protocolo de cliente ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-02-25 670208]
R3 CmBatt;Controlador Microsoft ACPI Control Method Battery; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ATKACPI.sys [2003-09-08 5786]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NSCIRDA;NSC - controlador de dispositivos infravermelhos; C:\WINDOWS\system32\DRIVERS\nscirda.sys [2008-04-13 28672]
R3 Rasirda;Miniport WAN (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\system32\DRIVERS\R8139n51.SYS [2002-06-13 45568]
R3 STAC97;Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\STAC97.sys [2003-05-17 220048]
R3 StillCam;Controlador de câmara digital série Still; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-11-20 7040]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2003-06-17 264528]
R3 usbehci;Microsoft USB 2.0 - controlador Miniport de anfitrião melhorado; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrador activado por USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Controlador miniport do controlador Microsoft USB universal; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w29n51;Driver de conexão de rede Intel(R) PRO/Wireless 2200BG para Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2004-08-07 3210496]
S1 kbdhid;Controlador HID de teclado; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
S3 ADDMEM;ADDMEM; \??\C:\DOCUME~1\vitor\DEFINI~1\Temp\__Samsung_Update\ADDMEM.SYS []
S3 BthEnum;Serviço enumerador Bluetooth; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BTHMODEM;Controlador de comunicações série Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Controlador de porta Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272640]
S3 BTHUSB;Controlador USB de rádio Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 catchme;catchme; \??\C:\DOCUME~1\vitor\DEFINI~1\Temp\catchme.sys []
S3 DOSMEMIO;MEMIO; \??\E:\Application\SmartScreen\MEMIO.SYS []
S3 HidBth;Miniport HID do Microsoft Bluetooth; C:\WINDOWS\system32\DRIVERS\hidbth.sys [2008-04-14 25728]
S3 mouhid;Controlador HID de rato; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-11-20 12160]
S3 RFCOMM;Dispositivo Bluetooth (TDI protocolo RFCOMM); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Classe de impressoras USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;Controlador de armazenamento de massa USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-02-25 397312]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-08-31 908056]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-08-31 297752]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
S3 Adobe LM Service;Adobe LM Service; C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-06-22 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Programas\Ficheiros comuns\Autodesk Shared\Service\AdskScSrv.exe [2005-10-05 77944]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 HP Port Resolver;HP Port Resolver; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE [2005-05-20 81920]
S3 HP Status Server;HP Status Server; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE [2004-10-16 73728]
S3 IDriverT;InstallDriver Table Manager; C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Irmon;Monitor de infravermelhos; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 JavaQuickStarterService;Java Quick Starter; C:\Programas\Java\jre6\bin\jqs.exe [2009-05-11 152984]
S4 Apache2.2;Apache2.2; D:\eclipse_cd\xampplite\apache\bin\apache.exe [2007-09-21 17408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
Sandra Portugal
 
