Tech Support Forum - View Single Post

Quanta123 · 05-13-2007, 08:06 AM

Hi. Heres the log:

"Jorge Martins" - 2007-05-13 14:53:51 Service Pack 2
ComboFix 07-05.11.V - Running from: "C:\Documents and Settings\Jorge Martins\Ambiente de trabalho\"

((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-13 ))))))))))))))))))))))))))))))))))

2007-05-12 20:26 <DIR> d-------- C:\DOCUME~1\JORGEM~1\DoctorWeb
2007-05-09 19:59 <DIR> d-------- C:\Programas\SopCast
2007-05-09 19:59 <DIR> d-------- C:\DOCUME~1\JORGEM~1\APPLIC~1\SopCast
2007-05-07 21:04 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-05-06 20:20 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-05-06 20:20 <DIR> d-------- C:\Programas\Your Uninstaller 2006
2007-05-06 20:20 <DIR> d-------- C:\DOCUME~1\JORGEM~1\APPLIC~1\URSoft

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-12 19:54:40 -------- d-----w C:\DOCUME~1\JORGEM~1\APPLIC~1\about amok
2007-05-06 19:13:35 -------- d--h--w C:\Programas\InstallShield Installation Information
2007-05-06 19:11:55 -------- d-----w C:\Programas\GameSpy Arcade
2007-05-06 19:11:08 -------- d-----w C:\Programas\Finale 2003
2007-05-06 18:46:04 -------- d-----w C:\Programas\eMule
2007-04-25 18:48:41 -------- d-----w C:\Programas\TVU Player
2007-04-25 18:11:45 -------- d-----w C:\Programas\PartyGaming.Net
2007-03-25 17:22:30 64,140 ----a-w C:\WINDOWS\system32\perfc016.dat
2007-03-25 17:22:30 428,328 ----a-w C:\WINDOWS\system32\perfh016.dat
2007-03-17 13:43:47 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:37:34 578,560 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:37:34 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:37:34 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 15:33:32 1,843,712 ----a-w C:\WINDOWS\system32\win32k.sys
2007-02-05 20:18:52 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Programas\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
{53707962-6F74-2D53-2644-206D7942484F}=C:\DOCUME~1\JORGEM~1\AMBIEN~1\ANTI-C~1\SPYBOT~1\SDHelper.dll
{8ABC10F3-9DFD-6742-EB72-D9D7C8DD4570}=C:\WINDOWS\gacud1.dll [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ESB"="C:\\WINDOWS\\System32\\ESB.exe"
"4mtcsb"="C:\\WINDOWS\\System32\\4mtcsb.EXE"
"PRONoMgr.exe"="C:\\Programas\\Intel\\NCS\\PROSet\\PRONoMgr.exe"
"IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"AudioHQ"="C:\\Programas\\Creative\\SBLive\\AudioHQ\\AHQTB.EXE"
"Creative Launcher"="C:\\Programas\\Creative\\Launcher\\CTLauncher.exe"
"NeroCheck"="C:\\WINDOWS\\System32\\\\NeroCheck.exe"
"InCD"="C:\\Programas\\Ahead\\InCD\\InCD.exe"
"SunJavaUpdateSched"="C:\\Programas\\Java\\jre1.5.0\\bin\\jusched.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"QuickTime Task"="\"C:\\Programas\\QuickTime\\qttask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ESB"="C:\WINDOWS\System32\ESB.exe" [2002-12-02 02:32]
"4mtcsb"="C:\WINDOWS\System32\4mtcsb.EXE" [2002-11-29 12:45]
"PRONoMgr.exe"="C:\Programas\Intel\NCS\PROSet\PRONoMgr.exe" [2003-05-28 18:21]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-03-11 03:24]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-03-11 03:11]
"AudioHQ"="C:\Programas\Creative\SBLive\AudioHQ\AHQTB.EXE" [1999-04-12 02:00]
"Creative Launcher"="C:\Programas\Creative\Launcher\CTLauncher.exe" []
"NeroCheck"="C:\WINDOWS\System32\\NeroCheck.exe" [2001-07-09 11:50]
"InCD"="C:\Programas\Ahead\InCD\InCD.exe" [2003-06-03 10:54]
"SunJavaUpdateSched"="C:\Programas\Java\jre1.5.0\bin\jusched.exe" [2004-09-03 06:50]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-04-23 15:04]
"QuickTime Task"="C:\Programas\QuickTime\qttask.exe" [2005-09-05 04:30]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56]
"MSMSGS"="C:\Programas\Messenger\msmsgs.exe" [2004-10-13 17:24]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Programas\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="C:\Programas\ewido\security suite\shellhook.dll"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Documents and Settings\Jorge Martins\Ambiente de trabalho\Anti-coisas\AVG Anti-Spyware 7.5\shellexecutehook.dll"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\0\0
Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages scecli\0\0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService DnsCache\0\0
rpcss RpcSs\0\0
imgsvc StiSvc\0\0
termsvcs TermService\0\0
HTTPFilter HTTPFilter\0\0
DcomLaunch DcomLaunch\0TermService\0\0

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Symantec NetDetect.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-13 14:56:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 2007-05-13 14:56:50
C:\ComboFix-quarantined-files.txt ... 2007-05-13 14:56
C:\ComboFix2.txt ... 2007-05-10 20:49
C:\ComboFix3.txt ... 2007-05-08 01:41