Messages: 49
Inscription: 21 Oct 2008 10:46

Re: Trojan Horse Crypt.PPX - Besoin d'aide SVP

Messagepar Sandra Portugal » 05 Mar 2010 15:23

info.txt logfile of random's system information tool 1.06 2010-03-05 14:19:58

======Uninstall list======

-->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{BAD400A0-F924-4BB6-9651-CD45642B3917}\Setup.exe" -l0x9 anything
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Actiontec MDC AC'97 Modem v2122D-->agrsmdel
Actualização de Segurança para o Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Actualização de Segurança para o Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Actualização de Segurança para o Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Actualização de Segurança para o Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Actualização de Segurança para o Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Actualização de Segurança para o Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Actualização de Segurança para Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Actualização para Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Actualização para Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Actualização para Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Actualização para Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Actualização para Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Actualização para Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Actualização para Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Actualização para Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Actualização para Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Actualização para Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-040C-1E257A25E34D}
Adobe Reader 6.0.1 - Português-->MsiExec.exe /I{AC76BA86-7AD7-1046-7B44-A00000000001}
Adobe SVG Viewer 3.0-->C:\Programas\Ficheiros comuns\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Programas\Ficheiros comuns\Adobe\SVG Viewer 3.0\Uninstall\Install.log
ATI - Utilitário de desinstalação de software-->C:\Programas\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel-->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATK0100 ACPI UTILITY-->C:\WINDOWS\ATK0100\XPunin.exe
AutoCAD 2006 - English-->MsiExec.exe /I{5783F2D7-4001-0409-0002-0060B0CE6BBA}
AVG Free 8.5-->C:\Programas\AVG\AVG8\setup.exe /UNINSTALL
AviSynth 2.5-->"C:\Programas\AviSynth 2.5\Uninstall.exe"
Google Earth-->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google SketchUp 6 Exporters-->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{EB459C2F-41CA-4222-B9CA-F8EBA40B8DAB}\setup.exe" -l0x9 -removeonly
Google SketchUp LayOut 6-->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{C12D609B-EB71-411B-82C3-9BE6D40435D7}\setup.exe" -l0x9 -removeonly
Google SketchUp Pro 6-->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{12E75B98-8463-4C1F-8DDA-F6CF31566A55}\setup.exe" -l0x9 -removeonly
Google Talk (remove only)-->"C:\Programas\Google\Google Talk\uninstall.exe"
HijackThis 2.0.2-->"C:\Documents and Settings\vitor\Ambiente de trabalho\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix para Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix para Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix para Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix para Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix para Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
HP Photosmart, Officejet and Deskjet 7.0.A-->C:\Programas\HP\Digital Imaging\{3A316611-45D1-429C-AA26-B71259C44689}\setup\hpzscr01.exe -datfile hposcr11.dat
Intel(R) PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
Internet Explorer 7 Beta 2 Preview-->"C:\WINDOWS\$NtUninstallie7bet2p$\spuninst\spuninst.exe"
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
K-Lite Mega Codec Pack 1.33-->"C:\Programas\K-Lite Codec Pack\unins000.exe"
Malwarebytes' Anti-Malware-->"C:\Programas\Malwarebytes' Anti-Malware\unins000.exe"
mDriver-->MsiExec.exe /I{28DA872A-0848-48CF-B749-19A198157A2A}
Microsoft .NET Framework 1.1 Brazilian Portuguese Language Pack-->MsiExec.exe /X{0CBADDF4-2CF6-4CDB-B4F5-29B8FCA7FE07}
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF0409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.6)-->C:\Programas\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Notepad++-->C:\Programas\Notepad++\uninstall.exe
OpenOffice.org 3.1-->MsiExec.exe /I{E6B87DC4-2B3D-4483-ADFF-E483BF718991}
PokerStars-->"C:\Programas\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
QuickTime-->C:\PROGRA~1\FICHEI~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{929408E6-D265-4174-805F-81D1D914E2A4} /l1033
RTLSetup for Realtek RTL8139/810x Family NIC 3.00-->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}\Setup.exe" -l0x9 REMOVE
Samsung Network Manager-->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{6FD8E993-037B-4A1A-9357-80AB79DD60C5}\Setup.exe" -l0x816
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Synaptics TouchPad-->rundll32.exe "C:\Programas\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Programas\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Programas\WinRAR\uninstall.exe

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: AVG Anti-Virus Free

======System event log======

Computer Name: METEOR
Event Code: 4201
Message: O sistema detectou que a placa de rede \DEVICE\TCPIP_{6C720309-78CF-4EB2-B921-5A0B34D4FA8A} está ligada à rede,
e iniciou o funcionamento normal com a placa de rede.

Record Number: 159902
Source Name: Tcpip
Time Written: 20100226184416.000000+000
Event Type: Informações
User:

Computer Name: METEOR
Event Code: 4201
Message: O sistema detectou que a placa de rede \DEVICE\TCPIP_{6C720309-78CF-4EB2-B921-5A0B34D4FA8A} está ligada à rede,
e iniciou o funcionamento normal com a placa de rede.

Record Number: 159901
Source Name: Tcpip
Time Written: 20100226184216.000000+000
Event Type: Informações
User:

Computer Name: METEOR
Event Code: 4201
Message: O sistema detectou que a placa de rede \DEVICE\TCPIP_{6C720309-78CF-4EB2-B921-5A0B34D4FA8A} está ligada à rede,
e iniciou o funcionamento normal com a placa de rede.

Record Number: 159900
Source Name: Tcpip
Time Written: 20100226184021.000000+000
Event Type: Informações
User:

Computer Name: METEOR
Event Code: 4201
Message: O sistema detectou que a placa de rede \DEVICE\TCPIP_{6C720309-78CF-4EB2-B921-5A0B34D4FA8A} está ligada à rede,
e iniciou o funcionamento normal com a placa de rede.

Record Number: 159899
Source Name: Tcpip
Time Written: 20100226184016.000000+000
Event Type: Informações
User:

Computer Name: METEOR
Event Code: 4201
Message: O sistema detectou que a placa de rede \DEVICE\TCPIP_{6C720309-78CF-4EB2-B921-5A0B34D4FA8A} está ligada à rede,
e iniciou o funcionamento normal com a placa de rede.

Record Number: 159898
Source Name: Tcpip
Time Written: 20100226183815.000000+000
Event Type: Informações
User:

=====Application event log=====

Computer Name: METEOR
Event Code: 1904
Message:
Record Number: 1632
Source Name: HHCTRL
Time Written: 20071028191637.000000+000
Event Type: Informações
User:

Computer Name: METEOR
Event Code: 1904
Message:
Record Number: 1631
Source Name: HHCTRL
Time Written: 20071028191637.000000+000
Event Type: Informações
User:

Computer Name: METEOR
Event Code: 1904
Message:
Record Number: 1630
Source Name: HHCTRL
Time Written: 20071028191637.000000+000
Event Type: Informações
User:

Computer Name: METEOR
Event Code: 1904
Message:
Record Number: 1629
Source Name: HHCTRL
Time Written: 20071028191637.000000+000
Event Type: Informações
User:

Computer Name: METEOR
Event Code: 1904
Message:
Record Number: 1628
Source Name: HHCTRL
Time Written: 20071028191637.000000+000
Event Type: Informações
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programas\ATI Technologies\ATI Control Panel;C:\Programas\Ficheiros comuns\Autodesk Shared\;C:\Programas\K-Lite Codec Pack\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0d06
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=C:\Programas\Java\j2re1.4.2_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Programas\Java\j2re1.4.2_03\lib\ext\QTJava.zip

-----------------EOF-----------------
Sandra Portugal
 
Messages: 49
Inscription: 21 Oct 2008 10:46

Re: Trojan Horse Crypt.PPX - Besoin d'aide SVP

Messagepar Sandra Portugal » 05 Mar 2010 15:26

Pendant que la barre de chargement RSIT était en cours, un message s'est affiché pour me demander d'éxecuter un programme vitor.exe de "TrendMicro", j'ai trouvé ça suspect, vitor c'est le nom de l'administrateur sur cet ordi.... j'ai dit non.
Sandra Portugal
 
Messages: 49
Inscription: 21 Oct 2008 10:46

Re: Trojan Horse Crypt.PPX - Besoin d'aide SVP

Messagepar Falkra » 05 Mar 2010 15:27

Pendant que la barre de chargement RSIT était en cours, un message s'est affiché pour me demander d'éxecuter un programme vitor.exe de "TrendMicro", j'ai trouvé ça suspect, vitor c'est le nom de l'administrateur sur cet ordi.... j'ai dit non.
C'est HijackThis renommé, pas de problème.

On va nettoyer quelques fichiers et la restauration, puis créer un nouveau point de restauration aussi.

Télécharge OTMoveIt (OTM) par OldTimer.
  • Enregistre ce fichier sur le Bureau.
  • Fais un double clic sur OTM.exe pour lancer l'exécution de l'outil. (Note: Si tu utilises Vista, fais un clic droit sur le fichier puis choisir Exécuter en tant qu'administrateur).
  • Copie les lignes de la zone "Code" ci-dessous dans le Presse-papiers en les sélectionnant toutes puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier):
    Code: Tout sélectionner
    :processes
    :files
    C:\WINDOWS\tasks\At1.job
    C:\WINDOWS\tasks\At10.job
    C:\WINDOWS\tasks\At11.job
    C:\WINDOWS\tasks\At12.job
    C:\WINDOWS\tasks\At13.job
    C:\WINDOWS\tasks\At14.job
    C:\WINDOWS\tasks\At15.job
    C:\WINDOWS\tasks\At16.job
    C:\WINDOWS\tasks\At17.job
    C:\WINDOWS\tasks\At18.job
    C:\WINDOWS\tasks\At19.job
    C:\WINDOWS\tasks\At2.job
    C:\WINDOWS\tasks\At20.job
    C:\WINDOWS\tasks\At21.job
    C:\WINDOWS\tasks\At22.job
    C:\WINDOWS\tasks\At23.job
    C:\WINDOWS\tasks\At24.job
    C:\WINDOWS\tasks\At3.job
    C:\WINDOWS\tasks\At4.job
    C:\WINDOWS\tasks\At5.job
    C:\WINDOWS\tasks\At6.job
    C:\WINDOWS\tasks\At7.job
    C:\WINDOWS\tasks\At8.job
    C:\WINDOWS\tasks\At9.job 