05-13-2007, 08:06 AM	#25 (permalink)
Quanta123 Registered User Join Date: May 2007 Posts: 31 OS: XP	Re: i cant get rid of StrongestOptimizer Hi. Heres the log: "Jorge Martins" - 2007-05-13 14:53:51 Service Pack 2 ComboFix 07-05.11.V - Running from: "C:\Documents and Settings\Jorge Martins\Ambiente de trabalho\" ((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-13 )))))))))))))))))))))))))))))))))) 2007-05-12 20:26 <DIR> d-------- C:\DOCUME~1\JORGEM~1\DoctorWeb 2007-05-09 19:59 <DIR> d-------- C:\Programas\SopCast 2007-05-09 19:59 <DIR> d-------- C:\DOCUME~1\JORGEM~1\APPLIC~1\SopCast 2007-05-07 21:04 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-05-06 20:20 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP 2007-05-06 20:20 <DIR> d-------- C:\Programas\Your Uninstaller 2006 2007-05-06 20:20 <DIR> d-------- C:\DOCUME~1\JORGEM~1\APPLIC~1\URSoft (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-12 19:54:40 -------- d-----w C:\DOCUME~1\JORGEM~1\APPLIC~1\about amok 2007-05-06 19:13:35 -------- d--h--w C:\Programas\InstallShield Installation Information 2007-05-06 19:11:55 -------- d-----w C:\Programas\GameSpy Arcade 2007-05-06 19:11:08 -------- d-----w C:\Programas\Finale 2003 2007-05-06 18:46:04 -------- d-----w C:\Programas\eMule 2007-04-25 18:48:41 -------- d-----w C:\Programas\TVU Player 2007-04-25 18:11:45 -------- d-----w C:\Programas\PartyGaming.Net 2007-03-25 17:22:30 64,140 ----a-w C:\WINDOWS\system32\perfc016.dat 2007-03-25 17:22:30 428,328 ----a-w C:\WINDOWS\system32\perfh016.dat 2007-03-17 13:43:47 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll 2007-03-08 15:37:34 578,560 ----a-w C:\WINDOWS\system32\user32.dll 2007-03-08 15:37:34 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll 2007-03-08 15:37:34 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll 2007-03-08 15:33:32 1,843,712 ----a-w C:\WINDOWS\system32\win32k.sys 2007-02-05 20:18:52 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Programas\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx {53707962-6F74-2D53-2644-206D7942484F}=C:\DOCUME~1\JORGEM~1\AMBIEN~1\ANTI-C~1\SPYBOT~1\SDHelper.dll {8ABC10F3-9DFD-6742-EB72-D9D7C8DD4570}=C:\WINDOWS\gacud1.dll [x] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "ESB"="C:\\WINDOWS\\System32\\ESB.exe" "4mtcsb"="C:\\WINDOWS\\System32\\4mtcsb.EXE" "PRONoMgr.exe"="C:\\Programas\\Intel\\NCS\\PROSet\\PRONoMgr.exe" "IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe" "HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe" "AudioHQ"="C:\\Programas\\Creative\\SBLive\\AudioHQ\\AHQTB.EXE" "Creative Launcher"="C:\\Programas\\Creative\\Launcher\\CTLauncher.exe" "NeroCheck"="C:\\WINDOWS\\System32\\\\NeroCheck.exe" "InCD"="C:\\Programas\\Ahead\\InCD\\InCD.exe" "SunJavaUpdateSched"="C:\\Programas\\Java\\jre1.5.0\\bin\\jusched.exe" "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP" "QuickTime Task"="\"C:\\Programas\\QuickTime\\qttask.exe\" -atboottime" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ESB"="C:\WINDOWS\System32\ESB.exe" [2002-12-02 02:32] "4mtcsb"="C:\WINDOWS\System32\4mtcsb.EXE" [2002-11-29 12:45] "PRONoMgr.exe"="C:\Programas\Intel\NCS\PROSet\PRONoMgr.exe" [2003-05-28 18:21] "IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-03-11 03:24] "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-03-11 03:11] "AudioHQ"="C:\Programas\Creative\SBLive\AudioHQ\AHQTB.EXE" [1999-04-12 02:00] "Creative Launcher"="C:\Programas\Creative\Launcher\CTLauncher.exe" [] "NeroCheck"="C:\WINDOWS\System32\\NeroCheck.exe" [2001-07-09 11:50] "InCD"="C:\Programas\Ahead\InCD\InCD.exe" [2003-06-03 10:54] "SunJavaUpdateSched"="C:\Programas\Java\jre1.5.0\bin\jusched.exe" [2004-09-03 06:50] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-04-23 15:04] "QuickTime Task"="C:\Programas\QuickTime\qttask.exe" [2005-09-05 04:30] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56] "MSMSGS"="C:\Programas\Messenger\msmsgs.exe" [2004-10-13 17:24] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "MSMSGS"="\"C:\\Programas\\Messenger\\msmsgs.exe\" /background" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="C:\Programas\ewido\security suite\shellhook.dll" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Documents and Settings\Jorge Martins\Ambiente de trabalho\Anti-coisas\AVG Anti-Spyware 7.5\shellexecutehook.dll" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages msv1_0\0\0 Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages scecli\0\0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService DnsCache\0\0 rpcss RpcSs\0\0 imgsvc StiSvc\0\0 termsvcs TermService\0\0 HTTPFilter HTTPFilter\0\0 DcomLaunch DcomLaunch\0TermService\0\0 HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\Symantec NetDetect.job ****************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-13 14:56:45 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ****************************************************************** Completion time: 2007-05-13 14:56:50 C:\ComboFix-quarantined-files.txt ... 2007-05-13 14:56 C:\ComboFix2.txt ... 2007-05-10 20:49 C:\ComboFix3.txt ... 2007-05-08 01:41