    :commands
    [ClearAllRestorePoints]
    [emptytemp]
    [CreateRestorePoint]
  • Retourne dans la fenêtre de OTM, fais un clic droit dans la zone de gauche intitulée "Paste List Of Files/Folders to Move" (sous la barre jaune) puis choisir Coller.
  • Clique sur le bouton rouge Moveit!.
  • Ferme OTMoveIt3
  • Poste dans ta prochaine réponse le rapport de OTMoveIt3 (contenu du fichier C:\_OTM\MovedFiles\********_******.log - les *** sont des chiffres représentant la date [moisjourannée] et l'heure)
Note: Si un fichier ou un dossier ne peut pas être déplacé immédiatement, un redémarrage sera peut-être nécessaire pour permettre de terminer le processus de déplacement. Si le redémarrage de la machine vous est demandé, choisir Oui/Yes.
Avatar de l’utilisateur
Falkra
Admin libellules.ch
Admin libellules.ch
 
Messages: 25882
Inscription: 30 Jan 2005 13:44
Localisation: 127.0.0.1

Re: Trojan Horse Crypt.PPX - Besoin d'aide SVP

Messagepar Sandra Portugal » 05 Mar 2010 15:39

Je suis sur un autre ordinateur maintenant parce que quand j'ai appuyé sur Move It! tout a disparu ne restant plus que l'image de fond mon bureau mais seulement l'écran de fond, pas d'objets.
Sandra Portugal
 
Messages: 49
Inscription: 21 Oct 2008 10:46

Re: Trojan Horse Crypt.PPX - Besoin d'aide SVP

Messagepar Falkra » 05 Mar 2010 15:42

Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide.
Avatar de l’utilisateur
Falkra
Admin libellules.ch
Admin libellules.ch
 
Messages: 25882
Inscription: 30 Jan 2005 13:44
Localisation: 127.0.0.1

Re: Trojan Horse Crypt.PPX - Besoin d'aide SVP

Messagepar Sandra Portugal » 05 Mar 2010 16:06

Merci, le bureau est revenu et j'ai pu alors fermer OTMoveIt3. Un redémarrage s'est opéré tout seul juste après.

Voici le fichier texte dans le fichier OTM:

All processes killed
========== PROCESSES ==========
========== FILES ==========
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At10.job moved successfully.
C:\WINDOWS\tasks\At11.job moved successfully.
C:\WINDOWS\tasks\At12.job moved successfully.
C:\WINDOWS\tasks\At13.job moved successfully.
C:\WINDOWS\tasks\At14.job moved successfully.
C:\WINDOWS\tasks\At15.job moved successfully.
C:\WINDOWS\tasks\At16.job moved successfully.
C:\WINDOWS\tasks\At17.job moved successfully.
C:\WINDOWS\tasks\At18.job moved successfully.
C:\WINDOWS\tasks\At19.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At20.job moved successfully.
C:\WINDOWS\tasks\At21.job moved successfully.
C:\WINDOWS\tasks\At22.job moved successfully.
C:\WINDOWS\tasks\At23.job moved successfully.
C:\WINDOWS\tasks\At24.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
C:\WINDOWS\tasks\At5.job moved successfully.
C:\WINDOWS\tasks\At6.job moved successfully.
C:\WINDOWS\tasks\At7.job moved successfully.
C:\WINDOWS\tasks\At8.job moved successfully.
C:\WINDOWS\tasks\At9.job moved successfully.
========== COMMANDS ==========

Restore points cleared and new OTM Restore Point set!

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 6530897 bytes

User: vitor
->Temp folder emptied: 138585503 bytes
->Temporary Internet Files folder emptied: 22009014 bytes
->Java cache emptied: 80290774 bytes
->FireFox cache emptied: 106170890 bytes
->Flash cache emptied: 381862 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2134153 bytes
%systemroot%\System32 .tmp files removed: 3052 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 505 bytes
RecycleBin emptied: 109560104 bytes

Total Files Cleaned = 444,00 mb

Restore point Set: OTM Restore Point (64424509440)

OTM by OldTimer - Version 3.1.10.0 log created on 03052010_143213
Sandra Portugal
 
Messages: 49
Inscription: 21 Oct 2008 10:46

Re: Trojan Horse Crypt.PPX - Besoin d'aide SVP

Messagepar Falkra » 05 Mar 2010 16:16

Très bien, ça aura purgé tout ça.

Poste un nouveau rapport RSIT stp (autorise vitor s'il demande), il ne fera qu'un rapport cette fois, c'est normal.
Avatar de l’utilisateur
Falkra
Admin libellules.ch
Admin libellules.ch
 
Messages: 25882
Inscription: 30 Jan 2005 13:44
Localisation: 127.0.0.1

Re: Trojan Horse Crypt.PPX - Besoin d'aide SVP

Messagepar Sandra Portugal » 05 Mar 2010 16:28

Désolée pour l'attente, mais l'ordinateur est très long à réagir.

VOilá le rapport:

Logfile of random's system information tool 1.06 (written by random/random)
Run by vitor at 2010-03-05 15:26:21
Microsoft Windows XP Professional Service Pack 3
System drive C: has 1 GB (14%) free of 10 GB
Total RAM: 511 MB (18% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:26:55, on 05-03-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5296.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Programas\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Programas\AVG\AVG8\avgcsrvx.exe
C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programas\Synaptics\SynTP\SynTPLpr.exe
C:\Programas\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programas\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Programas\Mozilla Firefox\firefox.exe
C:\Programas\Java\jre6\bin\jucheck.exe
C:\WINDOWS\system32\sol.exe
D:\oldVitor\Os meus documentos\Downloads\RSIT.exe
C:\Documents and Settings\vitor\Ambiente de trabalho\vitor.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sapo.pt/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programas\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programas\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programas\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programas\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programas\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programas\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [googletalk] "C:\Programas\Google\Google Talk\googletalk.exe" /autostart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: WinMySQLadmin.lnk = D:\xamp\xampp\mysql\bin\winmysqladmin.exe
O4 - User Startup: WinMySQLadmin.lnk = D:\xamp\xampp\mysql\bin\winmysqladmin.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Programas\Ficheiros comuns\Autodesk Shared\acstart16.exe
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programas\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = sapo.pt,telecom.pt
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = sapo.pt,telecom.pt
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programas\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programas\Ficheiros comuns\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programas\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7107 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Programas\AVG\AVG8\avgssie.dll [2009-12-12 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Programas\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-14 1004800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programas\Java\jre6\bin\jp2ssv.dll [2009-05-11 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Programas\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-14 1004800]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"=C:\WINDOWS\system32\Ati2mdxx.exe [2004-02-25 28672]
"ATIPTA"=C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-02-03 335872]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2003-06-11 87751]
"SynTPLpr"=C:\Programas\Synaptics\SynTP\SynTPLpr.exe [2003-06-17 126976]
"SynTPEnh"=C:\Programas\Synaptics\SynTP\SynTPEnh.exe [2003-06-17 561152]
"Hcontrol"=C:\WINDOWS\ATK0100\Hcontrol.exe [2003-09-08 61440]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"SunJavaUpdateSched"=C:\Programas\Java\jre6\bin\jusched.exe [2009-05-11 148888]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-12-12 2043160]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"googletalk"=C:\Programas\Google\Google Talk\googletalk.exe [2007-01-01 3739648]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Arranque
AutoCAD Startup Accelerator.lnk - C:\Programas\Ficheiros comuns\Autodesk Shared\acstart16.exe

D:\oldVitor\Menu Iniciar\Programas\Arranque
WinMySQLadmin.lnk - D:\xamp\xampp\mysql\bin\winmysqladmin.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-08-31 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll [2006-01-25 6424064]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programas\BitTorrent\bittorrent.exe"="C:\Programas\BitTorrent\bittorrent.exe:*:Enabled:bittorrent"
"C:\Programas\Messenger\msmsgs.exe"="C:\Programas\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Programas\SecondLife\SecondLife.exe"="C:\Programas\SecondLife\SecondLife.exe:*:Enabled:Second Life"
"C:\Programas\Zend\ZendStudioClient-5.0.0Beta\jre\bin\javaw.exe"="C:\Programas\Zend\ZendStudioClient-5.0.0Beta\jre\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\Documents and Settings\vitor\Ambiente de trabalho\OPML\OPML\opml.exe"="C:\Documents and Settings\vitor\Ambiente de trabalho\OPML\OPML\opml.exe:*:Enabled:OPML"
"C:\Programas\beetlejuice_0.4.1\jre\bin\java.exe"="C:\Programas\beetlejuice_0.4.1\jre\bin\java.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\Programas\Red Chair Software\Anapod Explorer\anamgr.exe"="C:\Programas\Red Chair Software\Anapod Explorer\anamgr.exe:*:Enabled:Anapod Xtreamer"
"C:\Programas\WaterProof\PHPEdit\2.0\DbgListener.exe"="C:\Programas\WaterProof\PHPEdit\2.0\DbgListener.exe:*:Enabled:Listener for php debugger DBG"
"C:\Programas\Java\j2re1.4.2_03\bin\javaw.exe"="C:\Programas\Java\j2re1.4.2_03\bin\javaw.exe:*:Enabled:javaw"
"C:\Programas\Mozilla Firefox\firefox.exe"="C:\Programas\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"D:\xamp\xampp\apache\bin\apache.exe"="D:\xamp\xampp\apache\bin\apache.exe:*:Enabled:Apache HTTP Server"
"D:\xamp\xampp\mysql\bin\mysqld-nt.exe"="D:\xamp\xampp\mysql\bin\mysqld-nt.exe:*:Enabled:mysqld-nt"
"D:\xamp\xampp\mysql\bin\mysqld.exe"="D:\xamp\xampp\mysql\bin\mysqld.exe:*:Enabled:mysqld"
"C:\WINDOWS\system32\javaw.exe"="C:\WINDOWS\system32\javaw.exe:*:Enabled:javaw"
"C:\Programas\Google\Google Talk\googletalk.exe"="C:\Programas\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\WINDOWS\system32\ftp.exe"="C:\WINDOWS\system32\ftp.exe:*:Enabled:Programa de transferência de ficheiros"
"C:\Programas\Java\jre1.5.0_06\bin\javaw.exe"="C:\Programas\Java\jre1.5.0_06\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\Programas\Joost\xulrunner\tvprunner.exe"="C:\Programas\Joost\xulrunner\tvprunner.exe:*:Enabled:tvprunner"
"E:\setup\HPZNET01.EXE"="E:\setup\HPZNET01.EXE:*:Enabled:hpznet01.exe"
"E:\setup\HPONICIFS01.EXE"="E:\setup\HPONICIFS01.EXE:*:Enabled:hponicifs01.exe"
"C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Programas\HP\Digital Imaging\bin\hpqste08.exe"="C:\Programas\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Programas\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Programas\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Programas\HP\Digital Imaging\bin\hposfx08.exe"="C:\Programas\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Programas\HP\Digital Imaging\bin\hposid01.exe"="C:\Programas\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Programas\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Programas\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Programas\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Programas\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Programas\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Programas\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Programas\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Programas\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Programas\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Programas\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Programas\HP\Digital Imaging\bin\hpoews01.exe"="C:\Programas\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"D:\eclipse_cd\eclipse\eclipse.exe"="D:\eclipse_cd\eclipse\eclipse.exe:*:Enabled:eclipse"
"E:\eclipse\eclipse.exe"="E:\eclipse\eclipse.exe:*:Enabled:eclipse"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Consola de gestão da Microsoft"
"C:\Programas\AVG\AVG8\avgupd.exe"="C:\Programas\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Programas\AVG\AVG8\avgnsx.exe"="C:\Programas\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Programas\AVG\AVG8\avgemc.exe"="C:\Programas\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Documents and Settings\vitor\Definições locais\Temp\hp_webrelease\setup\HPZnet01.exe"="C:\Documents and Settings\vitor\Definições locais\Temp\hp_webrelease\setup\HPZnet01.exe:*:Enabled:hpznet01.exe"
"C:\Documents and Settings\vitor\Definições locais\Temp\hp_webrelease\setup\hponicifs01.exe"="C:\Documents and Settings\vitor\Definições locais\Temp\hp_webrelease\setup\hponicifs01.exe:*:Enabled:hponicifs01.exe"
"C:\Programas\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Programas\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Programas\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Programas\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Programas\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Programas\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Programas\Windows Live\Messenger\wlcsdk.exe"="C:\Programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Programas\Windows Live\Messenger\msnmsgr.exe"="C:\Programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"G:\eclipse\eclipse.exe"="G:\eclipse\eclipse.exe:*:Enabled:eclipse"
"C:\Documents and Settings\vitor\Ambiente de trabalho\USB\eclipse\eclipse.exe"="C:\Documents and Settings\vitor\Ambiente de trabalho\USB\eclipse\eclipse.exe:*:Enabled:eclipse"
"F:\eclipse\eclipse.exe"="F:\eclipse\eclipse.exe:*:Enabled:eclipse"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programas\Windows Live\Messenger\wlcsdk.exe"="C:\Programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Programas\Windows Live\Messenger\msnmsgr.exe"="C:\Programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fcfb8390-b8a1-11dd-be38-0012f0180d3a}]
shell\AutoRun\command - F:\umenu.exe


======File associations======

.scr - open - "C:\WINDOWS\system32\notepad.exe" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2010-03-05 14:18:39 ----D---- C:\rsit
2010-02-26 19:45:41 ----D---- C:\SDFix
2010-02-26 13:25:16 ----HD---- C:\$AVG8.VAULT$
2010-02-25 08:00:44 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-02-11 03:15:41 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-11 03:15:07 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-11 03:06:10 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-11 03:05:57 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-11 03:05:44 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-11 03:05:27 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-11 03:05:06 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-11 03:04:42 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-11 03:03:30 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$

======List of files/folders modified in the last 1 months======

2010-03-05 14:57:43 ----D---- C:\WINDOWS\Temp
2010-03-05 14:57:26 ----D---- C:\WINDOWS
2010-03-05 14:55:04 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-05 14:51:36 ----D---- C:\WINDOWS\system32
2010-03-05 14:44:18 ----D---- C:\WINDOWS\Prefetch
2010-03-05 14:33:04 ----SHD---- C:\System Volume Information
2010-03-05 14:33:04 ----D---- C:\WINDOWS\system32\Restore
2010-03-05 14:32:52 ----SD---- C:\WINDOWS\Tasks
2010-03-05 11:09:04 ----D---- C:\Programas\PokerStars
2010-02-27 14:53:00 ----D---- C:\Programas\Mozilla Firefox
2010-02-27 00:39:38 ----D---- C:\WINDOWS\ERUNT
2010-02-27 00:19:40 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-27 00:17:39 ----D---- C:\WINDOWS\system32\drivers
2010-02-26 22:24:38 ----D---- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
2010-02-26 22:23:02 ----D---- C:\Programas\Malwarebytes' Anti-Malware
2010-02-26 20:29:56 ----A---- C:\WINDOWS\ntbtlog.txt
2010-02-26 20:29:29 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-02-25 08:01:49 ----HD---- C:\WINDOWS\inf
2010-02-11 03:15:46 ----A---- C:\WINDOWS\imsins.BAK
2010-02-11 03:15:40 ----HD---- C:\WINDOWS\$hf_mig$

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-08-31 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-08-31 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-12 108552]
R1 intelppm;Controlador de processador Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40320]
R2 irda;Protocolo IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2003-06-11 1164576]
R3 Arp1394;Protocolo de cliente ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-02-25 670208]
R3 CmBatt;Controlador Microsoft ACPI Control Method Battery; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ATKACPI.sys [2003-09-08 5786]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NSCIRDA;NSC - controlador de dispositivos infravermelhos; C:\WINDOWS\system32\DRIVERS\nscirda.sys [2008-04-13 28672]
R3 Rasirda;Miniport WAN (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\system32\DRIVERS\R8139n51.SYS [2002-06-13 45568]
R3 STAC97;Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\STAC97.sys [2003-05-17 220048]
R3 StillCam;Controlador de câmara digital série Still; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-11-20 7040]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2003-06-17 264528]
R3 usbehci;Microsoft USB 2.0 - controlador Miniport de anfitrião melhorado; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrador activado por USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Controlador miniport do controlador Microsoft USB universal; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w29n51;Driver de conexão de rede Intel(R) PRO/Wireless 2200BG para Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2004-08-07 3210496]
S1 kbdhid;Controlador HID de teclado; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
S3 ADDMEM;ADDMEM; \??\C:\DOCUME~1\vitor\DEFINI~1\Temp\__Samsung_Update\ADDMEM.SYS []
S3 BthEnum;Serviço enumerador Bluetooth; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BTHMODEM;Controlador de comunicações série Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Controlador de porta Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272640]
S3 BTHUSB;Controlador USB de rádio Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 catchme;catchme; \??\C:\DOCUME~1\vitor\DEFINI~1\Temp\catchme.sys []
S3 DOSMEMIO;MEMIO; \??\E:\Application\SmartScreen\MEMIO.SYS []
S3 HidBth;Miniport HID do Microsoft Bluetooth; C:\WINDOWS\system32\DRIVERS\hidbth.sys [2008-04-14 25728]
S3 mouhid;Controlador HID de rato; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-11-20 12160]
S3 RFCOMM;Dispositivo Bluetooth (TDI protocolo RFCOMM); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Classe de impressoras USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;Controlador de armazenamento de massa USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-02-25 397312]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-08-31 908056]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-08-31 297752]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
S3 Adobe LM Service;Adobe LM Service; C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-06-22 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Programas\Ficheiros comuns\Autodesk Shared\Service\AdskScSrv.exe [2005-10-05 77944]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 HP Port Resolver;HP Port Resolver; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE [2005-05-20 81920]
S3 HP Status Server;HP Status Server; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE [2004-10-16 73728]
S3 IDriverT;InstallDriver Table Manager; C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Irmon;Monitor de infravermelhos; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 JavaQuickStarterService;Java Quick Starter; C:\Programas\Java\jre6\bin\jqs.exe [2009-05-11 152984]
S4 Apache2.2;Apache2.2; D:\eclipse_cd\xampplite\apache\bin\apache.exe [2007-09-21 17408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
Sandra Portugal
 
Messages: 49
Inscription: 21 Oct 2008 10:46

Re: Trojan Horse Crypt.PPX - Besoin d'aide SVP

Messagepar Falkra » 05 Mar 2010 16:36

Désolée pour l'attente, mais l'ordinateur est très long à réagir.
Aucun problème, j'ai tout mon temps, tu fais quand tu veux et quand tu peux. ;)

On répare un petit truc télécharge ce fichier :
http://www.dougknox.com/xp/fileassoc/xp_scr_fix.zip

Décompresse-le tu trouveras un fichier.Reg dedans, double-clique dessus pour l'ajouter au registre, et confirme quand windows demandera.

La machine est lente, oui, tu as 512 Mo de ram et peu de ram libre (AVG en mange beaucoup), et plus beaucoup d'espace disque, Windows est à l'étroit.
Avatar de l’utilisateur
Falkra
Admin libellules.ch
Admin libellules.ch
 
Messages: 25882
Inscription: 30 Jan 2005 13:44
Localisation: 127.0.0.1

Re: Trojan Horse Crypt.PPX - Besoin d'aide SVP

Messagepar Sandra Portugal » 05 Mar 2010 16:52

J'ai suivi tes indication et après?

Ouais c'est vrai qu'il rame cet ordinateur! :-D

Peut-être je devrais désinstaller certains trucs...
Il a environ 6 ans, je suis son deuxième propriétaire. Et bien que je ne l'utilise que pour le loisir et pour surfer sur le net, j'y tiens quand même et en prend soin du mieux que je peux.
Mais certaines tãches et autres imprévus me dépassent!
Sandra Portugal
 
Messages: 49
Inscription: 21 Oct 2008 10:46

Re: Trojan Horse Crypt.PPX - Besoin d'aide SVP

Messagepar Falkra » 05 Mar 2010 16:58

Si tu veux alléger un peu le démarrage, on peut aussi, poste un rapport HijackThis stp.
Image
Avatar de l’utilisateur
Falkra
Admin libellules.ch
Admin libellules.ch
 
Messages: 25882
Inscription: 30 Jan 2005 13:44
Localisation: 127.0.0.1

Re: Trojan Horse Crypt.PPX - Besoin d'aide SVP

Messagepar Sandra Portugal » 05 Mar 2010 17:05

Au démarrage il est assez rapide mais pendant les tâches, il ralentit, surtout quand il y a "multitasking", plusieurs trucs en même temps, c'est normal non? Pour un presque vieux? :lol:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:01:34, on 05-03-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5296.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Programas\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Programas\AVG\AVG8\avgcsrvx.exe
C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programas\Synaptics\SynTP\SynTPLpr.exe
C:\Programas\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programas\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Programas\Mozilla Firefox\firefox.exe
C:\Programas\Java\jre6\bin\jucheck.exe
C:\WINDOWS\system32\sol.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\vitor\Ambiente de trabalho\vitor.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sapo.pt/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programas\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programas\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programas\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programas\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programas\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programas\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [googletalk] "C:\Programas\Google\Google Talk\googletalk.exe" /autostart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: WinMySQLadmin.lnk = D:\xamp\xampp\mysql\bin\winmysqladmin.exe
O4 - User Startup: WinMySQLadmin.lnk = D:\xamp\xampp\mysql\bin\winmysqladmin.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Programas\Ficheiros comuns\Autodesk Shared\acstart16.exe
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programas\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = sapo.pt,telecom.pt
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = sapo.pt,telecom.pt
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programas\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programas\Ficheiros comuns\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programas\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7089 bytes
Sandra Portugal
 
Messages: 49
Inscription: 21 Oct 2008 10:46

Re: Trojan Horse Crypt.PPX - Besoin d'aide SVP

Messagepar Falkra » 05 Mar 2010 17:09

C'est le comportement normal/logique avec peu de ram.

Tu te sers de Xamp ? Dès le démarrage ?
Même question pour l'agent Bluetooth ?
Avatar de l’utilisateur
Falkra
Admin libellules.ch
Admin libellules.ch
 
Messages: 25882
Inscription: 30 Jan 2005 13:44
Localisation: 127.0.0.1

Suivante

Retourner vers Désinfections et demandes d'analyse

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 0 invités